On 25.2.2012, at 0.49, Doug Henderson wrote: > [8irgehuq] CVE-2011-1083: Algorithmic denial of service in epoll. > > After ksplice automatically installed the above patch on our mail servers, > most/all IMAP/POP3 connections began experiencing time-outs trying to > connect, or extreme timeouts in the auth procedure.
I'd guess this patch is already in new Linux kernel versions, so other people should have seen any problems caused by it? > dovecot: pop3-login: Panic: epoll_ctl(add, 6) failed: Invalid argument .. > Once this patch was removed, everything started working again. > > Is it possible that dovecot is trying to re-add already-added connections to > the polling list - which this specific 'patch' prevents? It shouldn't be possible .. EPOLL_CTL_ADD is done only once, EPOLL_CTL_MOD is done afterwards. And if the same fd is attempted to be added/modded twice, Dovecot should assert-crash first in ioloop_iolist_add().
