We introduced a control socket in rdesktop in order to do session sharing. Igge managed to get rdesktop into a tight loop, eating 100% CPU, and the socket is involved: 8253 johig 20 0 557m 7032 1656 R 100.3 0.1 51:17.83 rdesktop [root@castro ~]# strace -p 8253 Process 8253 attached - interrupt to quit recvfrom(6, "", 1024, 0, NULL, NULL) = 0 recvfrom(9, "", 1024, 0, NULL, NULL) = 0 recvfrom(4, 0x2799cc4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) select(10, [3 4 5 6 9], [], NULL, {0, 200000}) = 2 (in [6 9], left {0, 199997}) recvfrom(6, "", 1024, 0, NULL, NULL) = 0 recvfrom(9, "", 1024, 0, NULL, NULL) = 0 recvfrom(4, 0x2799cc4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) select(10, [3 4 5 6 9], [], NULL, {0, 200000}) = 2 (in [6 9], left {0, 199996}) recvfrom(6, "", 1024, 0, NULL, NULL) = 0 recvfrom(9, "", 1024, 0, NULL, NULL) = 0 recvfrom(4, 0x2799cc4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) select(10, [3 4 5 6 9], [], NULL, {0, 200000}) = 2 (in [6 9], left {0, 199996}) recvfrom(6, "", 1024, 0, NULL, NULL) = 0 recvfrom(9, "", 1024, 0, NULL, NULL) = 0 recvfrom(4, 0x2799cc4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) select(10, [3 4 5 6 9], [], NULL, {0, 200000}) = 2 (in [6 9], left {0, 199996}) recvfrom(6, "", 1024, 0, NULL, NULL) = 0 recvfrom(9, "", 1024, 0, NULL, NULL) = 0 recvfrom(4, 0x2799cc4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) select(10, [3 4 5 6 9], [], NULL, {0, 200000}) = 2 (in [6 9], left {0, 199996}) recvfrom(6, "", 1024, 0, NULL, NULL) = 0 recvfrom(9, "", 1024, 0, NULL, NULL) = 0 recvfrom(4, 0x2799cc4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) select(10, [3 4 5 6 9], [], NULL, {0, 200000}) = 2 (in [6 9], left {0, 199996}) recvfrom(6, "", 1024, 0, NULL, NULL) = 0 recvfrom(9, "", 1024, 0, NULL, NULL) = 0 recvfrom(4, 0x2799cc4, 4096, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable) ^CProcess 8253 detached [root@castro ~]# ll /proc/8253/fd total 0 lr-x------. 1 johig johig 64 Nov 13 10:23 0 -> pipe:[2784234325] l-wx------. 1 johig johig 64 Nov 13 10:23 1 -> /var/opt/thinlinc/sessions/johig/1/xinit.log l-wx------. 1 johig johig 64 Nov 13 10:23 2 -> pipe:[2784234326] lrwx------. 1 johig johig 64 Nov 13 10:23 3 -> socket:[2784234332] lrwx------. 1 johig johig 64 Nov 13 10:23 4 -> socket:[2784234333] lrwx------. 1 johig johig 64 Nov 13 10:23 5 -> socket:[2616342855] lrwx------. 1 johig johig 64 Nov 13 10:22 6 -> socket:[2616342202] lr-x------. 1 johig johig 64 Nov 13 10:23 7 -> pipe:[2784234295] l-wx------. 1 johig johig 64 Nov 13 10:23 8 -> pipe:[2784234295] lrwx------. 1 johig johig 64 Nov 13 10:22 9 -> socket:[2616342223] [root@castro ~]# ll /proc/8253/fd^C [root@castro ~]# netstat -ne |grep 2616342202 unix 2 [ ] STREAM CONNECTED 2616342202 /home/johig/.local/share/rdesktop/ctrl/2e1aeb3a90302808c9e0bd303f20140c86d976f6.ctl [root@castro ~]# netstat -ne |grep 2616342223 unix 2 [ ] STREAM CONNECTED 2616342223 /home/johig/.local/share/rdesktop/ctrl/2e1aeb3a90302808c9e0bd303f20140c86d976f6.ctl Since recvfrom() returns 0, I guess the socket is simply closed and we do not handle this common case?
Also, why are there two open connections?
I found the cause (a creepy typo), when ctrl client disconnects the ctrl socket is not cleaned up from ctrl clients list. Upstream commit 1749 fixes this issue.
Vendordrop of upstream in commit 28197
Difficult to reproduce, but code makes sense, and basic functionality works on 2008R2.
