mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph Wu <jos...@mesosphere.io>
Subject Re: Review Request 51509: Fixed potential FD double close in the libevent socket.
Date Mon, 12 Sep 2016 20:01:06 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51509/
-----------------------------------------------------------

(Updated Sept. 12, 2016, 1:01 p.m.)


Review request for mesos, Benjamin Mahler, Artem Harutyunyan, and Joris Van Remoortere.


Changes
-------

Added TODO with some details on the Libevent code we would use.


Bugs: MESOS-6104
    https://issues.apache.org/jira/browse/MESOS-6104


Repository: mesos


Description
-------

`evbuffer_add_file` will take ownership of the file descriptor passed
into it.  Normally, this file descriptor is owned by the `FileEncoder`
in the libprocess's `SocketManager`.  Since there are two owners, one
of the owners may close the file descriptor when it has been re-used.

In this case, when multiple threads access the master's web UI at once
with SSL enabled, the master may CHECK-fail due to a bad (closed)
file descriptor.


Diffs (updated)
-----

  3rdparty/libprocess/src/libevent_ssl_socket.cpp 99a12b81eea9c37278b6db0bfedf4b151ff8ed50


Diff: https://reviews.apache.org/r/51509/diff/


Testing
-------

The master will CHECK fail under the following:

1) Paste lots of text (16KB or more) of text into `src/webui/master/static/home.html`.  The
more text, the more reliable the repro.

2) Start the master with SSL enabled:
```
LIBPROCESS_SSL_ENABLED=true LIBPROCESS_SSL_KEY_FILE=key.pem LIBPROCESS_SSL_CERT_FILE=cert.pem
bin/mesos-master.sh --work_dir=/tmp/master
```

3) Run two instances of this python script repeatedly:
```
import socket
import ssl

s = ssl.wrap_socket(socket.socket())
s.connect(("localhost", 5050))

s.sendall("""GET /static/home.html HTTP/1.1
User-Agent: foobar
Host: localhost:5050
Accept: */*
Connection: Keep-Alive

""")

# The HTTP part of the response
print s.recv(1000)
```

i.e. 
```
while python test.py; do :; done & while python test.py; do :; done
```


Thanks,

Joseph Wu


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message