| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1288539383.2660.38.camel@edumazet-laptop>
Date: Sun, 31 Oct 2010 16:36:23 +0100
From: Eric Dumazet <eric.dumazet@...il.com>
To: Alban Crequy <alban.crequy@...labora.co.uk>,
David Miller <davem@...emloft.net>
Cc: netdev <netdev@...r.kernel.org>,
Davide Libenzi <davidel@...ilserver.org>
Subject: [PATCH 1/2] af_unix: fix unix_dgram_poll() behavior for EPOLLOUT
event
Le samedi 30 octobre 2010 à 22:47 +0100, Alban Crequy a écrit :
> Le Sat, 30 Oct 2010 15:17:58 +0200,
> Eric Dumazet <eric.dumazet@...il.com> a écrit :
>
> > > Problem is the peer_wait, that epoll doesnt seem to be plugged into.
> > >
> > > Bug is in unix_dgram_poll()
> > >
> > > It calls sock_poll_wait( ... &unix_sk(other)->peer_wait,) only if
> > > socket is 'writable'. Its a clear bug
>
> Yes, it looks weird...
>
> > > Try this patch please ?
>
> I will be away from computer and I will continue to work on this from
> the 20th of November.
OK, no problem. I tried it and it solves the problem. Here is an
official patch submission.
David, for your convenience, I cooked a patch serie for the 2 patches
against af_unix unix_dgram_poll().
The third patch (af_unix: unix_write_space() use keyed wakeups)) can be
applied as is.
Thanks !
[PATCH 1/2] af_unix: fix unix_dgram_poll() behavior for EPOLLOUT event
Alban Crequy reported a problem with connected dgram af_unix sockets and
provided a test program. epoll() would miss to send an EPOLLOUT event
when a thread unqueues a packet from the other peer, making its receive
queue not full.
This is because unix_dgram_poll() fails to call sock_poll_wait(file,
&unix_sk(other)->peer_wait, wait);
if the socket is not writeable at the time epoll_ctl(ADD) is called.
We must call sock_poll_wait(), regardless of 'writable' status, so that
epoll can be notified later of states changes.
Misc: avoids testing twice (sk->sk_shutdown & RCV_SHUTDOWN)
Reported-by: Alban Crequy <alban.crequy@...labora.co.uk>
Cc: Davide Libenzi <davidel@...ilserver.org>
Signed-off-by: Eric Dumazet <eric.dumazet@...il.com>
---
net/unix/af_unix.c | 24 +++++++++---------------
1 file changed, 9 insertions(+), 15 deletions(-)
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 0ebc777..7375131 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2072,13 +2072,12 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
mask |= POLLERR;
if (sk->sk_shutdown & RCV_SHUTDOWN)
- mask |= POLLRDHUP;
+ mask |= POLLRDHUP | POLLIN | POLLRDNORM;
if (sk->sk_shutdown == SHUTDOWN_MASK)
mask |= POLLHUP;
/* readable? */
- if (!skb_queue_empty(&sk->sk_receive_queue) ||
- (sk->sk_shutdown & RCV_SHUTDOWN))
+ if (!skb_queue_empty(&sk->sk_receive_queue))
mask |= POLLIN | POLLRDNORM;
/* Connection-based need to check for termination and startup */
@@ -2090,20 +2089,15 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
return mask;
}
- /* writable? */
writable = unix_writable(sk);
- if (writable) {
- other = unix_peer_get(sk);
- if (other) {
- if (unix_peer(other) != sk) {
- sock_poll_wait(file, &unix_sk(other)->peer_wait,
- wait);
- if (unix_recvq_full(other))
- writable = 0;
- }
-
- sock_put(other);
+ other = unix_peer_get(sk);
+ if (other) {
+ if (unix_peer(other) != sk) {
+ sock_poll_wait(file, &unix_sk(other)->peer_wait, wait);
+ if (unix_recvq_full(other))
+ writable = 0;
}
+ sock_put(other);
}
if (writable)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists