From patchwork Sat Dec 24 23:08:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 2943 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp1203837dyk; Sat, 24 Dec 2022 15:09:14 -0800 (PST) X-Google-Smtp-Source: AMrXdXuVLQlGMhCyy/m8aodeZPXtDE3KUwT2XURJxVo0f3iz/3hQKbaI4rSped5KCtozfYqNVVYu X-Received: by 2002:a17:902:6845:b0:192:569c:e54c with SMTP id f5-20020a170902684500b00192569ce54cmr11367635pln.53.1671923353963; Sat, 24 Dec 2022 15:09:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671923353; cv=none; d=google.com; s=arc-20160816; b=YwvfR6MlOTelJveEk0FgieMmhatLvMlDDqjwN+GMol4int7U4O0zcXvj1I8uU6X36C q7TnwhRt1a1qDtXS/XuUiZbWH6fBCGnZkEGeLJgPpsQ9m8CmjrkpmIpc91NZG3l+NiCb a0+a+BYIi1+AJXImHphTaJO1ynv5/d7Bs5iv1tFRs01wlsbWQCxztkd1oZkvJhGH206a /oJny6555ucETqCbWTJWikAE3f11iqdT1/vWf3Nxba1QyEtuDaMEgErwRRTZ/h0ur2ge koNE7lITdiybW7+fogmiXvSD6Lf92NedPH/ENozSmVrWpNaIKeS4GFy+rP+syIyml/dT O4wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=285YcsMBnzn4CramPFqk4ML92MBgO8lFobsyLBg3sEQ=; b=lxFFWFeQ3JnbEHOSuHIxYVZArBd96vWm2DKNvH6FBa6iPxACJ1uW+d0+sa1zw73ybw xFhWgB++apsku7tDiKSgtutdb5Q+SrEtz0tIhhJ7MK0BKvw23nBZaXPirNItceXs1fmQ bKXzYYSR2Y3S+7gI2FTE+XI6HOS6qr32zfLyby4n+BJ68xlV3LQXiqDNjdtjnwja86/n 4qbEeq4zp1FXOiIjuJoBiSuaUE5VcWSA5bxPAWtspRV/PgioZLp5Dt7xe3TBwLUBZy5x czlZ4zz00FfCZwwFh5HlSb414/zqoOTcszG2c5GgNZ+FpJkDBgI/q0NDD0oP3Np8EqfX kiTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=S1LPwxS3; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=jSYyXzpS; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id d7-20020a170903230700b0016da027a727si7822837plh.116.2022.12.24.15.09.13 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 24 Dec 2022 15:09:13 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=S1LPwxS3; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=jSYyXzpS; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p9DdR-0003pz-QR; Sat, 24 Dec 2022 23:08:57 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p9Dd1-0003pW-RW for openvpn-devel@lists.sourceforge.net; Sat, 24 Dec 2022 23:08:31 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=CiRhL+tIniUW1D4AsmBBxDQAMwtXQcCKDwVeicq2Fm8=; b=S1LPwxS3+MhWv37lWCPXMAT4p7 Cc7v8MBjRs8brtMdeN6hgrWMdwjTEIRPbvH5sPSGnld0i0A49G770YsY/jLAj0KPFHrX7EaPPOipY hvlZl5keL1Xp2QLw8ceyXKo0tU27z3XIh6IY7l8O2FtAFA3XNpa+upx7zn6ZZRvHEAGE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=CiRhL+tIniUW1D4AsmBBxDQAMwtXQcCKDwVeicq2Fm8=; b=jSYyXzpSQAFBi+lZRCCZoo2oSe OPsXWS8bPqiXdD31sIXNK4zk2LgxK/UKlcFeISPpmEDJkUkA7Bfcq+xQ+X2JQzSFhFRL3FPOGB/Wk 0SScY9bJeSVSOS2RnCOmMqVorbJK6tGgrg+t2KwSo4G50fOAhHEFoBoD6vAHyLiWs7vk=; Received: from vmail1.greenie.net ([195.30.8.66]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p9Dcl-0007Wb-JG for openvpn-devel@lists.sourceforge.net; Sat, 24 Dec 2022 23:08:20 +0000 Received: from ubuntu2004.ov.greenie.net (ubuntu2004.ov.greenie.net [IPv6:2001:608:1:995a:250:56ff:febb:2084]) by vmail1.greenie.net (8.17.1/8.16.1) with SMTP id 2BON87Fj001723 for ; Sun, 25 Dec 2022 00:08:07 +0100 (CET) Received: (nullmailer pid 1828012 invoked by uid 1000); Sat, 24 Dec 2022 23:08:07 -0000 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sun, 25 Dec 2022 00:08:07 +0100 Message-Id: <20221224230807.1827964-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221222095349.1662685-1-gert@greenie.muc.de> References: <20221222095349.1662685-1-gert@greenie.muc.de> MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (vmail1.greenie.net [IPv6:2001:608:1:995a:20c:29ff:feb8:10eb]); Sun, 25 Dec 2022 00:08:07 +0100 (CET) X-Spam-Score: -2.0 (--) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: TCP multipoint servers with Linux-DCO can crash under yet-unknown circumstances where a TCP socket gets handed to the kernel (= userland shall not acceess it again) but the socket still lands in the e [...] Content analysis details: (-2.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [195.30.8.66 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1p9Dcl-0007Wb-JG Subject: [Openvpn-devel] [PATCH v2] bandaid fix for TCP multipoint server crash with Linux-DCO X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1752908281270112800?= X-GMAIL-MSGID: =?utf-8?q?1753138702576708606?= TCP multipoint servers with Linux-DCO can crash under yet-unknown circumstances where a TCP socket gets handed to the kernel (= userland shall not acceess it again) but the socket still lands in the event polling mechanism, and is passed to link_socket_read() with sock->fd being "-1" (SOCKET_UNDEFINED). This is a bug, but it happens very unfrequently so not fixed yet. When this happens, the server gets stuck in an endless loop of "trying recvfrom(-1, ..), getting an error, looging that error, continue" until the server's disk is full. The situation is being made a bit more complex by the dco-win approach of treating "all kernel sockets as UDP", so the Linux implementation tries to access the -1 socket as UDP, confusing the picture more. As a bandaid to avoid the crash, this patch changes - socket.h: only do the "if dco_installed, treat as UDP" for WIN32 (link_socket_read()) - socket.c: add ASSERT(sock->fd >= 0); checks to all UDP socket paths (we should never even hit those as this is a TCP specific problem, but in the "sock->fd = -1" case, doing a clean server abort is preferred to "the disk is full with non-helpful logfiles, and then the server crashes anyway") - socket.c: in the TCP read function, link_socket_read_tcp(), check for sock->fd < 0 and trigger "sock->stream_reset = true" (+ write to the log what happened). This change will kill this particular TCP client instance (SIGTERM), but leave the rest of the server running fine - and given that in our tests this issue seems to be triggered by inbound TCP RST in just the wrong moment, it seems to be "a properly-sized bandaid". v2: rebase on top of "move dco_installed back to link_socket" Github: OpenVPN/openvpn#190 Signed-off-by: Gert Doering --- src/openvpn/socket.c | 12 ++++++++++++ src/openvpn/socket.h | 4 ++++ 2 files changed, 16 insertions(+) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index c7ec0e06..2e5f29bf 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -3226,6 +3226,13 @@ link_socket_read_tcp(struct link_socket *sock, { int len = 0; + if (sock->sd == SOCKET_UNDEFINED) /* DCO mishap */ + { + msg(M_INFO, "BUG: link_socket_read_tcp(): sock->sd==-1, reset client instance" ); + sock->stream_reset = true; /* reset client instance */ + return buf->len = 0; /* nothing to read */ + } + if (!sock->stream_buf.residual_fully_formed) { #ifdef _WIN32 @@ -3285,6 +3292,8 @@ link_socket_read_udp_posix_recvmsg(struct link_socket *sock, struct msghdr mesg; socklen_t fromlen = sizeof(from->dest.addr); + ASSERT(sock->sd >= 0); /* can't happen */ + iov.iov_base = BPTR(buf); iov.iov_len = buf_forward_capacity_total(buf); mesg.msg_iov = &iov; @@ -3351,6 +3360,9 @@ link_socket_read_udp_posix(struct link_socket *sock, socklen_t fromlen = sizeof(from->dest.addr); socklen_t expectedlen = af_addr_size(sock->info.af); addr_zero_host(&from->dest); + + ASSERT(sock->sd >= 0); /* can't happen */ + #if ENABLE_IP_PKTINFO /* Both PROTO_UDPv4 and PROTO_UDPv6 */ if (sock->info.proto == PROTO_UDP && sock->sockflags & SF_USE_IP_PKTINFO) diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index 05c31b10..3b9c1ba3 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -1058,7 +1058,11 @@ link_socket_read(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *from) { +#ifdef _WIN32 if (proto_is_udp(sock->info.proto) || sock->dco_installed) +#else + if (proto_is_udp(sock->info.proto)) +#endif /* unified UDPv4 and UDPv6, for DCO the kernel * will strip the length header */ {