i386/114331: VIA padlock freesession bug
Fabien THOMAS
fabien.thomas at netasq.com
Thu Jul 5 13:00:12 UTC 2007
>Number: 114331
>Category: i386
>Synopsis: VIA padlock freesession bug
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-i386
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 05 13:00:10 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Fabien THOMAS
>Release: FreeBSD 6.2-p5
>Organization:
NETASQ
>Environment:
>Description:
There is a bug in the VIA padlock cryptodev code:
When the session are recycled the freed session is not inserted at the good place (head). The resulting bug is if you have one program with cryptodev opened and a second one doing open / close the kernel will continuously grown because the recycling will not occur.
Hiden behind this bug a second one that leave the system completly unusable because the session id is cleared and not allocated again on a cached session.
>How-To-Repeat:
launch one program with an open crypto session.
launch a second one periodically (on each run you will loose some KB of memory).
>Fix:
Find attached a fix for the problem.
Another better solution is to rework the session cache by having a free list with an active count and a maximum cached entry.
Patch attached with submission follows:
--- padlock.c.orig Thu Jul 5 12:26:18 2007
+++ padlock.c Thu Jul 5 12:34:40 2007
@@ -222,6 +222,7 @@
else {
TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
ses->ses_used = 1;
+ ses->ses_id = sc->sc_sid++;
TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next);
}
mtx_unlock(&sc->sc_sessions_mtx);
@@ -276,7 +277,7 @@
padlock_hash_free(ses);
bzero(ses, sizeof(*ses));
ses->ses_used = 0;
- TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next);
+ TAILQ_INSERT_HEAD(&sc->sc_sessions, ses, ses_next);
mtx_unlock(&sc->sc_sessions_mtx);
return (0);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-i386
mailing list