[Bug 3483] New: closefrom() calls in sshd closes the file descriptors associated with Intel QAT crypto engine
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Oct 13 10:47:08 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3483
Bug ID: 3483
Summary: closefrom() calls in sshd closes the file descriptors
associated with Intel QAT crypto engine
Product: Portable OpenSSH
Version: 9.1p1
Hardware: Other
OS: Windows 10
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: joel.d.schuetze at intel.com
Created attachment 3616
--> https://bugzilla.mindrot.org/attachment.cgi?id=3616&action=edit
Requested sshd.c patch
This issue is seen while using Intel QAT Crypto OpenSSL Engine
https://github.com/intel/QAT_Engine as a default OpenSSL engine.
Instead of using the OpenSSL library and CPU to process it, the user
can configure to offload all OpenSSL crypto operations to the QAT
engine including the operations from ssh and sshd applications.
As part of the QAT engine, there will be a number of file descriptors
opened related to the internal memory allocator and other processes.
All the file descriptors related to QAT are opened as part of
OPENSSL_init_crypto() which gets invoked from the seed_rng() function
in the main() of sshd application code.
But the closefrom() call in the application after seed_rng() closes
every file descriptor including the ones opened by QAT. This causes an
issue in an inability to ssh into the system which uses QAT engine for
default OpenSSL. The file descriptors are very much required for the
QAT to process the ssh crypto request that is coming into the system.
We understand the need for closefrom() calls that they are related to
Control persist feature.
The same issue was present during ssh out of the system using the QAT
engine in older versions of the ssh application before OpenSSH 8.7.
But the issue has been fixed in the ssh application in the latest
OpenSSH versions with this commit
https://github.com/openssh/openssh-portable/commit/c9f7bba2e6f70b7ac1f5ea190d890cb5162ce127
The closefrom() call is moved before seed_rng() call because of a
similar issue faced by tcmalloc().
A similar fix is required for sshd application. Please find attached
the patch which helps to resolve the issue.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list