From: Dominik Csapak <d.csapak@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox] rest-server: connection: fix busy waiting on closed connections pre tls
Date: Wed, 13 Nov 2024 11:35:19 +0100 [thread overview]
Message-ID: <20241113103519.1498601-1-d.csapak@proxmox.com> (raw)
when a connection is closed before we have enough data to determine
if it's tls or not, the socket stays in a readable state.
Sadly, the tokio timeout we use here gets starved by the async_io
callback.
To fix this, save the amount of bytes peek returned and if they did not
change between invocations of the callback, we assume that the
connection was closed and exit with an error.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
proxmox-rest-server/src/connection.rs | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/proxmox-rest-server/src/connection.rs b/proxmox-rest-server/src/connection.rs
index 3815a8f4..4fed84b1 100644
--- a/proxmox-rest-server/src/connection.rs
+++ b/proxmox-rest-server/src/connection.rs
@@ -477,6 +477,7 @@ impl AcceptBuilder {
const HANDSHAKE_BYTES_LEN: usize = 5;
let future = async {
+ let mut old_peek_len = 0;
incoming_stream
.async_io(tokio::io::Interest::READABLE, || {
let mut buf = [0; HANDSHAKE_BYTES_LEN];
@@ -491,6 +492,8 @@ impl AcceptBuilder {
let peek_res = std_stream.peek(&mut buf);
+ std_stream.read(buf)
+
match peek_res {
// If we didn't get enough bytes, raise an EAGAIN / EWOULDBLOCK which tells
// tokio to await the readiness of the socket again. This should normally
@@ -500,7 +503,14 @@ impl AcceptBuilder {
// This means we will peek into the stream's queue until we got
// HANDSHAKE_BYTE_LEN bytes or an error.
Ok(peek_len) if peek_len < HANDSHAKE_BYTES_LEN => {
- Err(io::ErrorKind::WouldBlock.into())
+ // if we detect the same peek len again but still got a readable
+ // stream, the connection was probably closed, so abort here
+ if peek_len == old_peek_len {
+ Err(io::ErrorKind::UnexpectedEof.into())
+ } else {
+ old_peek_len = peek_len;
+ Err(io::ErrorKind::WouldBlock.into())
+ }
}
// Either we got Ok(HANDSHAKE_BYTES_LEN) or some error.
res => res.map(|_| contains_tls_handshake_fragment(&buf)),
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next reply other threads:[~2024-11-13 10:35 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-13 10:35 Dominik Csapak [this message]
2024-11-13 10:40 ` Dominik Csapak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241113103519.1498601-1-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox