Date: Thu, 5 Jul 2007 12:55:15 GMT From: Fabien THOMAS <fabien.thomas@netasq.com> To: freebsd-gnats-submit@FreeBSD.org Subject: i386/114331: VIA padlock freesession bug Message-ID: <200707051255.l65CtFZ5011418@www.freebsd.org> Resent-Message-ID: <200707051300.l65D0Bni080351@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 114331 >Category: i386 >Synopsis: VIA padlock freesession bug >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-i386 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 05 13:00:10 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Fabien THOMAS >Release: FreeBSD 6.2-p5 >Organization: NETASQ >Environment: >Description: There is a bug in the VIA padlock cryptodev code: When the session are recycled the freed session is not inserted at the good place (head). The resulting bug is if you have one program with cryptodev opened and a second one doing open / close the kernel will continuously grown because the recycling will not occur. Hiden behind this bug a second one that leave the system completly unusable because the session id is cleared and not allocated again on a cached session. >How-To-Repeat: launch one program with an open crypto session. launch a second one periodically (on each run you will loose some KB of memory). >Fix: Find attached a fix for the problem. Another better solution is to rework the session cache by having a free list with an active count and a maximum cached entry. Patch attached with submission follows: --- padlock.c.orig Thu Jul 5 12:26:18 2007 +++ padlock.c Thu Jul 5 12:34:40 2007 @@ -222,6 +222,7 @@ else { TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next); ses->ses_used = 1; + ses->ses_id = sc->sc_sid++; TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next); } mtx_unlock(&sc->sc_sessions_mtx); @@ -276,7 +277,7 @@ padlock_hash_free(ses); bzero(ses, sizeof(*ses)); ses->ses_used = 0; - TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next); + TAILQ_INSERT_HEAD(&sc->sc_sessions, ses, ses_next); mtx_unlock(&sc->sc_sessions_mtx); return (0); } >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707051255.l65CtFZ5011418>