[Dovecot] v2.0.13 problems after kernel patch for CVE-2011-1083 applied on Centos 5
Doug Henderson
dhenderson at mediatemple.net
Sat Feb 25 00:49:50 EET 2012
Greetings,
This email is both a request for assistance/help and a heads-up.
[8irgehuq] CVE-2011-1083: Algorithmic denial of service in epoll.
After ksplice automatically installed the above patch on our mail servers, most/all IMAP/POP3 connections began experiencing time-outs trying to connect, or extreme timeouts in the auth procedure.
dovecot: imap-login: Disconnected (no auth attempts): rip=a.a.a.a, lip=b.b.b.b, TLS handshaking: Disconnected
dovecot: pop3-login: Disconnected (no auth attempts): rip=a.a.a.a, lip=b.b.b.b, TLS handshaking: Disconnected
dovecot: pop3-login: Panic: epoll_ctl(add, 6) failed: Invalid argument
dovecot: pop3-login: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x3cb543baa0] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3cb543baf6] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3cb543afb3] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handle_add+0x118) [0x3cb5447708] -> /usr/lib64/dovecot/libdovecot.so.0(io_add+0xa5) [0x3cb5446e15] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_init_finish+0x1c6) [0x3cb54355a6] -> /usr/lib64/dovecot/libdovecot-login.so.0(main+0x136) [0x37a000bdf6] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x3cb301d994] -> dovecot/pop3-login(main+0x49) [0x401b99]
dovecot: master: Error: service(pop3-login): child 27603 killed with signal 6 (core not dumped - add -D parameter to service pop3-login { executable }
dovecot: master: Error: service(pop3-login): command startup failed, throttling
dovecot: imap-login: Panic: epoll_ctl(add, 6) failed: Invalid argument
dovecot: imap-login: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0 [0x3cb543baa0] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3cb543baf6] -> /usr/lib64/dovecot/libdovecot.so.0 [0x3cb543afb3] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handle_add+0x118) [0x3cb5447708] -> /usr/lib64/dovecot/libdovecot.so.0(io_add+0xa5) [0x3cb5446e15] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_init_finish+0x1c6) [0x3cb54355a6] -> /usr/lib64/dovecot/libdovecot-login.so.0(main+0x136) [0x37a000bdf6] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x3cb301d994] -> dovecot/imap-login(main+0x39) [0x402069]
dovecot: master: Error: service(imap-login): child 27604 killed with signal 6 (core not dumped - add -D parameter to service imap-login { executable }
Once this patch was removed, everything started working again.
Is it possible that dovecot is trying to re-add already-added connections to the polling list - which this specific 'patch' prevents?
We haven't dug deeper yet, but the error is being thrown from the method io_loop_handle_add in ioloop-epoll.c
http://hg.dovecot.org/dovecot-2.0/file/aa8dfa085a99/src/lib/ioloop-epoll.c
Thanks
Doug
More information about the dovecot
mailing list