summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorClaudio Jeker <claudio@cvs.openbsd.org>2016-09-01 10:40:39 +0000
committerClaudio Jeker <claudio@cvs.openbsd.org>2016-09-01 10:40:39 +0000
commit2f8f86fd15addc196dd3879acbe3a04cb59e0330 (patch)
tree736d2331aee3b1ac0eb6d0d06c241021299433cf
parent8a9091b52fb005a582eb11726491fefdffbeec72 (diff)
Do not busy loop in the rsa engine callback waiting for the ca. Instead use
poll(2) to wait for up to 1sec for a response. This is not the nicest way to fix this issue but the smallest. Goal is to reduce the contention on the kernel big lock on busy relayd systems. reyk@ agrees (especially about the nastyness of this)
-rw-r--r--usr.sbin/relayd/ca.c18
-rw-r--r--usr.sbin/relayd/relayd.h3
2 files changed, 18 insertions, 3 deletions
diff --git a/usr.sbin/relayd/ca.c b/usr.sbin/relayd/ca.c
index 0a1bd5a70da..5fbcd3605ce 100644
--- a/usr.sbin/relayd/ca.c
+++ b/usr.sbin/relayd/ca.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ca.c,v 1.16 2015/12/05 13:13:11 claudio Exp $ */
+/* $OpenBSD: ca.c,v 1.17 2016/09/01 10:40:38 claudio Exp $ */
/*
* Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
@@ -23,6 +23,7 @@
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
+#include <poll.h>
#include <imsg.h>
#include <openssl/bio.h>
@@ -256,6 +257,7 @@ static int
rsae_send_imsg(int flen, const u_char *from, u_char *to, RSA *rsa,
int padding, u_int cmd)
{
+ struct pollfd pfd[1];
struct ctl_keyop cko;
int ret = 0;
objid_t *id;
@@ -292,9 +294,21 @@ rsae_send_imsg(int flen, const u_char *from, u_char *to, RSA *rsa,
* operation in OpenSSL's engine layer.
*/
imsg_composev(ibuf, cmd, 0, 0, -1, iov, cnt);
- imsg_flush(ibuf);
+ if (imsg_flush(ibuf) == -1)
+ log_warn("rsae_send_imsg: imsg_flush");
+ pfd[0].fd = ibuf->fd;
+ pfd[0].events = POLLIN;
while (!done) {
+ switch (poll(pfd, 1, RELAY_TLS_PRIV_TIMEOUT)) {
+ case -1:
+ fatal("rsae_send_imsg: poll");
+ case 0:
+ log_warnx("rsae_send_imsg: poll timeout");
+ break;
+ default:
+ break;
+ }
if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
fatalx("imsg_read");
if (n == 0)
diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index 760d2428810..1413fdfb12b 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.h,v 1.225 2016/07/29 10:09:27 reyk Exp $ */
+/* $OpenBSD: relayd.h,v 1.226 2016/09/01 10:40:38 claudio Exp $ */
/*
* Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org>
@@ -77,6 +77,7 @@
#define RELAY_MAXLOOKUPLEVELS 5
#define RELAY_OUTOF_FD_RETRIES 5
#define RELAY_MAX_HASH_RETRIES 5
+#define RELAY_TLS_PRIV_TIMEOUT 1000 /* wait 1sec for the ca */
#define CONFIG_RELOAD 0x00
#define CONFIG_TABLES 0x01