gnu: libtirpc: Fix CVE-2021-46828.
* gnu/packages/onc-rpc.scm (libtirpc)[replacement]: New field. (libtirpc/fixed): New variable. (libtirpc-hurd)[source]: Add patch. * gnu/packages/patches/libtirpc-CVE-2021-46828.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it.master
parent
6757ee9d2b
commit
92769ab282
|
@ -1429,6 +1429,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/libtgvoip-disable-sse2.patch \
|
||||
%D%/packages/patches/libtgvoip-disable-webrtc.patch \
|
||||
%D%/packages/patches/libtheora-config-guess.patch \
|
||||
%D%/packages/patches/libtirpc-CVE-2021-46828.patch \
|
||||
%D%/packages/patches/libtirpc-hurd.patch \
|
||||
%D%/packages/patches/libtommath-fix-linkage.patch \
|
||||
%D%/packages/patches/libtool-skip-tests2.patch \
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
;;; Copyright © 2018, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
|
||||
;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
|
||||
;;; Copyright © 2020 Ricardo Wurmus <rekado@elephly.net>
|
||||
;;; Copyright © 2022 Efraim Flashner <efraim@flashner.co.il>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -38,6 +39,7 @@
|
|||
(package
|
||||
(name "libtirpc")
|
||||
(version "1.3.1")
|
||||
(replacement libtirpc/fixed)
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://sourceforge/libtirpc/libtirpc/"
|
||||
|
@ -74,7 +76,8 @@ IPv4 and IPv6. ONC RPC is notably used by the network file system (NFS).")
|
|||
(package/inherit libtirpc
|
||||
(name "libtirpc-hurd")
|
||||
(source (origin (inherit (package-source libtirpc))
|
||||
(patches (search-patches "libtirpc-hurd.patch"))))
|
||||
(patches (search-patches "libtirpc-hurd.patch"
|
||||
"libtirpc-CVE-2021-46828.patch"))))
|
||||
(arguments
|
||||
(substitute-keyword-arguments (package-arguments libtirpc)
|
||||
((#:configure-flags flags ''())
|
||||
|
@ -83,6 +86,13 @@ IPv4 and IPv6. ONC RPC is notably used by the network file system (NFS).")
|
|||
(assoc-ref %build-inputs "mit-krb5")
|
||||
"/bin/krb5-config")))))))
|
||||
|
||||
(define libtirpc/fixed
|
||||
(package
|
||||
(inherit libtirpc)
|
||||
(source (origin
|
||||
(inherit (package-source libtirpc))
|
||||
(patches (search-patches "libtirpc-CVE-2021-46828.patch"))))))
|
||||
|
||||
(define-public rpcbind
|
||||
(package
|
||||
(name "rpcbind")
|
||||
|
|
|
@ -0,0 +1,567 @@
|
|||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46828
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2021-46828
|
||||
|
||||
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed
|
||||
|
||||
From 86529758570cef4c73fb9b9c4104fdc510f701ed Mon Sep 17 00:00:00 2001
|
||||
From: Dai Ngo <dai.ngo@oracle.com>
|
||||
Date: Sat, 21 Aug 2021 13:16:23 -0400
|
||||
Subject: [PATCH] Fix DoS vulnerability in libtirpc
|
||||
|
||||
Currently svc_run does not handle poll timeout and rendezvous_request
|
||||
does not handle EMFILE error returned from accept(2 as it used to.
|
||||
These two missing functionality were removed by commit b2c9430f46c4.
|
||||
|
||||
The effect of not handling poll timeout allows idle TCP conections
|
||||
to remain ESTABLISHED indefinitely. When the number of connections
|
||||
reaches the limit of the open file descriptors (ulimit -n) then
|
||||
accept(2) fails with EMFILE. Since there is no handling of EMFILE
|
||||
error this causes svc_run() to get in a tight loop calling accept(2).
|
||||
This resulting in the RPC service of svc_run is being down, it's
|
||||
no longer able to service any requests.
|
||||
|
||||
RPC service rpcbind, statd and mountd are effected by this
|
||||
problem.
|
||||
|
||||
Fix by enhancing rendezvous_request to keep the number of
|
||||
SVCXPRT conections to 4/5 of the size of the file descriptor
|
||||
table. When this thresold is reached, it destroys the idle
|
||||
TCP connections or destroys the least active connection if
|
||||
no idle connnction was found.
|
||||
|
||||
Fixes: 44bf15b8 rpcbind: don't use obsolete svc_fdset interface of libtirpc
|
||||
Signed-off-by: dai.ngo@oracle.com
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
INSTALL | 371 +----------------------------------------------------------
|
||||
src/svc.c | 17 ++-
|
||||
src/svc_vc.c | 62 +++++++++-
|
||||
3 files changed, 78 insertions(+), 372 deletions(-)
|
||||
mode change 100644 => 120000 INSTALL
|
||||
|
||||
diff --git a/INSTALL b/INSTALL
|
||||
deleted file mode 100644
|
||||
index 2099840..0000000
|
||||
--- a/INSTALL
|
||||
+++ /dev/null
|
||||
@@ -1,370 +0,0 @@
|
||||
-Installation Instructions
|
||||
-*************************
|
||||
-
|
||||
-Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
|
||||
-Inc.
|
||||
-
|
||||
- Copying and distribution of this file, with or without modification,
|
||||
-are permitted in any medium without royalty provided the copyright
|
||||
-notice and this notice are preserved. This file is offered as-is,
|
||||
-without warranty of any kind.
|
||||
-
|
||||
-Basic Installation
|
||||
-==================
|
||||
-
|
||||
- Briefly, the shell command `./configure && make && make install'
|
||||
-should configure, build, and install this package. The following
|
||||
-more-detailed instructions are generic; see the `README' file for
|
||||
-instructions specific to this package. Some packages provide this
|
||||
-`INSTALL' file but do not implement all of the features documented
|
||||
-below. The lack of an optional feature in a given package is not
|
||||
-necessarily a bug. More recommendations for GNU packages can be found
|
||||
-in *note Makefile Conventions: (standards)Makefile Conventions.
|
||||
-
|
||||
- The `configure' shell script attempts to guess correct values for
|
||||
-various system-dependent variables used during compilation. It uses
|
||||
-those values to create a `Makefile' in each directory of the package.
|
||||
-It may also create one or more `.h' files containing system-dependent
|
||||
-definitions. Finally, it creates a shell script `config.status' that
|
||||
-you can run in the future to recreate the current configuration, and a
|
||||
-file `config.log' containing compiler output (useful mainly for
|
||||
-debugging `configure').
|
||||
-
|
||||
- It can also use an optional file (typically called `config.cache'
|
||||
-and enabled with `--cache-file=config.cache' or simply `-C') that saves
|
||||
-the results of its tests to speed up reconfiguring. Caching is
|
||||
-disabled by default to prevent problems with accidental use of stale
|
||||
-cache files.
|
||||
-
|
||||
- If you need to do unusual things to compile the package, please try
|
||||
-to figure out how `configure' could check whether to do them, and mail
|
||||
-diffs or instructions to the address given in the `README' so they can
|
||||
-be considered for the next release. If you are using the cache, and at
|
||||
-some point `config.cache' contains results you don't want to keep, you
|
||||
-may remove or edit it.
|
||||
-
|
||||
- The file `configure.ac' (or `configure.in') is used to create
|
||||
-`configure' by a program called `autoconf'. You need `configure.ac' if
|
||||
-you want to change it or regenerate `configure' using a newer version
|
||||
-of `autoconf'.
|
||||
-
|
||||
- The simplest way to compile this package is:
|
||||
-
|
||||
- 1. `cd' to the directory containing the package's source code and type
|
||||
- `./configure' to configure the package for your system.
|
||||
-
|
||||
- Running `configure' might take a while. While running, it prints
|
||||
- some messages telling which features it is checking for.
|
||||
-
|
||||
- 2. Type `make' to compile the package.
|
||||
-
|
||||
- 3. Optionally, type `make check' to run any self-tests that come with
|
||||
- the package, generally using the just-built uninstalled binaries.
|
||||
-
|
||||
- 4. Type `make install' to install the programs and any data files and
|
||||
- documentation. When installing into a prefix owned by root, it is
|
||||
- recommended that the package be configured and built as a regular
|
||||
- user, and only the `make install' phase executed with root
|
||||
- privileges.
|
||||
-
|
||||
- 5. Optionally, type `make installcheck' to repeat any self-tests, but
|
||||
- this time using the binaries in their final installed location.
|
||||
- This target does not install anything. Running this target as a
|
||||
- regular user, particularly if the prior `make install' required
|
||||
- root privileges, verifies that the installation completed
|
||||
- correctly.
|
||||
-
|
||||
- 6. You can remove the program binaries and object files from the
|
||||
- source code directory by typing `make clean'. To also remove the
|
||||
- files that `configure' created (so you can compile the package for
|
||||
- a different kind of computer), type `make distclean'. There is
|
||||
- also a `make maintainer-clean' target, but that is intended mainly
|
||||
- for the package's developers. If you use it, you may have to get
|
||||
- all sorts of other programs in order to regenerate files that came
|
||||
- with the distribution.
|
||||
-
|
||||
- 7. Often, you can also type `make uninstall' to remove the installed
|
||||
- files again. In practice, not all packages have tested that
|
||||
- uninstallation works correctly, even though it is required by the
|
||||
- GNU Coding Standards.
|
||||
-
|
||||
- 8. Some packages, particularly those that use Automake, provide `make
|
||||
- distcheck', which can by used by developers to test that all other
|
||||
- targets like `make install' and `make uninstall' work correctly.
|
||||
- This target is generally not run by end users.
|
||||
-
|
||||
-Compilers and Options
|
||||
-=====================
|
||||
-
|
||||
- Some systems require unusual options for compilation or linking that
|
||||
-the `configure' script does not know about. Run `./configure --help'
|
||||
-for details on some of the pertinent environment variables.
|
||||
-
|
||||
- You can give `configure' initial values for configuration parameters
|
||||
-by setting variables in the command line or in the environment. Here
|
||||
-is an example:
|
||||
-
|
||||
- ./configure CC=c99 CFLAGS=-g LIBS=-lposix
|
||||
-
|
||||
- *Note Defining Variables::, for more details.
|
||||
-
|
||||
-Compiling For Multiple Architectures
|
||||
-====================================
|
||||
-
|
||||
- You can compile the package for more than one kind of computer at the
|
||||
-same time, by placing the object files for each architecture in their
|
||||
-own directory. To do this, you can use GNU `make'. `cd' to the
|
||||
-directory where you want the object files and executables to go and run
|
||||
-the `configure' script. `configure' automatically checks for the
|
||||
-source code in the directory that `configure' is in and in `..'. This
|
||||
-is known as a "VPATH" build.
|
||||
-
|
||||
- With a non-GNU `make', it is safer to compile the package for one
|
||||
-architecture at a time in the source code directory. After you have
|
||||
-installed the package for one architecture, use `make distclean' before
|
||||
-reconfiguring for another architecture.
|
||||
-
|
||||
- On MacOS X 10.5 and later systems, you can create libraries and
|
||||
-executables that work on multiple system types--known as "fat" or
|
||||
-"universal" binaries--by specifying multiple `-arch' options to the
|
||||
-compiler but only a single `-arch' option to the preprocessor. Like
|
||||
-this:
|
||||
-
|
||||
- ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
|
||||
- CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
|
||||
- CPP="gcc -E" CXXCPP="g++ -E"
|
||||
-
|
||||
- This is not guaranteed to produce working output in all cases, you
|
||||
-may have to build one architecture at a time and combine the results
|
||||
-using the `lipo' tool if you have problems.
|
||||
-
|
||||
-Installation Names
|
||||
-==================
|
||||
-
|
||||
- By default, `make install' installs the package's commands under
|
||||
-`/usr/local/bin', include files under `/usr/local/include', etc. You
|
||||
-can specify an installation prefix other than `/usr/local' by giving
|
||||
-`configure' the option `--prefix=PREFIX', where PREFIX must be an
|
||||
-absolute file name.
|
||||
-
|
||||
- You can specify separate installation prefixes for
|
||||
-architecture-specific files and architecture-independent files. If you
|
||||
-pass the option `--exec-prefix=PREFIX' to `configure', the package uses
|
||||
-PREFIX as the prefix for installing programs and libraries.
|
||||
-Documentation and other data files still use the regular prefix.
|
||||
-
|
||||
- In addition, if you use an unusual directory layout you can give
|
||||
-options like `--bindir=DIR' to specify different values for particular
|
||||
-kinds of files. Run `configure --help' for a list of the directories
|
||||
-you can set and what kinds of files go in them. In general, the
|
||||
-default for these options is expressed in terms of `${prefix}', so that
|
||||
-specifying just `--prefix' will affect all of the other directory
|
||||
-specifications that were not explicitly provided.
|
||||
-
|
||||
- The most portable way to affect installation locations is to pass the
|
||||
-correct locations to `configure'; however, many packages provide one or
|
||||
-both of the following shortcuts of passing variable assignments to the
|
||||
-`make install' command line to change installation locations without
|
||||
-having to reconfigure or recompile.
|
||||
-
|
||||
- The first method involves providing an override variable for each
|
||||
-affected directory. For example, `make install
|
||||
-prefix=/alternate/directory' will choose an alternate location for all
|
||||
-directory configuration variables that were expressed in terms of
|
||||
-`${prefix}'. Any directories that were specified during `configure',
|
||||
-but not in terms of `${prefix}', must each be overridden at install
|
||||
-time for the entire installation to be relocated. The approach of
|
||||
-makefile variable overrides for each directory variable is required by
|
||||
-the GNU Coding Standards, and ideally causes no recompilation.
|
||||
-However, some platforms have known limitations with the semantics of
|
||||
-shared libraries that end up requiring recompilation when using this
|
||||
-method, particularly noticeable in packages that use GNU Libtool.
|
||||
-
|
||||
- The second method involves providing the `DESTDIR' variable. For
|
||||
-example, `make install DESTDIR=/alternate/directory' will prepend
|
||||
-`/alternate/directory' before all installation names. The approach of
|
||||
-`DESTDIR' overrides is not required by the GNU Coding Standards, and
|
||||
-does not work on platforms that have drive letters. On the other hand,
|
||||
-it does better at avoiding recompilation issues, and works well even
|
||||
-when some directory options were not specified in terms of `${prefix}'
|
||||
-at `configure' time.
|
||||
-
|
||||
-Optional Features
|
||||
-=================
|
||||
-
|
||||
- If the package supports it, you can cause programs to be installed
|
||||
-with an extra prefix or suffix on their names by giving `configure' the
|
||||
-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
|
||||
-
|
||||
- Some packages pay attention to `--enable-FEATURE' options to
|
||||
-`configure', where FEATURE indicates an optional part of the package.
|
||||
-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
|
||||
-is something like `gnu-as' or `x' (for the X Window System). The
|
||||
-`README' should mention any `--enable-' and `--with-' options that the
|
||||
-package recognizes.
|
||||
-
|
||||
- For packages that use the X Window System, `configure' can usually
|
||||
-find the X include and library files automatically, but if it doesn't,
|
||||
-you can use the `configure' options `--x-includes=DIR' and
|
||||
-`--x-libraries=DIR' to specify their locations.
|
||||
-
|
||||
- Some packages offer the ability to configure how verbose the
|
||||
-execution of `make' will be. For these packages, running `./configure
|
||||
---enable-silent-rules' sets the default to minimal output, which can be
|
||||
-overridden with `make V=1'; while running `./configure
|
||||
---disable-silent-rules' sets the default to verbose, which can be
|
||||
-overridden with `make V=0'.
|
||||
-
|
||||
-Particular systems
|
||||
-==================
|
||||
-
|
||||
- On HP-UX, the default C compiler is not ANSI C compatible. If GNU
|
||||
-CC is not installed, it is recommended to use the following options in
|
||||
-order to use an ANSI C compiler:
|
||||
-
|
||||
- ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
|
||||
-
|
||||
-and if that doesn't work, install pre-built binaries of GCC for HP-UX.
|
||||
-
|
||||
- HP-UX `make' updates targets which have the same time stamps as
|
||||
-their prerequisites, which makes it generally unusable when shipped
|
||||
-generated files such as `configure' are involved. Use GNU `make'
|
||||
-instead.
|
||||
-
|
||||
- On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
|
||||
-parse its `<wchar.h>' header file. The option `-nodtk' can be used as
|
||||
-a workaround. If GNU CC is not installed, it is therefore recommended
|
||||
-to try
|
||||
-
|
||||
- ./configure CC="cc"
|
||||
-
|
||||
-and if that doesn't work, try
|
||||
-
|
||||
- ./configure CC="cc -nodtk"
|
||||
-
|
||||
- On Solaris, don't put `/usr/ucb' early in your `PATH'. This
|
||||
-directory contains several dysfunctional programs; working variants of
|
||||
-these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
|
||||
-in your `PATH', put it _after_ `/usr/bin'.
|
||||
-
|
||||
- On Haiku, software installed for all users goes in `/boot/common',
|
||||
-not `/usr/local'. It is recommended to use the following options:
|
||||
-
|
||||
- ./configure --prefix=/boot/common
|
||||
-
|
||||
-Specifying the System Type
|
||||
-==========================
|
||||
-
|
||||
- There may be some features `configure' cannot figure out
|
||||
-automatically, but needs to determine by the type of machine the package
|
||||
-will run on. Usually, assuming the package is built to be run on the
|
||||
-_same_ architectures, `configure' can figure that out, but if it prints
|
||||
-a message saying it cannot guess the machine type, give it the
|
||||
-`--build=TYPE' option. TYPE can either be a short name for the system
|
||||
-type, such as `sun4', or a canonical name which has the form:
|
||||
-
|
||||
- CPU-COMPANY-SYSTEM
|
||||
-
|
||||
-where SYSTEM can have one of these forms:
|
||||
-
|
||||
- OS
|
||||
- KERNEL-OS
|
||||
-
|
||||
- See the file `config.sub' for the possible values of each field. If
|
||||
-`config.sub' isn't included in this package, then this package doesn't
|
||||
-need to know the machine type.
|
||||
-
|
||||
- If you are _building_ compiler tools for cross-compiling, you should
|
||||
-use the option `--target=TYPE' to select the type of system they will
|
||||
-produce code for.
|
||||
-
|
||||
- If you want to _use_ a cross compiler, that generates code for a
|
||||
-platform different from the build platform, you should specify the
|
||||
-"host" platform (i.e., that on which the generated programs will
|
||||
-eventually be run) with `--host=TYPE'.
|
||||
-
|
||||
-Sharing Defaults
|
||||
-================
|
||||
-
|
||||
- If you want to set default values for `configure' scripts to share,
|
||||
-you can create a site shell script called `config.site' that gives
|
||||
-default values for variables like `CC', `cache_file', and `prefix'.
|
||||
-`configure' looks for `PREFIX/share/config.site' if it exists, then
|
||||
-`PREFIX/etc/config.site' if it exists. Or, you can set the
|
||||
-`CONFIG_SITE' environment variable to the location of the site script.
|
||||
-A warning: not all `configure' scripts look for a site script.
|
||||
-
|
||||
-Defining Variables
|
||||
-==================
|
||||
-
|
||||
- Variables not defined in a site shell script can be set in the
|
||||
-environment passed to `configure'. However, some packages may run
|
||||
-configure again during the build, and the customized values of these
|
||||
-variables may be lost. In order to avoid this problem, you should set
|
||||
-them in the `configure' command line, using `VAR=value'. For example:
|
||||
-
|
||||
- ./configure CC=/usr/local2/bin/gcc
|
||||
-
|
||||
-causes the specified `gcc' to be used as the C compiler (unless it is
|
||||
-overridden in the site shell script).
|
||||
-
|
||||
-Unfortunately, this technique does not work for `CONFIG_SHELL' due to
|
||||
-an Autoconf limitation. Until the limitation is lifted, you can use
|
||||
-this workaround:
|
||||
-
|
||||
- CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
|
||||
-
|
||||
-`configure' Invocation
|
||||
-======================
|
||||
-
|
||||
- `configure' recognizes the following options to control how it
|
||||
-operates.
|
||||
-
|
||||
-`--help'
|
||||
-`-h'
|
||||
- Print a summary of all of the options to `configure', and exit.
|
||||
-
|
||||
-`--help=short'
|
||||
-`--help=recursive'
|
||||
- Print a summary of the options unique to this package's
|
||||
- `configure', and exit. The `short' variant lists options used
|
||||
- only in the top level, while the `recursive' variant lists options
|
||||
- also present in any nested packages.
|
||||
-
|
||||
-`--version'
|
||||
-`-V'
|
||||
- Print the version of Autoconf used to generate the `configure'
|
||||
- script, and exit.
|
||||
-
|
||||
-`--cache-file=FILE'
|
||||
- Enable the cache: use and save the results of the tests in FILE,
|
||||
- traditionally `config.cache'. FILE defaults to `/dev/null' to
|
||||
- disable caching.
|
||||
-
|
||||
-`--config-cache'
|
||||
-`-C'
|
||||
- Alias for `--cache-file=config.cache'.
|
||||
-
|
||||
-`--quiet'
|
||||
-`--silent'
|
||||
-`-q'
|
||||
- Do not print messages saying which checks are being made. To
|
||||
- suppress all normal output, redirect it to `/dev/null' (any error
|
||||
- messages will still be shown).
|
||||
-
|
||||
-`--srcdir=DIR'
|
||||
- Look for the package's source code in directory DIR. Usually
|
||||
- `configure' can determine that directory automatically.
|
||||
-
|
||||
-`--prefix=DIR'
|
||||
- Use DIR as the installation prefix. *note Installation Names::
|
||||
- for more details, including other options available for fine-tuning
|
||||
- the installation locations.
|
||||
-
|
||||
-`--no-create'
|
||||
-`-n'
|
||||
- Run the configure checks, but stop before creating any output
|
||||
- files.
|
||||
-
|
||||
-`configure' also accepts some other, not widely useful, options. Run
|
||||
-`configure --help' for more details.
|
||||
diff --git a/INSTALL b/INSTALL
|
||||
new file mode 120000
|
||||
index 0000000..e3f22c0
|
||||
--- /dev/null
|
||||
+++ b/INSTALL
|
||||
@@ -0,0 +1 @@
|
||||
+/usr/share/automake-1.16/INSTALL
|
||||
\ No newline at end of file
|
||||
diff --git a/src/svc.c b/src/svc.c
|
||||
index 6db164b..3a8709f 100644
|
||||
--- a/src/svc.c
|
||||
+++ b/src/svc.c
|
||||
@@ -57,7 +57,7 @@
|
||||
|
||||
#define max(a, b) (a > b ? a : b)
|
||||
|
||||
-static SVCXPRT **__svc_xports;
|
||||
+SVCXPRT **__svc_xports;
|
||||
int __svc_maxrec;
|
||||
|
||||
/*
|
||||
@@ -194,6 +194,21 @@ __xprt_do_unregister (xprt, dolock)
|
||||
rwlock_unlock (&svc_fd_lock);
|
||||
}
|
||||
|
||||
+int
|
||||
+svc_open_fds()
|
||||
+{
|
||||
+ int ix;
|
||||
+ int nfds = 0;
|
||||
+
|
||||
+ rwlock_rdlock (&svc_fd_lock);
|
||||
+ for (ix = 0; ix < svc_max_pollfd; ++ix) {
|
||||
+ if (svc_pollfd[ix].fd != -1)
|
||||
+ nfds++;
|
||||
+ }
|
||||
+ rwlock_unlock (&svc_fd_lock);
|
||||
+ return (nfds);
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* Add a service program to the callout list.
|
||||
* The dispatch routine will be called when a rpc request for this
|
||||
diff --git a/src/svc_vc.c b/src/svc_vc.c
|
||||
index f1d9f00..3dc8a75 100644
|
||||
--- a/src/svc_vc.c
|
||||
+++ b/src/svc_vc.c
|
||||
@@ -64,6 +64,8 @@
|
||||
|
||||
|
||||
extern rwlock_t svc_fd_lock;
|
||||
+extern SVCXPRT **__svc_xports;
|
||||
+extern int svc_open_fds();
|
||||
|
||||
static SVCXPRT *makefd_xprt(int, u_int, u_int);
|
||||
static bool_t rendezvous_request(SVCXPRT *, struct rpc_msg *);
|
||||
@@ -82,6 +84,7 @@ static void svc_vc_ops(SVCXPRT *);
|
||||
static bool_t svc_vc_control(SVCXPRT *xprt, const u_int rq, void *in);
|
||||
static bool_t svc_vc_rendezvous_control (SVCXPRT *xprt, const u_int rq,
|
||||
void *in);
|
||||
+static int __svc_destroy_idle(int timeout);
|
||||
|
||||
struct cf_rendezvous { /* kept in xprt->xp_p1 for rendezvouser */
|
||||
u_int sendsize;
|
||||
@@ -313,13 +316,14 @@ done:
|
||||
return (xprt);
|
||||
}
|
||||
|
||||
+
|
||||
/*ARGSUSED*/
|
||||
static bool_t
|
||||
rendezvous_request(xprt, msg)
|
||||
SVCXPRT *xprt;
|
||||
struct rpc_msg *msg;
|
||||
{
|
||||
- int sock, flags;
|
||||
+ int sock, flags, nfds, cnt;
|
||||
struct cf_rendezvous *r;
|
||||
struct cf_conn *cd;
|
||||
struct sockaddr_storage addr;
|
||||
@@ -379,6 +383,16 @@ again:
|
||||
|
||||
gettimeofday(&cd->last_recv_time, NULL);
|
||||
|
||||
+ nfds = svc_open_fds();
|
||||
+ if (nfds >= (_rpc_dtablesize() / 5) * 4) {
|
||||
+ /* destroy idle connections */
|
||||
+ cnt = __svc_destroy_idle(15);
|
||||
+ if (cnt == 0) {
|
||||
+ /* destroy least active */
|
||||
+ __svc_destroy_idle(0);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
return (FALSE); /* there is never an rpc msg to be processed */
|
||||
}
|
||||
|
||||
@@ -820,3 +834,49 @@ __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
+
|
||||
+static int
|
||||
+__svc_destroy_idle(int timeout)
|
||||
+{
|
||||
+ int i, ncleaned = 0;
|
||||
+ SVCXPRT *xprt, *least_active;
|
||||
+ struct timeval tv, tdiff, tmax;
|
||||
+ struct cf_conn *cd;
|
||||
+
|
||||
+ gettimeofday(&tv, NULL);
|
||||
+ tmax.tv_sec = tmax.tv_usec = 0;
|
||||
+ least_active = NULL;
|
||||
+ rwlock_wrlock(&svc_fd_lock);
|
||||
+
|
||||
+ for (i = 0; i <= svc_max_pollfd; i++) {
|
||||
+ if (svc_pollfd[i].fd == -1)
|
||||
+ continue;
|
||||
+ xprt = __svc_xports[i];
|
||||
+ if (xprt == NULL || xprt->xp_ops == NULL ||
|
||||
+ xprt->xp_ops->xp_recv != svc_vc_recv)
|
||||
+ continue;
|
||||
+ cd = (struct cf_conn *)xprt->xp_p1;
|
||||
+ if (!cd->nonblock)
|
||||
+ continue;
|
||||
+ if (timeout == 0) {
|
||||
+ timersub(&tv, &cd->last_recv_time, &tdiff);
|
||||
+ if (timercmp(&tdiff, &tmax, >)) {
|
||||
+ tmax = tdiff;
|
||||
+ least_active = xprt;
|
||||
+ }
|
||||
+ continue;
|
||||
+ }
|
||||
+ if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) {
|
||||
+ __xprt_unregister_unlocked(xprt);
|
||||
+ __svc_vc_dodestroy(xprt);
|
||||
+ ncleaned++;
|
||||
+ }
|
||||
+ }
|
||||
+ if (timeout == 0 && least_active != NULL) {
|
||||
+ __xprt_unregister_unlocked(least_active);
|
||||
+ __svc_vc_dodestroy(least_active);
|
||||
+ ncleaned++;
|
||||
+ }
|
||||
+ rwlock_unlock(&svc_fd_lock);
|
||||
+ return (ncleaned);
|
||||
+}
|
||||
--
|
||||
1.8.3.1
|
||||
|
Reference in New Issue