nwfilter: Cap the poll timeout in the DHCP Snooping code

Cap the poll timeout in the DHCP Snooping code to a max. of 10 seconds
to not hold up the libvirt shutdown longer than this.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
index a96a790f301edfcd453ec5a023700bde50a99aa8..de9c33b60f7ce1d64e2c561e315760e837073416 100644 (file)
--- a/src/nwfilter/nwfilter_dhcpsnoop.c
+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
@@ -265,6 +265,7 @@ struct _virNWFilterSnoopRateLimitConf {
     const unsigned int burstRate;
     const unsigned int burstInterval;
 };
+#define SNOOP_POLL_MAX_TIMEOUT_MS  (10 * 1000) /* milliseconds */
 
 typedef struct _virNWFilterSnoopPcapConf virNWFilterSnoopPcapConf;
 typedef virNWFilterSnoopPcapConf *virNWFilterSnoopPcapConfPtr;
@@ -1419,6 +1420,10 @@ virNWFilterDHCPSnoopThread(void *req0)
             break;
         }
 
+        /* cap pollTo so we don't hold up the join for too long */
+        if (pollTo < 0 || pollTo > SNOOP_POLL_MAX_TIMEOUT_MS)
+            pollTo = SNOOP_POLL_MAX_TIMEOUT_MS;
+
         n = poll(fds, ARRAY_CARDINALITY(fds), pollTo);
 
         if (n < 0) {