Hello,
I found a bug that CLOSE_WAIT sockets may remain forever on an
NFS server when NFS client is IRIX6.5 .
IRIX6.5 try to connect the server twice. I guess the first trial is
checking capability of the server and it closes the socket
immediately without sending data.
In this case the Linux server can't close a newly established
socket as it isn't accepted yet.
There are no problems if it's a typical NFS client which
sends data after establishing connection.
Thank you,
Hirokazu Takahashi.
--- svcsock.c.ORG Wed Jun 11 20:28:15 2031
+++ svcsock.c Wed Jun 11 20:51:01 2031
@@ -680,8 +680,17 @@ svc_tcp_listen_data_ready(struct sock *s
dprintk("svc: socket %p TCP (listen) state change %d\n",
sk, sk->state);
- if (sk->state != TCP_ESTABLISHED) {
- /* Aborted connection, SYN_RECV or whatever... */
+ if (sk->state != TCP_LISTEN) {
+ /*
+ * This callback may called twice when a new connection
+ * is established as a child socket inherits everything
+ * from a parent LISTEN socket.
+ * 1) data_ready method of the parent socket will be called
+ * when one of child sockets become ESTABLISHED.
+ * 2) data_ready method of the child socket may be called
+ * when it receives data before the socket is accepted.
+ * In case of 2, we should ignore it silently.
+ */
goto out;
}
if (!(svsk = (struct svc_sock *) sk->user_data)) {
-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at http://www.etnus.com.
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Hello,
I also realized that one more patch is needed.
> I found a bug that CLOSE_WAIT sockets may remain forever on an
> NFS server when NFS client is IRIX6.5 .
> IRIX6.5 try to connect the server twice. I guess the first trial is
> checking capability of the server and it closes the socket
> immediately without sending data.
>
> In this case the Linux server can't close a newly established
> socket as it isn't accepted yet.
> There are no problems if it's a typical NFS client which
> sends data after establishing connection.
Potentially NFS clients might close the socket before it is accepted
by an NFS server. This may leaves CLOSE_WAIT sockets since there are
no chances to set a SK_CLOSE flag on it.
We should apply these patches or it might become a target of a DOS attack.
e.g)
attack_knfsd()
{
for(;;) {
fd = socket(....);
connect(fd, ....); //connect to the knfsd port.
close(fd);
}
}
Thank you,
Hirokazu Takahashi.
> --- svcsock.c.ORG Wed Jun 11 20:28:15 2031
> +++ svcsock.c Wed Jun 11 20:51:01 2031
> @@ -680,8 +680,17 @@ svc_tcp_listen_data_ready(struct sock *s
> dprintk("svc: socket %p TCP (listen) state change %d\n",
> sk, sk->state);
>
> - if (sk->state != TCP_ESTABLISHED) {
> - /* Aborted connection, SYN_RECV or whatever... */
> + if (sk->state != TCP_LISTEN) {
> + /*
> + * This callback may called twice when a new connection
> + * is established as a child socket inherits everything
> + * from a parent LISTEN socket.
> + * 1) data_ready method of the parent socket will be called
> + * when one of child sockets become ESTABLISHED.
> + * 2) data_ready method of the child socket may be called
> + * when it receives data before the socket is accepted.
> + * In case of 2, we should ignore it silently.
> + */
> goto out;
> }
> if (!(svsk = (struct svc_sock *) sk->user_data)) {
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Etnus, makers of TotalView, The best
> thread debugger on the planet. Designed with thread debugging features
> you've never dreamed of, try TotalView 6 free at http://www.etnus.com.
> _______________________________________________
> NFS maillist - [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfs
>
--- svcsock.c.ORG2 Fri Jun 13 11:39:22 2031
+++ svcsock.c Sat Jun 14 00:10:31 2031
@@ -1068,6 +1068,8 @@ svc_tcp_init(struct svc_sock *svsk)
set_bit(SK_CHNGBUF, &svsk->sk_flags);
set_bit(SK_DATA, &svsk->sk_flags);
+ if (sk->state != TCP_ESTABLISHED)
+ set_bit(SK_CLOSE, &svsk->sk_flags);
}
}
-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs