From patchwork Thu Dec 22 09:53:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 2933 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp149545dyk; Thu, 22 Dec 2022 02:06:47 -0800 (PST) X-Google-Smtp-Source: AMrXdXtEZeZVZGKMTGF48V7XorsWMCWQGQ6a1SG3i79DQqa7Yvx9k5d5dztoPU/DUIEyJxMVYQ7+ X-Received: by 2002:a05:6a21:1509:b0:a7:c9a:73c with SMTP id nq9-20020a056a21150900b000a70c9a073cmr7404742pzb.2.1671703606951; Thu, 22 Dec 2022 02:06:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671703606; cv=none; d=google.com; s=arc-20160816; b=1Eell0S7y0EpsINSX83dgGPxAXEJfG0Y4DlpZxCK4pQTXStcvzyo5DezDk2NImCUvz pcYvKqOVjTIXY/6mVcMfn/gSyzmZnr7l6zRRdscs5GMX27e6kQtaAQrTOUXa+2FDrwbz Kkj2Rs2VSsei7ZyS3R1ORAYeXaqz6ro1i7qB7ShCSTcJu4ATeAc49cKc/+OsLMDxWVf8 HLO7bYPS+f5jIQDXC+MPvZLuPe0AMiFKNcaQd210wkvk1O3GJYqhk/UbA5JuTngrNh8W /+gao1fJ/2bRRyO8NkZtlnvCLcBkL2CxQeOPmx3eZj4vGipblUqDvzdoT3wwfftdte5u xxbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature; bh=CvEh8PnPyYtGewSj5CKg4YAgw38wOP//oEb5dT61Uo8=; b=IkxjP9YywZpF2XYQAmzDqfBukNtKe+e2vgCgHeILT81fl5ZhiThNymg1JjmyKSuGd3 RteWxr6g9ACshMwufAN7KQtcT2ezwVBBV9RwqurDi6HdgIyACVWC2NpJAU7khc6HL0ip 2mjmPYNOyvmQBsSCKRUVPr/gYtNoAgFXjRA6rA5dFtxXSlsPo+RKSTJHpNw8gBB6TkVg u44tn6uomgecdU5+kdd4T/8dR2HAjWNO/1nsiFxwZlwdkAZATuB6lthzEMDcM26pQsC+ iOtadhGBgadyEKn1zqqR4pSHbO6KgXQD2ERO5GeNyF39Q0AJDryzTuAQquhKzg5ginyB D02w== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=FRywHWXS; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=SUzyTppW; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 26-20020a63185a000000b00477cd382329si447433pgy.56.2022.12.22.02.06.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Dec 2022 02:06:46 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=FRywHWXS; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=SUzyTppW; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p8ISt-0004mw-At; Thu, 22 Dec 2022 10:06:15 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p8ISp-0004mX-0W for openvpn-devel@lists.sourceforge.net; Thu, 22 Dec 2022 10:06:11 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=iYGk+yjb+M+EJ78F+9jssC37VXoBOaLBos9DWqOjWTQ=; b=FRywHWXSFzhsKt5BYyS+qrzQon xJNBntfpup3zRSfWe6TyQb8LidrQkhll6cxVQ6hHK+aDRTbJVlKArj8pPUertvxWhoH1jsPgJ8ZdP Ug+KnRV6l2Y+Wvi0E0RkQpvxsPpJYZwbgul8+htCFLPC+Dx64+xK81jsv2C94/8f5svI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=iYGk+yjb+M+EJ78F+9jssC37VXoBOaLBos9DWqOjWTQ=; b=S UzyTppW8kJJ8i8DTx9tuNFMWG8zZ+BWczmOgtWhVgOIl+XBn3YIB1tKURWg2RfiNzP/30YcqiEhAe mKUJAbyxfolrReK1wZNpy2Od/2bey2juLc8Q5f1dJCV2zvssGEPbrHSQFbYBvfbROhtVTwn7EgEXQ 7WSwuOVn/sxrqCx8=; Received: from vmail1.greenie.net ([195.30.8.66]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p8ISn-007c80-0A for openvpn-devel@lists.sourceforge.net; Thu, 22 Dec 2022 10:06:10 +0000 Received: from ubuntu2004.ov.greenie.net (ubuntu2004.ov.greenie.net [IPv6:2001:608:1:995a:250:56ff:febb:2084]) by vmail1.greenie.net (8.17.1/8.16.1) with SMTP id 2BM9rner027006; Thu, 22 Dec 2022 10:53:49 +0100 (CET) Received: (nullmailer pid 1662734 invoked by uid 1000); Thu, 22 Dec 2022 09:53:49 -0000 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 22 Dec 2022 10:53:48 +0100 Message-Id: <20221222095349.1662685-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (vmail1.greenie.net [IPv6:2001:608:1:995a:20c:29ff:feb8:10eb]); Thu, 22 Dec 2022 10:53:49 +0100 (CET) X-Spam-Score: -2.0 (--) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: TCP multipoint servers with Linux-DCO can crash under yet-unknown circumstances where a TCP socket gets handed to the kernel (= userland shall not acceess it again) but the socket still lands in the e [...] Content analysis details: (-2.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [195.30.8.66 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1p8ISn-007c80-0A Subject: [Openvpn-devel] [PATCH] bandaid fix for TCP multipoint server crash with Linux-DCO X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1752908281270112800?= X-GMAIL-MSGID: =?utf-8?q?1752908281270112800?= TCP multipoint servers with Linux-DCO can crash under yet-unknown circumstances where a TCP socket gets handed to the kernel (= userland shall not acceess it again) but the socket still lands in the event polling mechanism, and is passed to link_socket_read() with sock->fd being "-1" (SOCKET_UNDEFINED). This is a bug, but it happens very unfrequently so not fixed yet. When this happens, the server gets stuck in an endless loop of "trying recvfrom(-1, ..), getting an error, looging that error, continue" until the server's disk is full. The situation is being made a bit more complex by the dco-win approach of treating "all kernel sockets as UDP", so the Linux implementation tries to access the -1 socket as UDP, confusing the picture more. As a bandaid to avoid the crash, this patch changes - socket.h: only do the "if dco_installed, treat as UDP" for WIN32 (link_socket_read()) - socket.c: add ASSERT(sock->fd >= 0); checks to all UDP socket paths (we should never even hit those as this is a TCP specific problem, but in the "sock->fd = -1" case, doing a clean server abort is preferred to "the disk is full with non-helpful logfiles, and then the server crashes anyway") - socket.c: in the TCP read function, link_socket_read_tcp(), check for sock->fd < 0 and trigger "sock->stream_reset = true" (+ write to the log what happened). This change will kill this particular TCP client instance (SIGTERM), but leave the rest of the server running fine - and given that in our tests this issue seems to be triggered by inbound TCP RST in just the wrong moment, so the TCP connection is gone anyway, it seems to be "a properly-sized bandaid". Github: OpenVPN/openvpn#190 Reported-by: Bernhard Schmidt Signed-off-by: Gert Doering Acked-By: Arne Schwabe --- src/openvpn/socket.c | 12 ++++++++++++ src/openvpn/socket.h | 4 ++++ 2 files changed, 16 insertions(+) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 82787f9f..a4736cc7 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -3226,6 +3226,13 @@ link_socket_read_tcp(struct link_socket *sock, { int len = 0; + if (sock->sd == SOCKET_UNDEFINED) /* DCO mishap */ + { + msg(M_INFO, "BUG: link_socket_read_tcp(): sock->sd==-1, reset client instance" ); + sock->stream_reset = true; /* reset client instance */ + return buf->len = 0; /* nothing to read */ + } + if (!sock->stream_buf.residual_fully_formed) { #ifdef _WIN32 @@ -3285,6 +3292,8 @@ link_socket_read_udp_posix_recvmsg(struct link_socket *sock, struct msghdr mesg; socklen_t fromlen = sizeof(from->dest.addr); + ASSERT(sock->sd >= 0); /* can't happen */ + iov.iov_base = BPTR(buf); iov.iov_len = buf_forward_capacity_total(buf); mesg.msg_iov = &iov; @@ -3351,6 +3360,9 @@ link_socket_read_udp_posix(struct link_socket *sock, socklen_t fromlen = sizeof(from->dest.addr); socklen_t expectedlen = af_addr_size(sock->info.af); addr_zero_host(&from->dest); + + ASSERT(sock->sd >= 0); /* can't happen */ + #if ENABLE_IP_PKTINFO /* Both PROTO_UDPv4 and PROTO_UDPv6 */ if (sock->info.proto == PROTO_UDP && sock->sockflags & SF_USE_IP_PKTINFO) diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index 929ef818..2718506d 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -1058,8 +1058,12 @@ link_socket_read(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *from) { +#ifdef _WIN32 if (proto_is_udp(sock->info.proto) || sock->info.lsa->actual.dco_installed) +#else + if (proto_is_udp(sock->info.proto)) +#endif /* unified UDPv4 and UDPv6, for DCO the kernel * will strip the length header */ {