Red Hat Bugzilla – Bug 1148772
vdsm: ssl_accept may block connections on uncompleted handshake
Last modified: 2016-02-10 14:16:36 EST
bug doesn't have patch d/s attached, moving to POST. 3.4.4 build was delivered already, please move to 3.4.5
Created attachment 955847 [details] Patch for 3.4.4
fix is in - you can check on the gitweb it's tagged for av13.1: https://gerrit.eng.lab.tlv.redhat.com/gitweb?p=vdsm.git;a=shortlog;h=av13.1
So if you don't have any comments regarding how the test was performed, then the fix must be incomplete on 3.4. Moving to assinged.
There was subtle difference between master and 3.4 which was missed during backport. The code properly timed out but did not close the socket.
Still not fixed the same was as on 3.5. In vdsm-4.14.18-3.el6ev.x86_64, the connection still remains open until closed from the client side, but there was as change in vdsm-4.14.18-3.el6ev.x86_64. There's probably some timeout taken into account. In about three seconds after the connection is opened, following traceback appears in the vdsm.log. BindingXMLRPC::ERROR::2014-11-20 14:42:32,750::BindingXMLRPC::84::vds::(threaded_start) xml-rpc handler exception Traceback (most recent call last): File "/usr/share/vdsm/BindingXMLRPC.py", line 80, in threaded_start self.server.handle_request() File "/usr/lib64/python2.6/SocketServer.py", line 278, in handle_request self._handle_request_noblock() File "/usr/lib64/python2.6/SocketServer.py", line 288, in _handle_request_noblock request, client_address = self.get_request() File "/usr/lib64/python2.6/SocketServer.py", line 456, in get_request return self.socket.accept() File "/usr/lib64/python2.6/site-packages/vdsm/SecureXMLRPCServer.py", line 144, in accept client_socket.close() NameError: global name 'client_socket' is not defined
The fix was developed on machine with installed vdsm and it was carelessly moved to IDE.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2014-1946.html