| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 31 May 2008 18:46:14 -0400 From: Patrick McManus <mcmanus@...ksong.com> To: Ingo Molnar <mingo@...e.hu> Cc: Ilpo Järvinen <ilpo.jarvinen@...sinki.fi>, Peter Zijlstra <peterz@...radead.org>, LKML <linux-kernel@...r.kernel.org>, Netdev <netdev@...r.kernel.org>, "David S. Miller" <davem@...emloft.net>, "Rafael J. Wysocki" <rjw@...k.pl>, Andrew Morton <akpm@...ux-foundation.org>, Evgeniy Polyakov <johnpol@....mipt.ru> Subject: Re: [bug] stuck localhost TCP connections, v2.6.26-rc3+ On Sat, 2008-05-31 at 18:35 +0200, Ingo Molnar wrote: > * Ilpo Järvinen <ilpo.jarvinen@...sinki.fi> wrote: > > > ...setsockopt(listenfd, SOL_TCP, TCP_DEFER_ACCEPT, &val, sizeof(val)) > > seems to be the magic trick that is interestion here. > > seems to be used: > > 22003 write(3, "distccd[22003] (dcc_listen_by_ad"..., 62) = 62 > 22003 listen(4, 10) = 0 > 22003 setsockopt(4, SOL_TCP, TCP_DEFER_ACCEPT, [1], 4) = 0 > > i'll queue up your reverts for testing in -tip. So the code you will revert came from my fingers. The circumstances here make me nervous; while I'm at a loss to explain what might be going on in particular, let me offer an apology in advance should the revert help resolve the issue. Here's what makes me nervous: * not a lot of code uses DEFER_ACCEPT.. frankly it was pretty broken before 26 - but not broken this way .. the correlation of your bug using it is significant. * in 26, a server TCP socket (with DA) goes to ESTABLISHED when the 3rd part of the handshake is received (as normal without DA), but the socket isn't put on the accept queue until a real data packet arrives. (That's the point of DA). In <= 25 this socket would have syn-recv until the data packet arrived. - I did run tests where the server died in between the handshake being completed and first data packet arriving - the client should see RST and the server socket should disappear. But maybe something was missed? Do I understand this correctly, the server process is gone but the socket is still in the table? And the client process is still there waiting for the server to do something - having sent a bunch of data? Do we know if any data bytes (not handshake bytes) have been consumed by the server side? If they were, that would seem to vindicate DA. Also pointing away from DA is that you started seeing this with rc3 - that code was included in rc1.Is that a firm observation, or maybe there weren't enough datapoints to conclude that rc1 and rc2 were clean? The most interesting patch is ec3c0982a2dd1e671bad8e9d26c28dcba0039d87 if anyone wants to eyeball it. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists