lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKD1Yr1O+ZHg_oVYu39z=qKPC2CX7P56ewRLWOkvXqvekKk6uA@mail.gmail.com>
Date: Mon, 5 Aug 2024 15:42:19 +0900
From: Lorenzo Colitti <lorenzo@...gle.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: Xueming Feng <kuro@...oa.me>, "David S . Miller" <davem@...emloft.net>, netdev@...r.kernel.org, 
	Neal Cardwell <ncardwell@...gle.com>, Yuchung Cheng <ycheng@...gle.com>, 
	Soheil Hassas Yeganeh <soheil@...gle.com>, David Ahern <dsahern@...nel.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net] tcp: fix forever orphan socket caused by tcp_abort

On Thu, Aug 1, 2024 at 10:11 PM Eric Dumazet <edumazet@...gle.com> wrote:
> > This patch removes the SOCK_DEAD check in tcp_abort, making it send
> > reset to peer and close the socket accordingly. Preventing the
> > timer-less orphan from happening.
> > [...]
>
> This seems legit, but are you sure these two blamed commits added this bug ?
>
> Even before them, we should have called tcp_done() right away, instead
> of waiting for a (possibly long) timer to complete the job.
>
> This might be important when killing millions of sockets on a busy server.
>
> CC Lorenzo
>
> Lorenzo, do you recall why your patch was testing the SOCK_DEAD flag ?

I think I took it from the original tcp_nuke_addr implementation that
Android used before SOCK_DESTROY and tcp_abort were written. The
oldest reference I could find to that code is this commit that went
into 2.6.39 (!), which already had that check.

https://android.googlesource.com/kernel/common/+/06611218f86dc353d5dd0cb5acac32a0863a2ae5

I expect the check was intended to prevent force-closing the same socket twice.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ