| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Aug 2010 06:39:31 -0400 From: Herbert Xu <herbert@...dor.apana.org.au> To: Andi Kleen <andi@...stfloor.org> Cc: netdev@...r.kernel.org Subject: Re: [RFC] [PATCH] Don't destroy TCP sockets twice On Tue, Aug 10, 2010 at 12:32:06PM +0200, Andi Kleen wrote: > > Yes I stored the backtrace of the first caller in the ugly debug > patches and dumped that on the second destroy. It was tcp_done the > first time. > > Also did the same for tcp_sk() and there it was the fin sending. > > I agree that tcp_close() should skip it in theory but I saw > it anyways :/ So I presume the second caller was tcp_close? That means we have a serious bug in our stack, as if the socket is already in the CLOSE state then tcp_close should have short-circuited. This means that something is changing the TCP socket state after going into CLOSE. Can you try adding your debug backtrace patch to tcp_set_state to see if anybody is indeed changing the socket state after going into CLOSE (and more importantly who is changing it)? Thanks, -- Email: Herbert Xu <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists