[Bug 3483] New: closefrom() calls in sshd closes the file descriptors associated with Intel QAT crypto engine

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Oct 13 10:47:08 AEDT 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3483

            Bug ID: 3483
           Summary: closefrom() calls in sshd closes the file descriptors
                    associated with Intel QAT crypto engine
           Product: Portable OpenSSH
           Version: 9.1p1
          Hardware: Other
                OS: Windows 10
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: joel.d.schuetze at intel.com

Created attachment 3616
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3616&action=edit
Requested sshd.c patch

This issue is seen while using Intel QAT Crypto OpenSSL Engine
https://github.com/intel/QAT_Engine as a default OpenSSL engine.

Instead of using the OpenSSL library and CPU to process it, the user
can configure to offload all OpenSSL crypto operations to the QAT
engine including the operations from ssh and sshd applications.

As part of the QAT engine, there will be a number of file descriptors
opened related to the internal memory allocator and other processes.

All the file descriptors related to QAT are opened as part of
OPENSSL_init_crypto() which gets invoked from the seed_rng() function
in the main() of sshd application code.

But the closefrom() call in the application after seed_rng() closes
every file descriptor including the ones opened by QAT. This causes an
issue in an inability to ssh into the system which uses QAT engine for
default OpenSSL. The file descriptors are very much required for the
QAT to process the ssh crypto request that is coming into the system.

We understand the need for closefrom() calls that they are related to
Control persist feature.

The same issue was present during ssh out of the system using the QAT
engine in older versions of the ssh application before OpenSSH 8.7.

But the issue has been fixed in the ssh application in the latest
OpenSSH versions with this commit
https://github.com/openssh/openssh-portable/commit/c9f7bba2e6f70b7ac1f5ea190d890cb5162ce127 

The closefrom() call is moved before seed_rng() call because of a
similar issue faced by tcmalloc().

A similar fix is required for sshd application. Please find attached
the patch which helps to resolve the issue.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list