This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH] DoS in RPC implementation (CVE-2011-4069)
- From: Jeff Law <law at redhat dot com>
- To: libc-alpha <libc-alpha at sourceware dot org>
- Date: Wed, 21 Nov 2012 12:43:44 -0700
- Subject: [PATCH] DoS in RPC implementation (CVE-2011-4069)
The original thread is here:
http://sourceware.org/ml/libc-alpha/2012-06/msg00074.html
If I'm understanding everything correctly....
When a large number of connections are opened to an RPC service we can
run out of file descriptors. Once we run out of file descriptors CPU
usage goes through the roof. This patch fixes the excessive CPU
utilization problem.
The problem is we're polling on a large number of FD; once we run out of
FDs accept() fails, we copy the array of FDs and poll again, which
returns immediately and we try to accept again. This repeats
indefinitely. The code to dequeue connections never gets a chance to run.
The patch inserts a nanosleep when the accept call fails due to EM_FILE.
This gives the dequeue code a chance to run and dramatically reduces
the cpu burn.
It seems to me we should do the same thing for ENFILE, though in that
case it's more likely an FD will come available.
Roland's suggestions were to add the missing whitespace prior to the
__nanosleep call and to pull the "accept failed" bits into a common
function, both of which are reflected in this patch.
Attachment:
patch
Description: Text document