On 5/29/2013 7:36 AM, Dag-Erling Smørgrav wrote: > Pawel Jakub Dawidek <[email protected]> writes: >> Which library is needed for AES-NI? I don't see any engine in /usr/lib/ >> that implements AES-NI support. Could you be more specific? > > Ah, you're right. Bryan (cc:ed) did the analysis and I misunderstood > his report. I just ran through the steps to reproduce the issue, and > what happens is that a CRIOGET ioctl cal (which is supposed to allocate > and return a file descriptor) fails due to setrlimit(RLIMIT_FSIZE, 0): > > 90344 sshd CALL setrlimit(RLIMIT_NOFILE,0x7fffffffca10) > 90344 sshd RET setrlimit 0
This is as far as I went. I wasn't able to debug it further with the RLIMIT_FSIZE set, as removing it allowed the functionality to work. I incorrectly assumed it was due to dynamic library loading later. Sorry for the miscommunication. > [...] > 90344 sshd CALL ioctl(0x3,CRIOGET,0x7fffffffcb4c) > 90344 sshd RET ioctl -1 errno 24 Too many open files > > Note that you have to remove the setrlimit(RLIMIT_FSIZE, 0) call in > sandbox-rlimit.c to debug this, otherwise ktrace stops at that point: -- Regards, Bryan Drewery
signature.asc
Description: OpenPGP digital signature
