Bug 1148772
| Summary: | vdsm: ssl_accept may block connections on uncompleted handshake | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | rhev-integ | ||||
| Component: | vdsm | Assignee: | Piotr Kliczewski <pkliczew> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Petr Beňas <pbenas> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 3.4.0 | CC: | aberezin, bazulay, danken, ecohen, eedri, gklein, iheim, lpeer, lsurette, oourfali, pkliczew, pstehlik, wmealing, ybronhei, yeylon | ||||
| Target Milestone: | --- | Keywords: | ZStream | ||||
| Target Release: | 3.4.4 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | infra | ||||||
| Fixed In Version: | vdsm-4.14.18-4.el6ev | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | 1148688 | Environment: | |||||
| Last Closed: | 2014-12-02 20:27:21 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1148688 | ||||||
| Bug Blocks: | 1133612, 1150813 | ||||||
| Attachments: |
|
||||||
|
Comment 1
Eyal Edri
2014-11-07 16:45:32 UTC
Created attachment 955847 [details]
Patch for 3.4.4
fix is in - you can check on the gitweb it's tagged for av13.1: https://gerrit.eng.lab.tlv.redhat.com/gitweb?p=vdsm.git;a=shortlog;h=av13.1 So if you don't have any comments regarding how the test was performed, then the fix must be incomplete on 3.4. Moving to assinged. There was subtle difference between master and 3.4 which was missed during backport. The code properly timed out but did not close the socket. Still not fixed the same was as on 3.5.
In vdsm-4.14.18-3.el6ev.x86_64, the connection still remains open until closed from the client side, but there was as change in vdsm-4.14.18-3.el6ev.x86_64.
There's probably some timeout taken into account. In about three seconds after the connection is opened, following traceback appears in the vdsm.log.
BindingXMLRPC::ERROR::2014-11-20 14:42:32,750::BindingXMLRPC::84::vds::(threaded_start) xml-rpc handler exception
Traceback (most recent call last):
File "/usr/share/vdsm/BindingXMLRPC.py", line 80, in threaded_start
self.server.handle_request()
File "/usr/lib64/python2.6/SocketServer.py", line 278, in handle_request
self._handle_request_noblock()
File "/usr/lib64/python2.6/SocketServer.py", line 288, in _handle_request_noblock
request, client_address = self.get_request()
File "/usr/lib64/python2.6/SocketServer.py", line 456, in get_request
return self.socket.accept()
File "/usr/lib64/python2.6/site-packages/vdsm/SecureXMLRPCServer.py", line 144, in accept
client_socket.close()
NameError: global name 'client_socket' is not defined
The fix was developed on machine with installed vdsm and it was carelessly moved to IDE. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2014-1946.html |