From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Mon, 3 Mar 2014 20:13:44 +0000 (-0500)
Subject: nwfilter: Cap the poll timeout in the DHCP Snooping code
X-Git-Tag: v1.2.3-rc1~368
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a718eb19e344f2d8f5e9042a290f9aaa8f651a78;p=thirdparty%2Flibvirt.git

nwfilter: Cap the poll timeout in the DHCP Snooping code

Cap the poll timeout in the DHCP Snooping code to a max. of 10 seconds
to not hold up the libvirt shutdown longer than this.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---

diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
index a96a790f30..de9c33b60f 100644
--- a/src/nwfilter/nwfilter_dhcpsnoop.c
+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
@@ -265,6 +265,7 @@ struct _virNWFilterSnoopRateLimitConf {
     const unsigned int burstRate;
     const unsigned int burstInterval;
 };
+#define SNOOP_POLL_MAX_TIMEOUT_MS  (10 * 1000) /* milliseconds */
 
 typedef struct _virNWFilterSnoopPcapConf virNWFilterSnoopPcapConf;
 typedef virNWFilterSnoopPcapConf *virNWFilterSnoopPcapConfPtr;
@@ -1419,6 +1420,10 @@ virNWFilterDHCPSnoopThread(void *req0)
             break;
         }
 
+        /* cap pollTo so we don't hold up the join for too long */
+        if (pollTo < 0 || pollTo > SNOOP_POLL_MAX_TIMEOUT_MS)
+            pollTo = SNOOP_POLL_MAX_TIMEOUT_MS;
+
         n = poll(fds, ARRAY_CARDINALITY(fds), pollTo);
 
         if (n < 0) {