>Number:         33162
>Category:       port-xen
>Synopsis:       FAST_IPSEC crashes Xen domU kernel
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-xen-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 28 21:55:00 +0000 2006
>Originator:     Jeff Rizzo
>Release:        NetBSD 3.99.17
>Organization:
	
>Environment:
	
	
System: NetBSD xen5.york.redcrowgroup.com 3.99.17 NetBSD 3.99.17 (XENU.FAST_IPSEC) #1: Tue Mar 28 11:30:42 PST 2006  riz@fubar.york.redcrowgroup.com:/lfs/buildobj/usr/src/sys/arch/i386/compile/XENU.FAST_IPSEC i386
Architecture: i386 (xen)
Machine: i386
>Description:
	When trying to initiate ipsec traffic on a Xen host with
	options FAST_IPSEC in the kernel, it panics as follows:

xen5# ping fubar 
PING fubar.york.redcrowgroup.com (192.168.3.8): 56 data bytes
panic: m_copyback0: read-only
Stopped in pid 3.1 (cryptoret) at       netbsd:cpu_Debugger+0x4:        popl    %ebp
db> bt
cpu_Debugger(c041ed20,ca803e48,ca803e7c,c0317c26,c0488200) at netbsd:cpu_Debugger+0x4
panic(c041bc1d,ca804334,c07c0e00,b6cef66c,99) at netbsd:panic+0x12c
m_copyback0(ca803ec4,9,1,ca803f26,9) at netbsd:m_copyback0+0x913
m_copyback(c07c0e00,9,1,ca803f26,1e5) at netbsd:m_copyback+0x42
esp_input_cb(0,24,c040d32f,0,0) at netbsd:esp_input_cb+0x45f
cryptoret(c9fcbdec,52d000,c0537000,0,c010017c) at netbsd:cryptoret+0x12e
db>

>How-To-Repeat:
	configure SPD entries between Xen host and another, and try to
ping the other host.  (which works when the Xen host is using KAME ipsec)

my ipsec.conf contains this:

add 192.168.3.17 192.168.3.8 esp 8771 -E rijndael-cbc 0x09ab8987bc76dc8966548907bc2498761234654367890cad8576234d35461089;
add 192.168.3.8 192.168.3.17 esp 8772 -E rijndael-cbc 0x2134cafe987234fcefdefacb9b8b7b6b5b23874692dfdf342342aea324423556;

spdadd 192.168.3.17 192.168.3.8 any -P out ipsec esp/transport//use;

>Fix:
	none provided.

>Unformatted: