From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 89A35138330 for ; Wed, 7 Sep 2016 18:54:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B878821C072; Wed, 7 Sep 2016 18:54:31 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 56F1321C072 for ; Wed, 7 Sep 2016 18:54:31 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 0BB843408A2 for ; Wed, 7 Sep 2016 18:54:30 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 8554B2469 for ; Wed, 7 Sep 2016 18:54:27 +0000 (UTC) From: "Patrick McLean" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Patrick McLean" Message-ID: <1473274446.91bcfc117370caec4bb5cf52a163e5ee52962f6a.chutzpah@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch X-VCS-Directories: net-misc/openssh/files/ X-VCS-Committer: chutzpah X-VCS-Committer-Name: Patrick McLean X-VCS-Revision: 91bcfc117370caec4bb5cf52a163e5ee52962f6a X-VCS-Branch: master Date: Wed, 7 Sep 2016 18:54:27 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 7d65da46-5cb3-44b3-a1a1-bb69dba6469f X-Archives-Hash: f18bc2b1346ef8290cfc6bc422df11c9 commit: 91bcfc117370caec4bb5cf52a163e5ee52962f6a Author: Patrick McLean gentoo org> AuthorDate: Wed Sep 7 18:54:06 2016 +0000 Commit: Patrick McLean gentoo org> CommitDate: Wed Sep 7 18:54:06 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91bcfc11 net-misc/openssh: Final fix for deadlocks in the CTR-MT cipher Package-Manager: portage-2.3.0 .../openssh/files/openssh-7.3_p1-hpn-update.patch | 86 +++++++++++++++++----- 1 file changed, 69 insertions(+), 17 deletions(-) diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch index 8ae29e1..34acd5d 100644 --- a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch +++ b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch @@ -1,5 +1,5 @@ --- openssh-7_2_P2-hpn-14.10.diff.orig 2016-09-01 10:34:05.905112131 -0700 -+++ openssh-7_2_P2-hpn-14.10.diff 2016-09-06 21:49:35.583704017 -0700 ++++ openssh-7_2_P2-hpn-14.10.diff 2016-09-07 11:37:21.455870893 -0700 @@ -156,145 +156,6 @@ compat.o crc32.o deattack.o fatal.o hostfile.o \ log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \ @@ -151,20 +151,44 @@ --- /dev/null +++ b/cipher-ctr-mt.c -@@ -0,0 +1,533 @@ -+@@ -0,0 +1,535 @@ ++@@ -0,0 +1,546 @@ +/* + * OpenSSH Multi-threaded AES-CTR Cipher + * -@@ -737,7 +598,7 @@ +@@ -663,6 +524,7 @@ + + STATS_STRUCT(stats); + + u_char aes_counter[AES_BLOCK_SIZE]; + + pthread_t tid[CIPHER_THREADS]; +++ pthread_rwlock_t thread_lock; + + int state; + + int qidx; + + int ridx; +@@ -723,6 +585,7 @@ + + struct kq *q; + + int i; + + int qidx; +++ pthread_t first_tid; + + + + /* Threads stats on cancellation */ + + STATS_INIT(stats); +@@ -733,11 +596,15 @@ + + /* Thread local copy of AES key */ + + memcpy(&key, &c->aes_ctx, sizeof(key)); + + +++ pthread_rwlock_rdlock(&c->thread_lock); +++ first_tid = c->tid[0]; +++ pthread_rwlock_unlock(&c->thread_lock); +++ + + /* + * Handle the special case of startup, one thread must fill + * the first KQ then mark it as draining. Lock held throughout. + */ -+ if (pthread_equal(pthread_self(), c->tid[0])) { -++ if (pthread_equal(pthread_self(), c->tid[0]) || c->tid[0] == 0) { +++ if (pthread_equal(pthread_self(), first_tid)) { + q = &c->q[0]; + pthread_mutex_lock(&q->lock); + if (q->qstate == KQINIT) { -@@ -790,6 +651,7 @@ +@@ -790,6 +657,7 @@ + * can see that it's being filled. + */ + q->qstate = KQFILLING; @@ -172,7 +196,7 @@ + pthread_mutex_unlock(&q->lock); + for (i = 0; i < KQLEN; i++) { + AES_encrypt(q->ctr, q->keys[i], &key); -@@ -801,7 +663,7 @@ +@@ -801,7 +669,7 @@ + ssh_ctr_add(q->ctr, KQLEN * (NUMKQ - 1), AES_BLOCK_SIZE); + q->qstate = KQFULL; + STATS_FILL(stats); @@ -181,7 +205,7 @@ + pthread_mutex_unlock(&q->lock); + } + -@@ -893,6 +755,7 @@ +@@ -893,6 +761,7 @@ + pthread_cond_wait(&q->cond, &q->lock); + } + q->qstate = KQDRAINING; @@ -189,7 +213,35 @@ + pthread_mutex_unlock(&q->lock); + + /* Mark consumed queue empty and signal producers */ -@@ -1270,7 +1133,7 @@ +@@ -919,6 +788,7 @@ + + + + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { + + c = xmalloc(sizeof(*c)); +++ pthread_rwlock_init(&c->thread_lock, NULL); + + + + c->state = HAVE_NONE; + + for (i = 0; i < NUMKQ; i++) { +@@ -966,7 +836,9 @@ + + /* Start threads */ + + for (i = 0; i < CIPHER_THREADS; i++) { + + debug("spawned a thread"); +++ pthread_rwlock_wrlock(&c->thread_lock); + + pthread_create(&c->tid[i], NULL, thread_loop, c); +++ pthread_rwlock_unlock(&c->thread_lock); + + } + + pthread_mutex_lock(&c->q[0].lock); + + while (c->q[0].qstate != KQDRAINING) +@@ -1003,7 +875,9 @@ + + /* reconstruct threads */ + + for (i = 0; i < CIPHER_THREADS; i++) { + + debug("spawned a thread"); +++ pthread_rwlock_wrlock(&c->thread_lock); + + pthread_create(&c->tid[i], NULL, thread_loop, c); +++ pthread_rwlock_unlock(&c->thread_lock); + + } + +} + + +@@ -1270,7 +1144,7 @@ #include "ssherr.h" #include "sshbuf.h" @@ -198,7 +250,7 @@ #include "digest.h" #if OPENSSL_VERSION_NUMBER >= 0x00907000L -@@ -1312,8 +1175,8 @@ +@@ -1312,8 +1186,8 @@ + */ + if (ctos && !log_flag) { + logit("SSH: Server;Ltype: Kex;Remote: %s-%d;Enc: %s;MAC: %s;Comp: %s", @@ -209,7 +261,7 @@ + newkeys->enc.name, + authlen == 0 ? newkeys->mac.name : "", + newkeys->comp.name); -@@ -1430,7 +1293,7 @@ +@@ -1430,7 +1304,7 @@ + rekey_requested = 0; + return 1; + } @@ -218,7 +270,7 @@ /* Time-based rekeying */ if (state->rekey_interval != 0 && state->rekey_time + state->rekey_interval <= monotime()) -@@ -1490,7 +1353,7 @@ +@@ -1490,7 +1364,7 @@ transferred = *counter - (cur_pos ? cur_pos : start_pos); cur_pos = *counter; @@ -227,7 +279,7 @@ bytes_left = end_pos - cur_pos; + delta_pos = cur_pos - last_pos; -@@ -1564,8 +1427,8 @@ +@@ -1564,8 +1438,8 @@ { "canonicaldomains", oCanonicalDomains }, { "canonicalizefallbacklocal", oCanonicalizeFallbackLocal }, @@ -282,6 +287,11 @@ static struct { @@ -237,7 +289,7 @@ + { "tcprcvbufpoll", oTcpRcvBufPoll }, + { "tcprcvbuf", oTcpRcvBuf }, -@@ -1736,8 +1599,8 @@ +@@ -1736,8 +1610,8 @@ off_t size, statbytes; unsigned long long ull; int setimes, targisdir, wrerrno = 0; @@ -248,7 +300,7 @@ struct timeval tv[2]; #define atime tv[0] -@@ -1956,32 +1819,6 @@ +@@ -1956,32 +1830,6 @@ } /* @@ -281,7 +333,7 @@ @@ -1041,8 +1064,12 @@ server_request_tun(void) sock = tun_open(tun, mode); if (sock < 0) -@@ -2372,10 +2209,10 @@ +@@ -2372,10 +2220,10 @@ debug("Client protocol version %d.%d; client software version %.100s", remote_major, remote_minor, remote_version); + logit("SSH: Server;Ltype: Version;Remote: %s-%d;Protocol: %d.%d;Client: %.100s", @@ -294,7 +346,7 @@ @@ -1160,6 +1163,8 @@ server_listen(void) int ret, listen_sock, on = 1; -@@ -2413,7 +2250,7 @@ +@@ -2413,7 +2261,7 @@ if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; @@ -2151,6 +2168,9 @@ main(int ac, char **av) @@ -303,7 +355,7 @@ free(laddr); + /* set the HPN options for the child */ -@@ -2486,11 +2323,10 @@ +@@ -2486,11 +2334,10 @@ index eb4e948..3692722 100644 --- a/version.h +++ b/version.h