lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 12 Sep 2007 14:07:10 +0200
From:	Wolfgang Walter <>
Subject: [patch] sunrpc: make closing of old temporary sockets work (was: problems with lockd in


as already described old temporary sockets (client is gone) of lockd aren't
closed after some time. So, with enough clients and some time gone, there
are 80 open dangling sockets and you start getting messages of the form:

lockd: too many open TCP sockets, consider increasing the number of nfsd threads.

If I understand the code then the intention was that the server closes
temporary sockets after about 6 to 12 minutes:

	a timer is started which calls svc_age_temp_sockets every 6 minutes.

		if a socket is marked OLD it gets closed.
		sockets which are not marked as OLD are marked OLD

	every time the sockets receives something OLD is cleared.

But svc_age_temp_sockets never closes any socket though because it only
closes sockets with svsk->sk_inuse == 0. This seems to be a bug.

Here is a patch against which changes the test to
svsk->sk_inuse <= 0 which was probably meant. The patched kernel runs fine
here. Unused sockets get closed (after 6 to 12 minutes)

Signed-off-by: Wolfgang Walter <>

--- ../linux-	2007-08-27 18:10:14.000000000 +0200
+++ net/sunrpc/svcsock.c	2007-09-11 11:07:13.000000000 +0200
@@ -1572,7 +1575,7 @@
 		if (!test_and_set_bit(SK_OLD, &svsk->sk_flags))
-		if (atomic_read(&svsk->sk_inuse) || test_bit(SK_BUSY, &svsk->sk_flags))
+		if (atomic_read(&svsk->sk_inuse) <= 0 || test_bit(SK_BUSY, &svsk->sk_flags))
 		list_move(le, &to_be_aged);

As svc_age_temp_sockets did not do anything before this change may trigger
hidden bugs.

To be true I don't see why this check

(atomic_read(&svsk->sk_inuse) <= 0 || test_bit(SK_BUSY, &svsk->sk_flags))

is needed at all (it can only be an optimation) as this fields change after
the check. In svc_tcp_accept there is no such check when a temporary socket
is closed.

Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists