| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 Jul 2016 17:24:01 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: LKML <linux-kernel@...r.kernel.org>,
"Linux NFS Mailing List" <linux-nfs@...r.kernel.org>
Cc: Trond Myklebust <trondmy@...marydata.com>,
Jeff Layton <jlayton@...chiereds.net>,
Eric Dumazet <eric.dumazet@...il.com>,
Schumaker Anna <anna.schumaker@...app.com>,
"Andrew Morton" <akpm@...ux-foundation.org>,
Fields Bruce <bfields@...ldses.org>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Revert: SUNRPC: xs_sock_mark_closed() does not need to trigger
socket autoclose
A while back, rkhunter reported a "hidden port" on my main server,
making me nervous that I had been hacked. Doing lots of debugging, I
found that it was happening from xprt code in NFS. I found a way to
trigger the bug, which happened because my wife's machine was NFS
mounting a directory of my main server. She does this to upload her
photos quickly to gallery2.
"Warning: Hidden ports found:
Port number: TCP:871"
A hidden port is one that has no socket connected to it. That is, it's
a dead resource. Nothing can ever use that port. It's not something
that is "reserved", it's just a leaked bit of info. rkhunter treats
this as a possible root kit attack.
I did a bisect and found the culprit and worked with the NFS folks who
came up with a fix that made rkhunter happy again.
Link: http://lkml.kernel.org/r/20150611234929.7b48d314@gandalf.local.home
The previous fix was 4876cc779ff5 ("SUNRPC: Ensure we release the TCP
socket once it has been closed")
Recently, after traveling with my wife, she decided to upload pictures
again and mounted the directory, and lo and behold the hidden port
re-appeared. I noticed that the mounting of the NFS directory caused
this to happen again. I did lots of debugging to see why and asked for
help from the NFS folks again. But this time I didn't receive much help.
Link: http://lkml.kernel.org/r/20160630085950.61e5c7e0@gandalf.local.home
Frustrated, I spent all day bisecting this, and found that this bug was
created in the next release. And I even found the commit that causes
this bug: 4b0ab51db32e ("SUNRPC: xs_sock_mark_closed() does not need to
trigger socket autoclose"). This commit states:
"Under all conditions, it should be quite sufficient just to mark
the socket as disconnected. It will then be closed by the
transport shutdown or reconnect code."
Well, this isn't quite correct. And doing a little git blaming, the
line that it removed was added by the first commit above that
previously fixed my issue.
Reverting this commit makes rkhunter and myself quite happy again.
I consider this userland breakage, as rkhunter is a userland tool and
this commit causes it to report a problem that does not exist.
Fixes: 4b0ab51db32e ("SUNRPC: xs_sock_mark_closed() does not need to trigger socket autoclose")
Cc: stable@...r.kernel.org # v4.3+
Signed-off-by: Steven Rostedt <rostedt@...dmis.org>
---
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 7e2b2fa189c3..5579d13e253f 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -768,6 +768,7 @@ static void xs_sock_mark_closed(struct rpc_xprt *xprt)
xs_sock_reset_connection_flags(xprt);
/* Mark transport as closed and wake up all pending tasks */
xprt_disconnect_done(xprt);
+ xprt_force_disconnect(xprt);
}
/**
Powered by blists - more mailing lists