diff options
Diffstat (limited to 'nscd/connections.c')
-rw-r--r-- | nscd/connections.c | 234 |
1 files changed, 112 insertions, 122 deletions
diff --git a/nscd/connections.c b/nscd/connections.c index 89a1ea4967..3d98889eba 100644 --- a/nscd/connections.c +++ b/nscd/connections.c @@ -69,7 +69,6 @@ static gid_t *server_groups; # define NGROUPS 32 #endif static int server_ngroups; -static volatile int sighup_pending; static pthread_attr_t attr; @@ -105,7 +104,7 @@ struct database_dyn dbs[lastdb] = { [pwddb] = { .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP, - .prunelock = PTHREAD_MUTEX_INITIALIZER, + .prune_lock = PTHREAD_MUTEX_INITIALIZER, .enabled = 0, .check_file = 1, .persistent = 0, @@ -124,7 +123,7 @@ struct database_dyn dbs[lastdb] = }, [grpdb] = { .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP, - .prunelock = PTHREAD_MUTEX_INITIALIZER, + .prune_lock = PTHREAD_MUTEX_INITIALIZER, .enabled = 0, .check_file = 1, .persistent = 0, @@ -143,7 +142,7 @@ struct database_dyn dbs[lastdb] = }, [hstdb] = { .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP, - .prunelock = PTHREAD_MUTEX_INITIALIZER, + .prune_lock = PTHREAD_MUTEX_INITIALIZER, .enabled = 0, .check_file = 1, .persistent = 0, @@ -162,7 +161,7 @@ struct database_dyn dbs[lastdb] = }, [servdb] = { .lock = PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP, - .prunelock = PTHREAD_MUTEX_INITIALIZER, + .prune_lock = PTHREAD_MUTEX_INITIALIZER, .enabled = 0, .check_file = 1, .persistent = 0, @@ -211,10 +210,6 @@ static struct }; -/* Number of seconds between two cache pruning runs. */ -#define CACHE_PRUNE_INTERVAL 15 - - /* Initial number of threads to use. */ int nthreads = -1; /* Maximum number of threads to use. */ @@ -496,7 +491,7 @@ nscd_init (void) if (nthreads == -1) /* No configuration for this value, assume a default. */ - nthreads = 2 * lastdb; + nthreads = 4; for (size_t cnt = 0; cnt < lastdb; ++cnt) if (dbs[cnt].enabled) @@ -899,7 +894,11 @@ invalidate_cache (char *key, int fd) } if (dbs[number].enabled) - prune_cache (&dbs[number], LONG_MAX, fd); + { + pthread_mutex_lock (&dbs[number].prune_lock); + prune_cache (&dbs[number], LONG_MAX, fd); + pthread_mutex_unlock (&dbs[number].prune_lock); + } else { resp = 0; @@ -971,9 +970,13 @@ cannot handle old request version %d; current version is %d"), return; } - /* Make the SELinux check before we go on to the standard checks. */ + /* Perform the SELinux check before we go on to the standard checks. */ if (selinux_enabled && nscd_request_avc_has_perm (fd, req->type) != 0) - return; + { + if (debug_level > 0) + dbg_log (_("request not handled due to missing permission")); + return; + } struct database_dyn *db = reqinfo[req->type].db; @@ -1337,7 +1340,7 @@ static struct fdlist *readylist; /* Conditional variable and mutex to signal availability of entries in READYLIST. The condvar is initialized dynamically since we might use a different clock depending on availability. */ -static pthread_cond_t readylist_cond; +static pthread_cond_t readylist_cond = PTHREAD_COND_INITIALIZER; static pthread_mutex_t readylist_lock = PTHREAD_MUTEX_INITIALIZER; /* The clock to use with the condvar. */ @@ -1347,32 +1350,76 @@ static clockid_t timeout_clock = CLOCK_REALTIME; static unsigned long int nready; -/* This is the main loop. It is replicated in different threads but the - `poll' call makes sure only one thread handles an incoming connection. */ +/* Function for the clean-up threads. */ static void * __attribute__ ((__noreturn__)) -nscd_run (void *p) +nscd_run_prune (void *p) { const long int my_number = (long int) p; - const int run_prune = my_number < lastdb && dbs[my_number].enabled; + assert (dbs[my_number].enabled); + + int dont_need_update = setup_thread (&dbs[my_number]); + + /* We are running. */ + dbs[my_number].head->timestamp = time (NULL); + struct timespec prune_ts; - int to = 0; - char buf[256]; + if (clock_gettime (timeout_clock, &prune_ts) == -1) + /* Should never happen. */ + abort (); - if (run_prune) + /* Compute the initial timeout time. Prevent all the timers to go + off at the same time by adding a db-based value. */ + prune_ts.tv_sec += CACHE_PRUNE_INTERVAL + my_number; + + pthread_mutex_lock (&dbs[my_number].prune_lock); + while (1) { - setup_thread (&dbs[my_number]); + /* Wait, but not forever. */ + int e = pthread_cond_timedwait (&dbs[my_number].prune_cond, + &dbs[my_number].prune_lock, + &prune_ts); + assert (e == 0 || e == ETIMEDOUT); - /* We are running. */ - dbs[my_number].head->timestamp = time (NULL); + time_t next_wait; + time_t now = time (NULL); + if (e == ETIMEDOUT now >= dbs[my_number].wakeup_time) + { + next_wait = prune_cache (&dbs[my_number], now, -1); + next_wait = MAX (next_wait, CACHE_PRUNE_INTERVAL); + /* If clients cannot determine for sure whether nscd is running + we need to wake up occasionally to update the timestamp. + Wait 90% of the update period. */ +#define UPDATE_MAPPING_TIMEOUT (MAPPING_TIMEOUT * 9 / 10) + if (__builtin_expect (! dont_need_update, 0)) + next_wait = MIN (UPDATE_MAPPING_TIMEOUT, next_wait); + + /* Make it known when we will wake up again. */ + dbs[my_number].wakeup_time = now + next_wait; + } + else + /* The cache was just pruned. Do not do it again now. Just + use the new timeout value. */ + next_wait = dbs[my_number].wakeup_time - now; if (clock_gettime (timeout_clock, &prune_ts) == -1) /* Should never happen. */ abort (); - /* Compute timeout time. */ - prune_ts.tv_sec += CACHE_PRUNE_INTERVAL; + /* Compute next timeout time. */ + prune_ts.tv_sec += next_wait; } +} + + +/* This is the main loop. It is replicated in different threads but + the the use of the ready list makes sure only one thread handles an + incoming connection. */ +static void * +__attribute__ ((__noreturn__)) +nscd_run_worker (void *p) +{ + char buf[256]; /* Initial locking. */ pthread_mutex_lock (&readylist_lock); @@ -1383,58 +1430,7 @@ nscd_run (void *p) while (1) { while (readylist == NULL) - { - if (run_prune) - { - /* Wait, but not forever. */ - to = pthread_cond_timedwait (&readylist_cond, &readylist_lock, - &prune_ts); - - /* If we were woken and there is no work to be done, - just start pruning. */ - if (readylist == NULL && to == ETIMEDOUT) - { - --nready; - - if (sighup_pending) - goto sighup_prune; - - pthread_mutex_unlock (&readylist_lock); - goto only_prune; - } - } - else - /* No need to timeout. */ - pthread_cond_wait (&readylist_cond, &readylist_lock); - } - - if (sighup_pending) - { - --nready; - pthread_cond_signal (&readylist_cond); - sighup_prune: - sighup_pending = 0; - pthread_mutex_unlock (&readylist_lock); - - /* Prune the password database. */ - if (dbs[pwddb].enabled) - prune_cache (&dbs[pwddb], LONG_MAX, -1); - - /* Prune the group database. */ - if (dbs[grpdb].enabled) - prune_cache (&dbs[grpdb], LONG_MAX, -1); - - /* Prune the host database. */ - if (dbs[hstdb].enabled) - prune_cache (&dbs[hstdb], LONG_MAX, -1); - - /* Re-locking. */ - pthread_mutex_lock (&readylist_lock); - - /* One more thread available. */ - ++nready; - continue; - } + pthread_cond_wait (&readylist_cond, &readylist_lock); struct fdlist *it = readylist->next; if (readylist->next == readylist) @@ -1537,28 +1533,6 @@ handle_request: request received (Version = %d)"), req.version); /* We are done. */ close (fd); - /* Check whether we should be pruning the cache. */ - assert (run_prune || to == 0); - if (to == ETIMEDOUT) - { - only_prune: - /* The pthread_cond_timedwait() call timed out. It is time - to clean up the cache. */ - assert (my_number < lastdb); - prune_cache (&dbs[my_number], time (NULL), -1); - - if (clock_gettime (timeout_clock, &prune_ts) == -1) - /* Should never happen. */ - abort (); - - /* Compute next timeout time. */ - prune_ts.tv_sec += CACHE_PRUNE_INTERVAL; - - /* In case the list is emtpy we do not want to run the prune - code right away again. */ - to = 0; - } - /* Re-locking. */ pthread_mutex_lock (&readylist_lock); @@ -1601,7 +1575,7 @@ fd_ready (int fd) /* Try to start another thread to help out. */ pthread_t th; if (nthreads < max_nthreads - && pthread_create (&th, &attr, nscd_run, + && pthread_create (&th, &attr, nscd_run_worker, (void *) (long int) nthreads) == 0) { /* We got another thread. */ @@ -1861,34 +1835,57 @@ start_threads (void) timeout_clock = CLOCK_MONOTONIC; #endif - pthread_cond_init (&readylist_cond, &condattr); - pthread_condattr_destroy (&condattr); - - /* Create the attribute for the threads. They are all created detached. */ pthread_attr_init (&attr); pthread_attr_setdetachstate (&attr, PTHREAD_CREATE_DETACHED); /* Use 1MB stacks, twice as much for 64-bit architectures. */ - pthread_attr_setstacksize (&attr, 1024 * 1024 * (sizeof (void *) / 4)); + pthread_attr_setstacksize (&attr, NSCD_THREAD_STACKSIZE); /* We allow less than LASTDB threads only for debugging. */ if (debug_level == 0) nthreads = MAX (nthreads, lastdb); - int nfailed = 0; - for (long int i = 0; i < nthreads; ++i) + /* Create the threads which prune the databases. */ + // XXX Ideally this work would be done by some of the worker threads. + // XXX But this is problematic since we would need to be able to wake + // XXX them up explicitly as well as part of the group handling the + // XXX ready-list. This requires an operation where we can wait on + // XXX two conditional variables at the same time. This operation + // XXX does not exist (yet). + for (long int i = 0; i < lastdb; ++i) { + /* Initialize the conditional variable. */ + if (pthread_cond_init (&dbs[i].prune_cond, &condattr) != 0) + { + dbg_log (_("could not initialize conditional variable")); + exit (1); + } + pthread_t th; - if (pthread_create (&th, &attr, nscd_run, (void *) (i - nfailed)) != 0) - ++nfailed; + if (dbs[i].enabled + && pthread_create (&th, &attr, nscd_run_prune, (void *) i) != 0) + { + dbg_log (_("could not start clean-up thread; terminating")); + exit (1); + } } - if (nthreads - nfailed < lastdb) + + pthread_condattr_destroy (&condattr); + + for (long int i = 0; i < nthreads; ++i) { - /* We could not start enough threads. */ - dbg_log (_("could only start %d threads; terminating"), - nthreads - nfailed); - exit (1); + pthread_t th; + if (pthread_create (&th, &attr, nscd_run_worker, NULL) != 0) + { + if (i == 0) + { + dbg_log (_("could not start any worker thread; terminating")); + exit (1); + } + + break; + } } /* Determine how much room for descriptors we should initially @@ -2011,10 +2008,3 @@ finish_drop_privileges (void) install_real_capabilities (new_caps); #endif } - -/* Handle the HUP signal which will force a dump of the cache */ -void -sighup_handler (int signum) -{ - sighup_pending = 1; -} |