about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJeff Law <law@redhat.com>2012-11-28 14:12:28 -0700
committerJeff Law <law@redhat.com>2012-11-28 14:16:12 -0700
commit14bc93a967e62abf8cf2704725b6f76619399f83 (patch)
tree80ddd44c7357253f59d6477ced8266856ee9d247
parentb54eb3cb0a4325975d9b82709865a055bc8da910 (diff)
downloadglibc-14bc93a967e62abf8cf2704725b6f76619399f83.tar.gz
glibc-14bc93a967e62abf8cf2704725b6f76619399f83.tar.xz
glibc-14bc93a967e62abf8cf2704725b6f76619399f83.zip
[BZ #14889]
        * sunrpc/rpc/svc.h (__svc_accept_failed): New prototype.
        * sunrpc/svc.c: Include time.h.
        (__svc_accept_failed): New function.
        * sunrpc/svc_tcp.c (rendezvous_request): If the accept fails for
        any reason other than EINTR, call __svc_accept_failed.
        * sunrpc/svc_udp.c (svcudp_recv): Similarly.
        * sunrpc/svc_unix.c (rendezvous_request): Similarly.
-rw-r--r--ChangeLog12
-rw-r--r--NEWS6
-rw-r--r--sunrpc/rpc/svc.h18
-rw-r--r--sunrpc/svc.c33
-rw-r--r--sunrpc/svc_tcp.c18
-rw-r--r--sunrpc/svc_udp.c25
-rw-r--r--sunrpc/svc_unix.c18
7 files changed, 127 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 14f81368d7..b74cde7e69 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2012-11-28  Jeff Law <law@redhat.com>
+	    Martin Osvald <mosvald@redhat.com>
+
+	[BZ #14889]
+	* sunrpc/rpc/svc.h (__svc_accept_failed): New prototype.
+	* sunrpc/svc.c: Include time.h.
+	(__svc_accept_failed): New function.
+	* sunrpc/svc_tcp.c (rendezvous_request): If the accept fails for
+	any reason other than EINTR, call __svc_accept_failed.
+	* sunrpc/svc_udp.c (svcudp_recv): Similarly.
+	* sunrpc/svc_unix.c (rendezvous_request): Similarly.
+
 2012-11-28  Andreas Schwab  <schwab@suse.de>
 
 	* scripts/abilist.awk: Also handle indirect functions in .opd
diff --git a/NEWS b/NEWS
index eb35f9d5b9..4a17295d41 100644
--- a/NEWS
+++ b/NEWS
@@ -21,7 +21,11 @@ Version 2.17
   14621, 14638, 14645, 14648, 14652, 14660, 14661, 14669, 14672, 14683,
   14694, 14716, 14719, 14743, 14767, 14783, 14784, 14785, 14793, 14796,
   14797, 14801, 14805, 14807, 14811, 14815, 14821, 14822, 14824, 14828,
-  14831, 14835, 14838, 14856, 14863, 14865, 14866, 14868, 14869, 14871.
+  14831, 14835, 14838, 14856, 14863, 14865, 14866, 14868, 14869, 14871,
+  14889.
+
+* CVE-2011-4609 svc_run() produces high cpu usage when accept fails with
+  EMFILE has been fixed (Bugzilla #14889).
 
 * The add-on ports collection is now distributed in the "ports" subdirectory
   of the main GNU C Library distribution, rather than separately.
diff --git a/sunrpc/rpc/svc.h b/sunrpc/rpc/svc.h
index 54d1ac14f1..58a5f7da95 100644
--- a/sunrpc/rpc/svc.h
+++ b/sunrpc/rpc/svc.h
@@ -1,6 +1,23 @@
 /*
  * svc.h, Server-side remote procedure call interface.
  *
+ * Copyright (C) 2012 Free Software Foundation, Inc.
+ * This file is part of the GNU C Library.
+ *
+ * The GNU C Library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * The GNU C Library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with the GNU C Library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
  * Copyright (c) 2010, Oracle America, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -316,4 +333,5 @@ extern SVCXPRT *svcunix_create (int __sock, u_int __sendsize, u_int __recvsize,
 
 __END_DECLS
 
+extern void __svc_accept_failed (void) attribute_hidden;
 #endif /* rpc/svc.h */
diff --git a/sunrpc/svc.c b/sunrpc/svc.c
index 103770a42c..736d4a974c 100644
--- a/sunrpc/svc.c
+++ b/sunrpc/svc.c
@@ -4,6 +4,23 @@
  * There are two sets of procedures here.  The xprt routines are
  * for handling transport handles.  The svc routines handle the
  * list of service routines.
+ *  Copyright (C) 2002-2012 Free Software Foundation, Inc.
+ *  This file is part of the GNU C Library.
+ *  Contributed by Ulrich Drepper <drepper@redhat.com>, 2002.
+ *
+ *  The GNU C Library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2.1 of the License, or (at your option) any later version.
+ *
+ *  The GNU C Library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with the GNU C Library; if not, see
+ *  <http://www.gnu.org/licenses/>.
  *
  * Copyright (c) 2010, Oracle America, Inc.
  *
@@ -41,6 +58,7 @@
 #include <rpc/svc.h>
 #include <rpc/pmap_clnt.h>
 #include <sys/poll.h>
+#include <time.h>
 
 #ifdef _RPC_THREAD_SAFE_
 #define xports RPC_THREAD_VARIABLE(svc_xports_s)
@@ -544,6 +562,21 @@ svc_getreq_common (const int fd)
 }
 libc_hidden_nolink_sunrpc (svc_getreq_common, GLIBC_2_2)
 
+/* If there are no file descriptors available, then accept will fail.
+   We want to delay here so the connection request can be dequeued;
+   otherwise we can bounce between polling and accepting, never giving the
+   request a chance to dequeue and eating an enormous amount of cpu time
+   in svc_run if we're polling on many file descriptors.  */
+void
+__svc_accept_failed (void)
+{
+  if (errno == EMFILE)
+    {
+      struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
+      __nanosleep (&ts, NULL);
+    }
+}
+
 #ifdef _RPC_THREAD_SAFE_
 
 void
diff --git a/sunrpc/svc_tcp.c b/sunrpc/svc_tcp.c
index eb615494d8..1fdb0ad2da 100644
--- a/sunrpc/svc_tcp.c
+++ b/sunrpc/svc_tcp.c
@@ -1,6 +1,23 @@
 /*
  * svc_tcp.c, Server side for TCP/IP based RPC.
  *
+ * Copyright (C) 2012 Free Software Foundation, Inc.
+ * This file is part of the GNU C Library.
+ *
+ * The GNU C Library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * The GNU C Library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with the GNU C Library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
  * Copyright (c) 2010, Oracle America, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -247,6 +264,7 @@ again:
     {
       if (errno == EINTR)
 	goto again;
+      __svc_accept_failed ();
       return FALSE;
     }
   /*
diff --git a/sunrpc/svc_udp.c b/sunrpc/svc_udp.c
index 6c4d75a814..3324e2a13e 100644
--- a/sunrpc/svc_udp.c
+++ b/sunrpc/svc_udp.c
@@ -3,6 +3,23 @@
  * Server side for UDP/IP based RPC.  (Does some caching in the hopes of
  * achieving execute-at-most-once semantics.)
  *
+ * Copyright (C) 2012 Free Software Foundation, Inc.
+ * This file is part of the GNU C Library.
+ *
+ * The GNU C Library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * The GNU C Library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with the GNU C Library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
  * Copyright (c) 2010, Oracle America, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -277,8 +294,12 @@ again:
 		       (int) su->su_iosz, 0,
 		       (struct sockaddr *) &(xprt->xp_raddr), &len);
   xprt->xp_addrlen = len;
-  if (rlen == -1 && errno == EINTR)
-    goto again;
+  if (rlen == -1)
+    {
+      if (errno == EINTR)
+	goto again;
+      __svc_accept_failed ();
+    }
   if (rlen < 16)		/* < 4 32-bit ints? */
     return FALSE;
   xdrs->x_op = XDR_DECODE;
diff --git a/sunrpc/svc_unix.c b/sunrpc/svc_unix.c
index 94507b2403..5c3184a5f5 100644
--- a/sunrpc/svc_unix.c
+++ b/sunrpc/svc_unix.c
@@ -1,6 +1,23 @@
 /*
  * svc_unix.c, Server side for TCP/IP based RPC.
  *
+ * Copyright (C) 2012 Free Software Foundation, Inc.
+ * This file is part of the GNU C Library.
+ *
+ * The GNU C Library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * The GNU C Library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with the GNU C Library; if not, see
+ * <http://www.gnu.org/licenses/>.
+ *
  * Copyright (c) 2010, Oracle America, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -244,6 +261,7 @@ again:
     {
       if (errno == EINTR)
 	goto again;
+      __svc_accept_failed ();
       return FALSE;
     }
   /*