diff options
author | Claudio Jeker <claudio@cvs.openbsd.org> | 2016-09-01 10:40:39 +0000 |
---|---|---|
committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2016-09-01 10:40:39 +0000 |
commit | 2f8f86fd15addc196dd3879acbe3a04cb59e0330 (patch) | |
tree | 736d2331aee3b1ac0eb6d0d06c241021299433cf | |
parent | 8a9091b52fb005a582eb11726491fefdffbeec72 (diff) |
Do not busy loop in the rsa engine callback waiting for the ca. Instead use
poll(2) to wait for up to 1sec for a response. This is not the nicest way to
fix this issue but the smallest. Goal is to reduce the contention on the
kernel big lock on busy relayd systems.
reyk@ agrees (especially about the nastyness of this)
-rw-r--r-- | usr.sbin/relayd/ca.c | 18 | ||||
-rw-r--r-- | usr.sbin/relayd/relayd.h | 3 |
2 files changed, 18 insertions, 3 deletions
diff --git a/usr.sbin/relayd/ca.c b/usr.sbin/relayd/ca.c index 0a1bd5a70da..5fbcd3605ce 100644 --- a/usr.sbin/relayd/ca.c +++ b/usr.sbin/relayd/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.16 2015/12/05 13:13:11 claudio Exp $ */ +/* $OpenBSD: ca.c,v 1.17 2016/09/01 10:40:38 claudio Exp $ */ /* * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org> @@ -23,6 +23,7 @@ #include <unistd.h> #include <string.h> #include <stdlib.h> +#include <poll.h> #include <imsg.h> #include <openssl/bio.h> @@ -256,6 +257,7 @@ static int rsae_send_imsg(int flen, const u_char *from, u_char *to, RSA *rsa, int padding, u_int cmd) { + struct pollfd pfd[1]; struct ctl_keyop cko; int ret = 0; objid_t *id; @@ -292,9 +294,21 @@ rsae_send_imsg(int flen, const u_char *from, u_char *to, RSA *rsa, * operation in OpenSSL's engine layer. */ imsg_composev(ibuf, cmd, 0, 0, -1, iov, cnt); - imsg_flush(ibuf); + if (imsg_flush(ibuf) == -1) + log_warn("rsae_send_imsg: imsg_flush"); + pfd[0].fd = ibuf->fd; + pfd[0].events = POLLIN; while (!done) { + switch (poll(pfd, 1, RELAY_TLS_PRIV_TIMEOUT)) { + case -1: + fatal("rsae_send_imsg: poll"); + case 0: + log_warnx("rsae_send_imsg: poll timeout"); + break; + default: + break; + } if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) fatalx("imsg_read"); if (n == 0) diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index 760d2428810..1413fdfb12b 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.225 2016/07/29 10:09:27 reyk Exp $ */ +/* $OpenBSD: relayd.h,v 1.226 2016/09/01 10:40:38 claudio Exp $ */ /* * Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org> @@ -77,6 +77,7 @@ #define RELAY_MAXLOOKUPLEVELS 5 #define RELAY_OUTOF_FD_RETRIES 5 #define RELAY_MAX_HASH_RETRIES 5 +#define RELAY_TLS_PRIV_TIMEOUT 1000 /* wait 1sec for the ca */ #define CONFIG_RELOAD 0x00 #define CONFIG_TABLES 0x01 |