lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 12 Nov 2013 19:28:19 -0500
From:	Dave Jones <davej@...hat.com>
To:	Marcel Holtmann <marcel@...tmann.org>
Cc:	netdev@...r.kernel.org,
	"linux-bluetooth@...r.kernel.org development" 
	<linux-bluetooth@...r.kernel.org>
Subject: Re: shutdown(3) and bluetooth.

On Wed, Nov 13, 2013 at 08:37:15AM +0900, Marcel Holtmann wrote:
 
 > > So it seems it affects both SCO and RFCOMM.
 > > 
 > >> What kernel did you run this against? It is a shot in the dark, but can you try linux-next quickly.
 > >> There was a socket related fix for the socket options where we confused RFCOMM vs L2CAP struct sock.
 > > 
 > > first noticed it on Linus' latest HEAD, and then reproduced it on 3.11.6
 > > I'll look at linux-next tomorrow.
 > 
 > I looked through the code and only call bt_sock_wait_state when SOCK_LINGER and sk_lingertime is set. In that case we actually block until the socket state changes to BT_CLOSED.
 > 
 > The only way I see this could happen is if you have a huge linger timeout and confused the socket state before. What is actually the list of system calls that you are throwing at this socket.

Ah. I recently changed some code that's now doing this on every socket at shutdown..
(simplified cut-n-paste)

        struct linger ling = { .l_onoff = FALSE, };

        for (i = 0; i < nr_sockets; i++) {
                fd = shm->sockets[i].fd;
                shm->sockets[i].fd = 0;

                setsockopt(fd, SOL_SOCKET, SO_LINGER, &ling, sizeof(struct linger));
                shutdown(fd, SHUT_RDWR);
                close(fd);
        }

I could just rip out that linger code completely and just hope that sockets staying in
TIME_WAIT is good enough. iirc, I added it when after multiple runs, some of the
weirder protocols would fail to open a socket once a certain number of existing
sockets had opened, even if they were in SOCK_WAIT

two remaining questions though. That code is setting linger to false. Why would
that cause the sk_lingertime to be taken into consideration ?  And why is this
only a problem for bluetooth (apparently) ?

	Dave


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ