From nobody@FreeBSD.org  Thu Jul  5 12:55:16 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2B49816A421
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  5 Jul 2007 12:55:16 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 1D40C13C489
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  5 Jul 2007 12:55:16 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l65CtFlj011419
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 5 Jul 2007 12:55:15 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l65CtFZ5011418;
	Thu, 5 Jul 2007 12:55:15 GMT
	(envelope-from nobody)
Message-Id: <200707051255.l65CtFZ5011418@www.freebsd.org>
Date: Thu, 5 Jul 2007 12:55:15 GMT
From: Fabien THOMAS <fabien.thomas@netasq.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: VIA padlock freesession bug
X-Send-Pr-Version: www-3.0

>Number:         114331
>Category:       kern
>Synopsis:       [crypto] [patch] VIA padlock freesession bug
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    vanhu
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 05 13:00:10 GMT 2007
>Closed-Date:    Sat Jan 14 15:53:53 UTC 2012
>Last-Modified:  Sat Jan 14 15:53:53 UTC 2012
>Originator:     Fabien THOMAS
>Release:        FreeBSD 6.2-p5
>Organization:
NETASQ
>Environment:
>Description:
There is a bug in the VIA padlock cryptodev code:

When the session are recycled the freed session is not inserted at the
good place (head). The resulting bug is if you have one program with
cryptodev opened and a second one doing open / close the kernel will
continuously grown because the recycling will not occur.

Hiden behind this bug a second one that leave the system completly unusable
because the session id is cleared and not allocated again on a cached session.



>How-To-Repeat:
launch one program with an open crypto session.
launch a second one periodically (on each run you will loose some KB of
memory).
>Fix:
Find attached a fix for the problem.

Another better solution is to rework the session cache by  having a free
list with an active count and a maximum cached entry.

Patch attached with submission follows:

--- padlock.c.orig	Thu Jul  5 12:26:18 2007
+++ padlock.c	Thu Jul  5 12:34:40 2007
@@ -222,6 +222,7 @@
 	else {
 		TAILQ_REMOVE(&sc->sc_sessions, ses, ses_next);
 		ses->ses_used = 1;
+		ses->ses_id = sc->sc_sid++;
 		TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next);
 	}
 	mtx_unlock(&sc->sc_sessions_mtx);
@@ -276,7 +277,7 @@
 	padlock_hash_free(ses);
 	bzero(ses, sizeof(*ses));
 	ses->ses_used = 0;
-	TAILQ_INSERT_TAIL(&sc->sc_sessions, ses, ses_next);
+	TAILQ_INSERT_HEAD(&sc->sc_sessions, ses, ses_next);
 	mtx_unlock(&sc->sc_sessions_mtx);
 	return (0);
 }


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-i386->freebsd-bugs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Jul 9 04:34:38 UTC 2007 
Responsible-Changed-Why:  
Reclassify. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=114331 
Responsible-Changed-From-To: freebsd-bugs->vanhu 
Responsible-Changed-By: vanhu 
Responsible-Changed-When: Mon Aug 11 12:20:36 UTC 2008 
Responsible-Changed-Why:  
I'll handle it 

http://www.freebsd.org/cgi/query-pr.cgi?pr=114331 

From: Patrick Lamaiziere <patfbsd@davenulle.org>
To: bug-followup@FreeBSD.org, fabien.thomas@netasq.com, vanhu@FreeBSD.org
Cc:  
Subject: Re: kern/114331: [crypto] [patch] VIA padlock freesession bug
Date: Sat, 10 Jan 2009 15:51:14 +0100

 That is fixed in RELENG_7 and 8-CURRENT but not in RELENG_6.
 
 See:
 
 SVN rev 181474 on 2008-08-09 19:43:44Z by pjd
 padlock.c revision 1.16
 http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/crypto/via/padlock.c.diff?r1=1.15;r2=1.16
 
 and
 SVN rev 180626 on 2008-07-20 07:34:00Z by pjd
 padlock.c revision 1.14
 http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/crypto/via/padlock.c.diff?r1=1.14;r2=1.13
 
 Regards.
State-Changed-From-To: open->feedback 
State-Changed-By: vanhu 
State-Changed-When: Mon Mar 16 12:38:24 UTC 2009 
State-Changed-Why:  
Is there still a real need to MFC on RELENG_6, or can I just 
close this PR ? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=114331 
State-Changed-From-To: feedback->closed 
State-Changed-By: eadler 
State-Changed-When: Sat Jan 14 15:53:52 UTC 2012 
State-Changed-Why:  
problem fixed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=114331 
>Unformatted:
