Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1148772 - vdsm: ssl_accept may block connections on uncompleted handshake
vdsm: ssl_accept may block connections on uncompleted handshake
Status: CLOSED ERRATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: vdsm (Show other bugs)
3.4.0
Unspecified Unspecified
unspecified Severity high
: ---
: 3.4.4
Assigned To: Piotr Kliczewski
Petr Beňas
infra
: ZStream
Depends On: 1148688
Blocks: 1133612 1150813
  Show dependency treegraph
 
Reported: 2014-10-02 06:20 EDT by rhev-integ
Modified: 2016-02-10 14:16 EST (History)
15 users (show)

See Also:
Fixed In Version: vdsm-4.14.18-4.el6ev
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1148688
Environment:
Last Closed: 2014-12-02 15:27:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch for 3.4.4 (1.96 KB, application/mbox)
2014-11-10 09:50 EST, Piotr Kliczewski 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 33611 None None None Never
oVirt gerrit 33643 None None None Never
oVirt gerrit 33644 ovirt-3.4 MERGED ssl: ssl_accept blocks after reboot Never
oVirt gerrit 35227 ovirt-3.4 MERGED ssl: accept_ssl needs to close socket Never
Red Hat Product Errata RHBA-2014:1946 normal SHIPPED_LIVE vdsm 3.4.4 bug fix and enhancement update 2014-12-02 20:26:44 EST

  None (edit)
Comment 1 Eyal Edri 2014-11-07 11:45:32 EST 
bug doesn't have patch d/s attached, moving to POST.
3.4.4 build was delivered already, please move to 3.4.5
Comment 2 Piotr Kliczewski 2014-11-10 09:50:29 EST 
Created attachment 955847 [details]
Patch for 3.4.4
Comment 6 Eyal Edri 2014-11-13 11:22:04 EST 
fix is in - you can check on the gitweb it's tagged for av13.1:

https://gerrit.eng.lab.tlv.redhat.com/gitweb?p=vdsm.git;a=shortlog;h=av13.1
Comment 7 Petr Beňas 2014-11-14 07:04:35 EST 
So if you don't have any comments regarding how the test was performed, then the fix must be incomplete on 3.4. Moving to assinged.
Comment 8 Piotr Kliczewski 2014-11-14 08:43:29 EST 
There was subtle difference between master and 3.4 which was missed during backport. The code properly timed out but did not close the socket.
Comment 9 Petr Beňas 2014-11-20 08:43:33 EST 
Still not fixed the same was as on 3.5. 
In vdsm-4.14.18-3.el6ev.x86_64, the connection still remains open until closed from the client side, but there was as change in vdsm-4.14.18-3.el6ev.x86_64.
There's probably some timeout taken into account. In about three seconds after the connection is opened, following traceback appears in the vdsm.log. 

BindingXMLRPC::ERROR::2014-11-20 14:42:32,750::BindingXMLRPC::84::vds::(threaded_start) xml-rpc handler exception
Traceback (most recent call last):
  File "/usr/share/vdsm/BindingXMLRPC.py", line 80, in threaded_start
    self.server.handle_request()
  File "/usr/lib64/python2.6/SocketServer.py", line 278, in handle_request
    self._handle_request_noblock()
  File "/usr/lib64/python2.6/SocketServer.py", line 288, in _handle_request_noblock
    request, client_address = self.get_request()
  File "/usr/lib64/python2.6/SocketServer.py", line 456, in get_request
    return self.socket.accept()
  File "/usr/lib64/python2.6/site-packages/vdsm/SecureXMLRPCServer.py", line 144, in accept
    client_socket.close()
NameError: global name 'client_socket' is not defined
Comment 10 Piotr Kliczewski 2014-11-20 10:00:06 EST 
The fix was developed on machine with installed vdsm and it was carelessly moved to IDE.
Comment 13 errata-xmlrpc 2014-12-02 15:27:21 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2014-1946.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.