lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 09 Dec 2010 11:56:13 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel <netfilter-devel@...ts.netfilter.org>,
netdev@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
CC: "David S. Miller" <davem@...emloft.net>
Subject: Re: ctnetlink loop
Sorry, I finally found your email reporting this:
> nfnetlink: avoid unbound loop on busy Netlink socket
>
> I see a problem with how ctnetlink GET requests are being
> processed in the kernel (2.6.32.24) under high load.
>
> The sympton is Netlink looping around nfnetlink_rcv_msg(), which
> is just because netlink_unicast() came back with EAGAIN when
> trying to write the newly created Netlink skb to the SK receive
> buffer in ctnetlink_get_conntrack(). In this case a (possibly)
> infinit loop is entered. Mostly infinit I think in case the
> userland party trying to receive those messages may be stuck in
> the sendmsg() call, being unable to read anything if being single
> threaded.
>
> I tried to reproduce several times, a few times the loop
> disappeared and the box proceeded normally after some minutes.
> I have no explanation for this.
>
> The attached patch tries to solve it by simple not trying again
> to netlink_unicast() the reply skb and just fail with -ENOBUFS.
> The reasoning is that at the point a Netlink overrun is detected
> it seems counter intuitive to insist on sending one more Netlink
> message.
We still need EAGAIN, and it doesn't necessarily means ENOBUFS for the
general case in nfnetlink.
The following patch covers the case that you're reporting.
View attachment "f.patch" of type "text/x-patch" (1165 bytes)
Powered by blists - more mailing lists