[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] fix for ssh zombies introduced with r35533

From: Kyle McKay <mackyle_at_gmail.com>
Date: Mon, 20 Apr 2009 19:46:22 -0700

James,

Thanks for your details. I can now reproduce the problem you describe
provided I'm using a version of OpenSSH sshd that does not contain the
fix for OpenSSH Bug 85 and the ssh client connects to it using
Protocol 2:

   https://bugzilla.mindrot.org/show_bug.cgi?id=85

The bug is actually endemic to the sshd code, not the ssh code.

To test whether or not any particular sshd suffers from the bug, do
this:

ssh -2 <ssh_host_to_test> yes | true

If after responding to any prompts/entering any passwords, the
connection hangs, the sshd server at <ssh_host_to_test> suffers from
the bug. Note that the client must connect with Protocol 2 (which is
generally the default nowadays). If the client connects with Protocol
1 (which is often disabled nowadays), the bug does not happen.

Some results:

       Up-to-date Ubuntu 8.10: Bug 85 fixed
   Up-to-date Mac OS X 10.5.6: Bug 85 PRESENT
     Up-to-date MacPorts sshd: Bug 85 fixed

The other reason I wasn't able to duplicate the bug initially is that
apparently the following:

   svn log svn+ssh://<some_host>/<some_repos> | head

has a race condition. If the results coming back from the remote
svnserve -t instance manage to be sent completely and buffered in
memory before head closes the pipe, you don't see a problem.

For example this often demonstrates the problem:

   svn log svn+ssh://<some_host>/<some_repos> | true

whereas this often does not (provided you wait patiently for sleep to
exit without interrupting it):

   svn log svn+ssh://<some_host>/<some_repos> | sleep 15

So to sum it up, the problem is an already-fixed OpenSSH bug distinct
from Subversion issue 2580. Fixing Subversion issue 2580 merely
exposes the OpenSSH bug (provided you have an old sshd that doesn't
contain the fix).

The patch I added to 2580 is not intended to fix the OpenSSH problem,
it is only intended to eliminate the zombie problem introduced by
change 35533.

Whether or not to fix the zombie problem (it should definitely be
fixed ASAP) is a different issue from whether or not to revert support
for issue 2580. Deciding to revert issue 2580 support also happens to
fix the zombie problem.

Kyle

On Apr 19, 2009, at 20:52, James Y Knight wrote:
> On Apr 19, 2009, at 10:45 PM, Kyle McKay wrote:
>
>> I cannot duplicate the problem described by James using the released
>> version of Subversion 1.6.1 with the patch I attached to issue 2580
>> applied:
>>
>> http://subversion.tigris.org/issues/show_bug.cgi?id=2580
>
> I see the issue both with and without your patch attached to issue
> 2580 applied, which is to be expected, as your patch does not
> attempt to fix anything but the issue of "zombie" processes. These
> aren't zombie processes, but real ssh processes sitting around doing
> nothing long after the svn process has disappeared.

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=1835186
Received on 2009-04-21 08:06:30 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.