lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAL+tcoCqGP9fkNVmZ5U0vLyCcFDgWS8s=QDate8BPyopKSn39A@mail.gmail.com>
Date: Mon, 5 Aug 2024 15:46:10 +0800
From: Jason Xing <kerneljasonxing@...il.com>
To: Lorenzo Colitti <lorenzo@...gle.com>
Cc: Eric Dumazet <edumazet@...gle.com>, Xueming Feng <kuro@...oa.me>, 
	"David S . Miller" <davem@...emloft.net>, netdev@...r.kernel.org, 
	Neal Cardwell <ncardwell@...gle.com>, Yuchung Cheng <ycheng@...gle.com>, 
	Soheil Hassas Yeganeh <soheil@...gle.com>, David Ahern <dsahern@...nel.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net] tcp: fix forever orphan socket caused by tcp_abort

On Mon, Aug 5, 2024 at 2:43 PM Lorenzo Colitti <lorenzo@...gle.com> wrote:
>
> On Thu, Aug 1, 2024 at 10:11 PM Eric Dumazet <edumazet@...gle.com> wrote:
> > > This patch removes the SOCK_DEAD check in tcp_abort, making it send
> > > reset to peer and close the socket accordingly. Preventing the
> > > timer-less orphan from happening.
> > > [...]
> >
> > This seems legit, but are you sure these two blamed commits added this bug ?
> >
> > Even before them, we should have called tcp_done() right away, instead
> > of waiting for a (possibly long) timer to complete the job.
> >
> > This might be important when killing millions of sockets on a busy server.
> >
> > CC Lorenzo
> >
> > Lorenzo, do you recall why your patch was testing the SOCK_DEAD flag ?
>
> I think I took it from the original tcp_nuke_addr implementation that
> Android used before SOCK_DESTROY and tcp_abort were written. The
> oldest reference I could find to that code is this commit that went
> into 2.6.39 (!), which already had that check.
>
> https://android.googlesource.com/kernel/common/+/06611218f86dc353d5dd0cb5acac32a0863a2ae5
>
> I expect the check was intended to prevent force-closing the same socket twice.
>

Yes, I guess so.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ