[Bug 2565] High baud rate gets sent, solaris closes pty

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Jul 20 13:48:15 AEST 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2565

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au

--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to Damien Miller from comment #1)
> does setting ospeed actually do anything on a PTY? AFAIK it doesn't
> on OS X, BSD or Linux.
> 
> If the terminal is being closed as a result of a failed
> cfsetispeed() call then that indicates a kernel or (possibly) libc
> problem - ssh doesn't exit when that fails, it just logs an error
> and continues.

I can reproduce this with an OpenBSD client and Solaris 11 server.  The
cfsetispeed succeeds but it looks like the data from the pty slave
never makes it back to the master.

truss'ing (with -v pollsys) sshd then hitting enter ends with
(lwp_sigmask calls elided):
21585:  write(2, " [ d t u c k e r @ s o l".., 19)      = 19
21583:   pollsys(0x08047890, 2, 0x00000000, 0x00000000) (sleeping...)
21583:           fd=4  ev=POLLRDNORM rev=0
21583:           fd=6  ev=POLLRDNORM rev=0x814 
21583:  pollsys(0x08047000, 2, 0x00000000, 0x00000000) (sleeping...)
21585:  read(0, 0x080473AC, 1)          (sleeping...)

The pids are:
 dtucker 21585 21583   0 11:40:29 pts/2       0:00 -bash
    root 21580 21579   0 11:40:27 pts/1       0:00 sshd -d -p 2022 -R
 dtucker 21583 21580   0 11:40:29 pts/1       0:00 sshd -d -p 2022 -R

so we've got the shell writing the prompt to stderr then waiting for
input on stdin, which are the pty.  Looks reasonable.

The sshd post-auth privsep slave is blocked in poll (which is how
select is implemented on Solaris).

sshd's descriptors are:

$ sudo lsof -p 21583 
COMMAND  PID USER   FD   TYPE             DEVICE SIZE/OFF      NODE
NAME
[...]
sshd   21583 root    0u  VCHR              221,1          443220255
/dev/pts/1
sshd   21583 root    1u  VCHR              221,1          443220255
/dev/pts/1
sshd   21583 root    2u  VCHR              221,1          443220255
/dev/pts/1
sshd   21583 root    3r  DOOR                         0t0        46
/system/volatile/name_service_door (door to nscd[426])
(FA:->0xffffff00cf178700)
sshd   21583 root    4u  FIFO 0xffffff00dadd16c0      0t0    184434
(fifofs) PIPE->0xffffff00dadd1750
sshd   21583 root    5u  FIFO 0xffffff00dadd1750      0t0    184434
(fifofs) PIPE->0xffffff00dadd16c0
sshd   21583 root    6u  IPv4 0xffffff00ce59a100   0t5578       TCP
sol11.dtucker.net:2022->client.dtucker.net:31563 (ESTABLISHED)
sshd   21583 root    7u  VCHR              238,2           81265120
/devices/pseudo/clone at 0:ptm->ptm
sshd   21583 root   10u  VCHR              238,2           81265120
/devices/pseudo/clone at 0:ptm->ptm

So, sshd is waiting to read from the TCP connection or a pipe, but not
the pty master.  That seems odd.

For the record, sshd is blocking is in wait_until_can_do_something():

$ sudo gdb -q --args `pwd`/sshd -de -p 2022 -o
useprivilegeseparation=no -r
(gdb) set follow-fork child
(gdb) run
[...]
debug1: Setting controlling tty using TIOCSCTTY.
^C
Program received signal SIGINT, Interrupt.
0xfec78ec5 in __pollsys () from /lib/libc.so.1
(gdb) bt
#0  0xfec78ec5 in __pollsys () from /lib/libc.so.1
#1  0xfec664c6 in _pollsys () from /lib/libc.so.1
#2  0xfec233b8 in pselect () from /lib/libc.so.1
#3  0xfec236b9 in select () from /lib/libc.so.1
#4  0x08074bbb in wait_until_can_do_something (readsetp=0x80479f8, 
    writesetp=0x80479f4, maxfdp=0x80479f0, nallocp=0x80479ec,
max_time_ms=0)
    at ../../serverloop.c:370
#5  0x08075ce7 in server_loop2 (authctxt=0x814be78) at
../../serverloop.c:863
#6  0x08081a3b in do_authenticated2 (authctxt=0x814be78)
    at ../../session.c:2758
#7  0x0807be6c in do_authenticated (authctxt=0x814be78) at
../../session.c:271
#8  0x0806be26 in main (ac=7, av=0x81451a8) at ../../sshd.c:2324

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list