This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] DoS in RPC implementation (CVE-2011-4069)

From: Jeff Law <law at redhat dot com>
To: libc-alpha <libc-alpha at sourceware dot org>
Date: Wed, 21 Nov 2012 12:43:44 -0700
Subject: [PATCH] DoS in RPC implementation (CVE-2011-4069)

The original thread is here:

http://sourceware.org/ml/libc-alpha/2012-06/msg00074.html

If I'm understanding everything correctly....

When a large number of connections are opened to an RPC service we can run out of file descriptors. Once we run out of file descriptors CPU usage goes through the roof. This patch fixes the excessive CPU utilization problem.

The problem is we're polling on a large number of FD; once we run out of FDs accept() fails, we copy the array of FDs and poll again, which returns immediately and we try to accept again. This repeats indefinitely. The code to dequeue connections never gets a chance to run.

The patch inserts a nanosleep when the accept call fails due to EM_FILE. This gives the dequeue code a chance to run and dramatically reduces the cpu burn.

It seems to me we should do the same thing for ENFILE, though in that case it's more likely an FD will come available.

Roland's suggestions were to add the missing whitespace prior to the __nanosleep call and to pull the "accept failed" bits into a common function, both of which are reflected in this patch.

Attachment: patch
Description: Text document

Follow-Ups:
- Re: [PATCH] DoS in RPC implementation (CVE-2011-4069)
  - From: David Miller
- Re: [PATCH] DoS in RPC implementation (CVE-2011-4069)
  - From: Roland McGrath

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]