[Bug 194751] New: Calls to syslog() drop the first message sent after syslogd is restarted

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Nov 2 02:01:56 UTC 2014 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194751

            Bug ID: 194751
           Summary: Calls to syslog() drop the first message sent after
                    syslogd is restarted
           Product: Base System
           Version: 10.1-RC2
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: pjcreath+freebsd at gmail.com

Created attachment 148911
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=148911&action=edit
proposed patch

Issue:  Calls to syslog() drop the first message sent after syslogd is
restarted.


Effect:  Generally this results in only a single missing message, which is
easily overlooked.  However, some server daemons (such as afpd) are quiet until
they spawn their children, and the first message of each child is dropped,
since they inherit their parent's (broken) connection state.  In the case of
afpd, this means that all "Login by" messages are dropped after syslogd is
restarted.

This bug affects 9.1-RELEASE and all newer versions, up through at least
10.1-RC4.


Cause:

The following commit was in error and broke r14332:

<http://svnweb.FreeBSD.org/base?view=revision&revision=228193>:
'Tweak the r137233 fix to r136283 -- Code was making two send() attempts
vs. the comment documented "If we are working with a privileged socket,
then take only one attempt".  Make the code match.'

Unfortunately, the code was more correct than the rather ambiguous comment. 
The comment raises two cases:  #1 in which syslogd has been restarted, and #2
in which the socket buffers are full (a possible DoS).

To fully cover the case #1, we *need* to resend the message (just once) after
reconnection.

Furthermore, looking at the precursor to
<http://svnweb.FreeBSD.org/base?view=revision&revision=136283>, we see the
original intent of resending once ("one attempt") to address this case.


Turning toward the second half of the rationale for r228193:

'Furthermore, critical privileged applications that [over] log a vast amount
can look like a DoS to this code.  Given it's unlikely the single reattempted
send() will succeeded, avoid usurping the scheduler in a library API for a
single non-critical facility in critical applications.'

The confidence that the single reattempted send() is "unlikely" to succeed is
misplaced.  In the case where syslogd has been restarted, it will reliably
succeed.  However, as previously coded, the single resend was also being
attempted when the buffer was full, which is indeed unlikely to succeed.

Therefore, the proposed patch tries to reconnect and resend once if the failure
was not due to a full buffer, without involving the scheduler.  It also
corrects and clarifies the comment.  (An alternate approach would be to
refactor the code and comments to treat the two cases entirely separately, but
this patch aims for the fewest necessary code changes.)

This patch should be applicable to all affected releases (9.1-RELEASE and
newer).

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list