On 12/27/15 21:51, Guido Witmond wrote:
So more like a Request of Death.
It had! See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5533
"The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header. "
I don't have any packet captures to prove I got hit by those, but anyway, I've upgraded to lighttpd 1.4.38. Which is here: https://github.com/gwitmond/genode/commit/074130
However, I still experience the hangs. :-(
Could it have to do with the remark by ChristianH: [1] "This hints we may have an issue with our file descriptor handling on poll/select."
I have reasons to believe the system is busy waiting instead of polling. The power usage monitor shows a constant 56.8 Watts when running Fiasco.OC with lightttpd and a mere 43.6 when running linux. A cpuburn at one cpu reaches just 1 watt less than Genode.
Is this polling to be expected from Fiasco.OC with debug mode enabled? Is Genode smart enough to prevent busy loops or is it worth investigation as a cause for the hangs?
Cheers, Guido.
1: https://github.com/genodelabs/genode/issues/987#issuecomment-129775238