diff options
Diffstat (limited to 'nscd/nscd_helper.c')
| -rw-r--r-- | nscd/nscd_helper.c | 253 |
1 files changed, 189 insertions, 64 deletions
diff --git a/nscd/nscd_helper.c b/nscd/nscd_helper.c index 0e16cb8aeb..71ea53e19d 100644 --- a/nscd/nscd_helper.c +++ b/nscd/nscd_helper.c @@ -1,4 +1,5 @@ -/* Copyright (C) 1998-2002, 2003, 2004 Free Software Foundation, Inc. +/* Copyright (C) 1998-2002,2003,2004,2005,2006,2007 + Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998. @@ -21,11 +22,14 @@ #include <errno.h> #include <fcntl.h> #include <stdbool.h> +#include <string.h> +#include <time.h> #include <unistd.h> #include <sys/mman.h> #include <sys/poll.h> #include <sys/socket.h> #include <sys/stat.h> +#include <sys/time.h> #include <sys/uio.h> #include <sys/un.h> #include <not-cancel.h> @@ -34,6 +38,64 @@ #include "nscd-client.h" +ssize_t +__readall (int fd, void *buf, size_t len) +{ + size_t n = len; + ssize_t ret; + do + { + ret = TEMP_FAILURE_RETRY (__read (fd, buf, n)); + if (ret <= 0) + break; + buf = (char *) buf + ret; + n -= ret; + } + while (n > 0); + return ret < 0 ? ret : len - n; +} + + +ssize_t +__readvall (int fd, const struct iovec *iov, int iovcnt) +{ + ssize_t ret = TEMP_FAILURE_RETRY (__readv (fd, iov, iovcnt)); + if (ret <= 0) + return ret; + + size_t total = 0; + for (int i = 0; i < iovcnt; ++i) + total += iov[i].iov_len; + + if (ret < total) + { + struct iovec iov_buf[iovcnt]; + ssize_t r = ret; + + struct iovec *iovp = memcpy (iov_buf, iov, iovcnt * sizeof (*iov)); + do + { + while (iovp->iov_len <= r) + { + r -= iovp->iov_len; + --iovcnt; + ++iovp; + } + iovp->iov_base = (char *) iovp->iov_base + r; + iovp->iov_len -= r; + r = TEMP_FAILURE_RETRY (__readv (fd, iovp, iovcnt)); + if (r <= 0) + break; + ret += r; + } + while (ret < total); + if (r < 0) + ret = r; + } + return ret; +} + + static int open_socket (void) { @@ -77,6 +139,36 @@ __nscd_unmap (struct mapped_database *mapped) } +static int +wait_on_socket (int sock) +{ + struct pollfd fds[1]; + fds[0].fd = sock; + fds[0].events = POLLIN | POLLERR | POLLHUP; + int n = __poll (fds, 1, 5 * 1000); + if (n == -1 && __builtin_expect (errno == EINTR, 0)) + { + /* Handle the case where the poll() call is interrupted by a + signal. We cannot just use TEMP_FAILURE_RETRY since it might + lead to infinite loops. */ + struct timeval now; + (void) __gettimeofday (&now, NULL); + long int end = (now.tv_sec + 5) * 1000 + (now.tv_usec + 500) / 1000; + while (1) + { + long int timeout = end - (now.tv_sec * 1000 + + (now.tv_usec + 500) / 1000); + n = __poll (fds, 1, timeout); + if (n != -1 || errno != EINTR) + break; + (void) __gettimeofday (&now, NULL); + } + } + + return n; +} + + /* Try to get a file descriptor for the shared meory segment containing the database. */ static struct mapped_database * @@ -86,102 +178,115 @@ get_mapping (request_type type, const char *key, struct mapped_database *result = NO_MAPPING; #ifdef SCM_RIGHTS const size_t keylen = strlen (key) + 1; - char resdata[keylen]; int saved_errno = errno; int mapfd = -1; /* Send the request. */ - struct iovec iov[2]; - request_header req; + struct + { + request_header req; + char key[keylen]; + } reqdata; + size_t real_sizeof_reqdata = sizeof (request_header) + keylen; int sock = open_socket (); if (sock < 0) goto out; - req.version = NSCD_VERSION; - req.type = type; - req.key_len = keylen; - - iov[0].iov_base = &req; - iov[0].iov_len = sizeof (req); - iov[1].iov_base = (void *) key; - iov[1].iov_len = keylen; - - if (TEMP_FAILURE_RETRY (__writev (sock, iov, 2)) - != iov[0].iov_len + iov[1].iov_len) + reqdata.req.version = NSCD_VERSION; + reqdata.req.type = type; + reqdata.req.key_len = keylen; + memcpy (reqdata.key, key, keylen); + +# ifndef MSG_NOSIGNAL +# define MSG_NOSIGNAL 0 +# endif + if (__builtin_expect (TEMP_FAILURE_RETRY (__send (sock, &reqdata, + real_sizeof_reqdata, + MSG_NOSIGNAL)) + != real_sizeof_reqdata, 0)) /* We cannot even write the request. */ goto out_close2; /* Room for the data sent along with the file descriptor. We expect the key name back. */ +# define resdata reqdata.key + struct iovec iov[1]; iov[0].iov_base = resdata; iov[0].iov_len = keylen; - char buf[CMSG_SPACE (sizeof (int))]; + union + { + struct cmsghdr hdr; + char bytes[CMSG_SPACE (sizeof (int))]; + } buf; struct msghdr msg = { .msg_iov = iov, .msg_iovlen = 1, - .msg_control = buf, .msg_controllen = sizeof (buf) }; + .msg_control = buf.bytes, + .msg_controllen = sizeof (buf) }; struct cmsghdr *cmsg = CMSG_FIRSTHDR (&msg); cmsg->cmsg_level = SOL_SOCKET; cmsg->cmsg_type = SCM_RIGHTS; cmsg->cmsg_len = CMSG_LEN (sizeof (int)); + /* This access is well-aligned since BUF is correctly aligned for an + int and CMSG_DATA preserves this alignment. */ *(int *) CMSG_DATA (cmsg) = -1; msg.msg_controllen = cmsg->cmsg_len; - struct pollfd fds[1]; - fds[0].fd = sock; - fds[0].events = POLLIN | POLLERR | POLLHUP; - if (__poll (fds, 1, 5 * 1000) <= 0) - /* Failure or timeout. */ + if (wait_on_socket (sock) <= 0) goto out_close2; - if (TEMP_FAILURE_RETRY (__recvmsg (sock, &msg, 0)) != keylen) + if (__builtin_expect (TEMP_FAILURE_RETRY (__recvmsg (sock, &msg, 0)) + != keylen, 0)) goto out_close2; - mapfd = *(int *) CMSG_DATA (cmsg); + if (__builtin_expect (CMSG_FIRSTHDR (&msg) == NULL + || (CMSG_FIRSTHDR (&msg)->cmsg_len + != CMSG_LEN (sizeof (int))), 0)) + goto out_close2; - if (CMSG_FIRSTHDR (&msg)->cmsg_len != CMSG_LEN (sizeof (int))) - goto out_close; + mapfd = *(int *) CMSG_DATA (cmsg); struct stat64 st; - if (strcmp (resdata, key) != 0 - || fstat64 (mapfd, &st) != 0 - || st.st_size < sizeof (struct database_pers_head)) + if (__builtin_expect (strcmp (resdata, key) != 0, 0) + || __builtin_expect (fstat64 (mapfd, &st) != 0, 0) + || __builtin_expect (st.st_size < sizeof (struct database_pers_head), 0)) goto out_close; struct database_pers_head head; - if (TEMP_FAILURE_RETRY (__pread (mapfd, &head, sizeof (head), 0)) - != sizeof (head)) + if (__builtin_expect (TEMP_FAILURE_RETRY (__pread (mapfd, &head, + sizeof (head), 0)) + != sizeof (head), 0)) goto out_close; - if (head.version != DB_VERSION || head.header_size != sizeof (head) + if (__builtin_expect (head.version != DB_VERSION, 0) + || __builtin_expect (head.header_size != sizeof (head), 0) /* This really should not happen but who knows, maybe the update thread got stuck. */ - || (! head.nscd_certainly_running - && head.timestamp + MAPPING_TIMEOUT < time (NULL))) + || __builtin_expect (! head.nscd_certainly_running + && head.timestamp + MAPPING_TIMEOUT < time (NULL), + 0)) goto out_close; size_t size = (sizeof (head) + roundup (head.module * sizeof (ref_t), ALIGN) + head.data_size); - if (st.st_size < size) + if (__builtin_expect (st.st_size < size, 0)) goto out_close; /* The file is large enough, map it now. */ void *mapping = __mmap (NULL, size, PROT_READ, MAP_SHARED, mapfd, 0); - if (mapping != MAP_FAILED) + if (__builtin_expect (mapping != MAP_FAILED, 1)) { /* Allocate a record for the mapping. */ - struct mapped_database *newp; - - newp = malloc (sizeof (*newp)); + struct mapped_database *newp = malloc (sizeof (*newp)); if (newp == NULL) { /* Ugh, after all we went through the memory allocation failed. */ - __munmap (result, size); + __munmap (mapping, size); goto out_close; } @@ -189,6 +294,7 @@ get_mapping (request_type type, const char *key, newp->data = ((char *) mapping + head.header_size + roundup (head.module * sizeof (ref_t), ALIGN)); newp->mapsize = size; + newp->datasize = head.data_size; /* Set counter to 1 to show it is usable. */ newp->counter = 1; @@ -215,17 +321,18 @@ get_mapping (request_type type, const char *key, struct mapped_database * __nscd_get_map_ref (request_type type, const char *name, - struct locked_map_ptr *mapptr, int *gc_cyclep) + volatile struct locked_map_ptr *mapptr, int *gc_cyclep) { struct mapped_database *cur = mapptr->mapped; if (cur == NO_MAPPING) return cur; int cnt = 0; - while (atomic_compare_and_exchange_val_acq (&mapptr->lock, 1, 0) != 0) + while (__builtin_expect (atomic_compare_and_exchange_val_acq (&mapptr->lock, + 1, 0) != 0, 0)) { // XXX Best number of rounds? - if (++cnt > 5) + if (__builtin_expect (++cnt > 5, 0)) return NO_MAPPING; atomic_delay (); @@ -238,8 +345,10 @@ __nscd_get_map_ref (request_type type, const char *name, /* If not mapped or timestamp not updated, request new map. */ if (cur == NULL || (cur->head->nscd_certainly_running == 0 - && cur->head->timestamp + MAPPING_TIMEOUT < time (NULL))) - cur = get_mapping (type, name, &mapptr->mapped); + && cur->head->timestamp + MAPPING_TIMEOUT < time (NULL)) + || cur->head->data_size > cur->datasize) + cur = get_mapping (type, name, + (struct mapped_database **) &mapptr->mapped); if (__builtin_expect (cur != NO_MAPPING, 1)) { @@ -257,28 +366,50 @@ __nscd_get_map_ref (request_type type, const char *name, } -const struct datahead * +/* Don't return const struct datahead *, as eventhough the record + is normally constant, it can change arbitrarily during nscd + garbage collection. */ +struct datahead * __nscd_cache_search (request_type type, const char *key, size_t keylen, const struct mapped_database *mapped) { unsigned long int hash = __nis_hash (key, keylen) % mapped->head->module; + size_t datasize = mapped->datasize; ref_t work = mapped->head->array[hash]; - while (work != ENDREF) + while (work != ENDREF && work + sizeof (struct hashentry) <= datasize) { struct hashentry *here = (struct hashentry *) (mapped->data + work); - if (type == here->type && keylen == here->len - && memcmp (key, mapped->data + here->key, keylen) == 0) +#ifndef _STRING_ARCH_unaligned + /* Although during garbage collection when moving struct hashentry + records around we first copy from old to new location and then + adjust pointer from previous hashentry to it, there is no barrier + between those memory writes. It is very unlikely to hit it, + so check alignment only if a misaligned load can crash the + application. */ + if ((uintptr_t) here & (__alignof__ (*here) - 1)) + return NULL; +#endif + + if (type == here->type + && keylen == here->len + && here->key + keylen <= datasize + && memcmp (key, mapped->data + here->key, keylen) == 0 + && here->packet + sizeof (struct datahead) <= datasize) { /* We found the entry. Increment the appropriate counter. */ - const struct datahead *dh + struct datahead *dh = (struct datahead *) (mapped->data + here->packet); +#ifndef _STRING_ARCH_unaligned + if ((uintptr_t) dh & (__alignof__ (*dh) - 1)) + return NULL; +#endif + /* See whether we must ignore the entry or whether something is wrong because garbage collection is in progress. */ - if (dh->usable && ((char *) dh + dh->allocsize - <= (char *) mapped->head + mapped->mapsize)) + if (dh->usable && here->packet + dh->allocsize <= datasize) return dh; } @@ -311,19 +442,13 @@ __nscd_open_socket (const char *key, size_t keylen, request_type type, vec[1].iov_len = keylen; ssize_t nbytes = TEMP_FAILURE_RETRY (__writev (sock, vec, 2)); - if (nbytes == (ssize_t) (sizeof (request_header) + keylen)) - { + if (nbytes == (ssize_t) (sizeof (request_header) + keylen) /* Wait for data. */ - struct pollfd fds[1]; - fds[0].fd = sock; - fds[0].events = POLLIN | POLLERR | POLLHUP; - if (__poll (fds, 1, 5 * 1000) > 0) - { - nbytes = TEMP_FAILURE_RETRY (__read (sock, response, - responselen)); - if (nbytes == (ssize_t) responselen) - return sock; - } + && wait_on_socket (sock) > 0) + { + nbytes = TEMP_FAILURE_RETRY (__read (sock, response, responselen)); + if (nbytes == (ssize_t) responselen) + return sock; } close_not_cancel_no_status (sock); |