Re: help for ixp4xx crypto panic

Re: help for ixp4xx crypto panic

[Karl Hiramoto]

timenhhf wrote:
> hi,
> i read your mail list on net about ixp4xx_crypto panic.
> i'm using linux kernel 2.6.28.9, but i can't make the IXP425 NPEs work
> all right.
> the steps i've done as followed:
> (1) download "ixp4xx-microcode_2.4.orig.tar.gz" through the URL:
> http://packages.debian.org/zh-cn/source/sid/ixp4xx-microcode
I don't think that includes the crypto microcode. You have to get that
from intel.

> (2)tar -zxvf ixp4xx-microcode_2.4.orig.tar.gz
> (3)cp ./IxNpeMicrocode.h ixp4xx-microcode/npeDl
You have to modify the .h to select the crypto when you have correct code

> (4)gcc -Wall IxNpeMicrocode.c -o IxNpeMicrocode
> (5)./IxNpeMicrocode, can get NPE-B and NPE-C
> (6)cp NPEs to /lib/firmware : cp -a NPE-* /lib/firmware/
> echo "/sbin/mdev" > /proc/sys/kernel/hotplug
> /sbin/mdev -s
> (7)set the NPE MAC address: ifconfig eth0 hw ether 00:03:05:06:07:08
> (8)ifconfig eth0 192.168.1.1 netmask 255.255.255.0
> after so many steps have done, i can't ping out any packet through
> IXP425 mainboard.
> could you give me some advice? thanks in advance.
> best regards,

It would probally be best if we made ixp4xx_crytpo BUG() or WARN_ON() if
it does not have a crypto compatable microcode.

--
Karl

[PATCH] ixp4xx_crypto: check firmware for crypto support

[Christian Hohnstaedt]

 - the loaded firmware may not support crypto at all or
   only support DES and 3DES but not AES or
   support DES, 3DES and AES.

 - in case of no crypto support of the firmware, the module load will fail.
 - in case of missing AES support, the AES algorithms are not registered
   and a warning is printed during module load.

Signed-off-by: Christian Hohnstaedt <chohnstaedt@innominate.com>
---
 drivers/crypto/ixp4xx_crypto.c |   33 ++++++++++++++++++++++++++++++++-
 1 files changed, 32 insertions(+), 1 deletions(-)

diff --git a/drivers/crypto/ixp4xx_crypto.c b/drivers/crypto/ixp4xx_crypto.c
index fdcd0ab..f72f414 100644
--- a/drivers/crypto/ixp4xx_crypto.c
+++ b/drivers/crypto/ixp4xx_crypto.c
@@ -415,6 +415,7 @@ static void crypto_done_action(unsigned long arg)
 static int init_ixp_crypto(void)
 {
 	int ret = -ENODEV;
+	u32 msg[2] = { 0, 0 };
 
 	if (! ( ~(*IXP4XX_EXP_CFG2) & (IXP4XX_FEATURE_HASH |
 				IXP4XX_FEATURE_AES | IXP4XX_FEATURE_DES))) {
@@ -426,9 +427,35 @@ static int init_ixp_crypto(void)
 		return ret;
 
 	if (!npe_running(npe_c)) {
-		npe_load_firmware(npe_c, npe_name(npe_c), dev);
+		ret = npe_load_firmware(npe_c, npe_name(npe_c), dev);
+		if (ret) {
+			return ret;
+		}
+		if (npe_recv_message(npe_c, msg, "STATUS_MSG"))
+			goto npe_error;
+	} else {
+		if (npe_send_message(npe_c, msg, "STATUS_MSG"))
+			goto npe_error;
+
+		if (npe_recv_message(npe_c, msg, "STATUS_MSG"))
+			goto npe_error;
 	}
 
+	switch ((msg[1]>>16) & 0xff) {
+	case 3:
+		printk(KERN_WARNING "Firmware of %s lacks AES support\n",
+				npe_name(npe_c));
+		support_aes = 0;
+		break;
+	case 4:
+	case 5:
+		support_aes = 1;
+		break;
+	default:
+		printk(KERN_ERR "Firmware of %s lacks crypto support\n",
+			npe_name(npe_c));
+		return -ENODEV;
+	}
 	/* buffer_pool will also be used to sometimes store the hmac,
 	 * so assure it is large enough
 	 */
@@ -457,6 +484,10 @@ static int init_ixp_crypto(void)
 
 	qmgr_enable_irq(RECV_QID);
 	return 0;
+
+npe_error:
+	printk(KERN_ERR "%s not responding\n", npe_name(npe_c));
+	ret = -EIO;
 err:
 	if (ctx_pool)
 		dma_pool_destroy(ctx_pool);
-- 
1.6.0.3

Re: help for ixp4xx crypto panic

[Karl Hiramoto]

timenhhf wrote:
> hi,
> thanks for your reply.
> the attached file is the microcode file included in CSR2.4 crypto
> package that i got from INTEL's FAE.
> And the crypto function supported or not isn't really what i'm concern
> now, because after I startup the NPE module, the network can't work well.
> the detail steps as followed:
> (1)gcc -Wall IxNpeMicrocode.c -o IxNpeMicrocode
Which image are you specificing in the .h?
I currently use
IX_NPEDL_NPEIMAGE_NPEC_CRYPTO_AES_ETH_LEARN_FILTER_FIREWALL and
IX_NPEDL_NPEIMAGE_NPEB_ETH_SPAN_FIREWALL_VLAN_QOS_HDR_CONV

> (2)./IxNpeMicrocode (get NPE-B & NPE-C)
> (3)cp NPEs to /lib/firmware : cp -a NPE-* /lib/firmware/
> (4)Make ixp425's ramdisk.gz package
> (5)after system startup, do:
> echo "/sbin/mdev" > /proc/sys/kernel/hotplug
> /sbin/mdev -s

You should see the busybox doc. I do:

mount -t proc proc /proc
mount -t tmpfs -o size=64K mdev /dev
mkdir /dev/pts
mount -t devpts devpts /dev/pts
mount -t sysfs sysfs /sys
echo /sbin/mdev > /proc/sys/kernel/hotplug
mdev -s



> (6)insmod the NPE modules:
> modprobe ixp4xx_eth
> IXP4xx Queue Manager initialized.
> eth0: MII PHY 0 on NPE-B
> eth1: MII PHY 1 on NPE-C

if you modprobe ixp4xx_crypto does it come up?

> (7)lsmod to check:
> Module Size Used by Not tainted
> ixp4xx_eth 12824 0
> ixp4xx_npe 7200 3 ixp4xx_eth
> ixp4xx_qmgr 4824 1 ixp4xx_eth
> (8)set the NPE MAC address:
> ifconfig eth0 hw ether 00:03:05:06:07:08
> (9)ifconfig eth0 192.168.1.1 netmask 255.255.255.0

perhaps "ip link set eth0 up"

> (10) ping the NPE own interface:
> # ping -c 1 192.168.1.11
> PING 192.168.1.11 (192.168.1.11): 56 data bytes
> 64 bytes from 192.168.1.11: seq=0 ttl=64 time=0.539 ms
> (11)ping -c 1 192.168.1.98 (192.168.1.98 is the PC's ip address)
> PING 192.168.1.98 (192.168.1.98): 56 data bytes
> --- 192.168.1.98 ping statistics ---
> 1 packets transmitted, 0 packets received, 100% packet loss
> (12)check the interface status
> # ifconfig
> eth0 Link encap:Ethernet HWaddr 00:01:03:08:01:02
> inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:0 (0.0 B) TX bytes:126 (126.0 B)
> Comments? thank you very much.

What does "ip link" and "ip addr" show?

perhaps send the entire "dmesg" it should contain info if the NPE is
starting up correctly.

-- 

--
Karl Hiramoto  http://karl.hiramoto.org/

Re: [PATCH] ixp4xx_crypto: check firmware for crypto support

[Herbert Xu]

On Thu, Apr 09, 2009 at 01:46:34PM +0000, Christian Hohnstaedt wrote:
>  - the loaded firmware may not support crypto at all or
>    only support DES and 3DES but not AES or
>    support DES, 3DES and AES.
> 
>  - in case of no crypto support of the firmware, the module load will fail.
>  - in case of missing AES support, the AES algorithms are not registered
>    and a warning is printed during module load.
> 
> Signed-off-by: Christian Hohnstaedt <chohnstaedt@innominate.com>

Applied to crypto-2.6 and I'll queue this up for stable as well.
Thanks!
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt