Quoting from the patch submitted: "...a deadlock bug in UNIX domain socket, which makes able to DoS attack against the local machine by non-root users. ... Why this happens: Error checks between unix_socket_connect() and unix_wait_for_peer() are inconsistent. The former calls the latter to wait until the backlog is processed. Despite the latter returns without doing anything when the socket is shutdown, the former doesn't check the shutdown state and just retries calling the latter forever." How to reproduce: 1. Make a listening AF_UNIX/SOCK_STREAM socket with an abstruct namespace(*), and shutdown(2) it. 2. Repeat connect(2)ing to the listening socket from the other sockets until the connection backlog is full-filled. 3. connect(2) takes the CPU forever. If every core is taken, the system hangs. Reproducer: http://patchwork.kernel.org/patch/54678/ You will need to add in the missing header files: #include <string.h> #include <stdio.h> #include <sys/un.h> #include <sys/types.h> #include <sys/socket.h>
Reproduced this issue on rhel-5 and fedora-11.
Thanks Eugene, I just committed the fix Dave Miller acked to the 3 current Fedora branches. regards, Kyle
upstream commit: http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=77238f2b942b38ab4e7f3aced44084493e4a8675
Created attachment 365339 [details] reproducer $ gcc rep.c -o rep $ for i in {1..XX} ; do ./rep & done # substitute XX for a number of cpus
This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2009:1540 https://rhn.redhat.com/errata/RHSA-2009-1540.html
kernel-2.6.30.9-96.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/kernel-2.6.30.9-96.fc11
kernel-2.6.27.38-170.2.113.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/kernel-2.6.27.38-170.2.113.fc10
kernel-2.6.30.9-96.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
kernel-2.6.27.38-170.2.113.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1671 https://rhn.redhat.com/errata/RHSA-2009-1671.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1670 https://rhn.redhat.com/errata/RHSA-2009-1670.html