lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1428498482.2809.10.camel@sipsolutions.net>
Date:	Wed, 08 Apr 2015 15:08:02 +0200
From:	Johannes Berg <johannes@...solutions.net>
To:	David Woodhouse <dwmw2@...radead.org>
Cc:	David Miller <davem@...emloft.net>, torvalds@...ux-foundation.org,
	marcel@...tmann.org, sfeldma@...il.com, netdev@...r.kernel.org,
	teg@...m.no
Subject: Re: Problem with patch "make nlmsg_end() and genlmsg_end() void"

On Wed, 2015-04-08 at 13:03 +0100, David Woodhouse wrote:

> I'm not sure if this is entirely fixed. In Fedora 22 (4.0.0-rc5-git4)
> I'm occasionally seeing glibc deadlock in __check_pf() on a netlink
> recvmsg(), here:
> https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/check_pf.c;h=162606d7;hb=glibc-2.21#l166
> 
> As I understand it, this shouldn't happen. Even if messages are
> dropped (which surely shouldn't happen as often as I'm seeing this),
> glibc should get ENOBUFS from the recvmsg() call.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1209433
> 
> I haven't bisected and proved that it *was* this commit which
> introduced the problem, as it only happens after a day or two of
> running Evolution and I haven't managed to trigger it more reliably.

I don't see the connection to this change.

The issue with my patch was that some code for NLM_F_DUMP would have
this pattern:

 int fill_function(...)
 {
    ...
    return nlmsg_end(...);
 }

 loop (...) {
   if (fill_function() <= 0)
     break; /* continue in next dump */
 }

and that all had to be converted to be just "< 0" now.

Additionally, the failure mode of this was the process running out of
memory due to receiving the same results over and over again - does that
happen for you? It seems it was stuck in recvmsg(), but that may just be
a side effect of happening to interrupt at that point?

johannes

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ