Re: [libvirt] [PATCH v3 3/9] rpc: set listen backlog on FDs as well as on other sockets

On Wed, Aug 13, 2014 at 03:54:02PM +0100, Daniel P. Berrange wrote: >On Wed, Jul 23, 2014 at 04:27:07PM +0200, Martin Kletzander wrote: >>Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com&gt; >>--- >> src/locking/lock_daemon.c | 2 +- >> src/rpc/virnetserverservice.c | 5 +++++ >> src/rpc/virnetserverservice.h | 1 + >> 3 files changed, 7 insertions(+), 1 deletion(-) >> >>diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c >>index e9219d5..02d77e3 100644 >>--- a/src/locking/lock_daemon.c >>+++ b/src/locking/lock_daemon.c >>@@ -614,7 +614,7 @@ virLockDaemonSetupNetworkingSystemD(virNetServerPtr srv) >> #if WITH_GNUTLS >> NULL, >> #endif >>- false, 1))) >>+ false, 0, 1))) >> return -1; >> >> if (virNetServerAddService(srv, svc, NULL) < 0) { >>diff --git a/src/rpc/virnetserverservice.c b/src/rpc/virnetserverservice.c >>index e85889b..fea05c3 100644 >>--- a/src/rpc/virnetserverservice.c >>+++ b/src/rpc/virnetserverservice.c >>@@ -133,6 +133,7 @@ virNetServerServiceNewFDOrUNIX(const char *path, >> tls, >> #endif >> readonly, >>+ max_queued_clients, >> nrequests_client_max); >> } >> } >>@@ -265,6 +266,7 @@ virNetServerServicePtr virNetServerServiceNewFD(int fd, >> virNetTLSContextPtr tls, >> #endif >> bool readonly, >>+ size_t max_queued_clients, >> size_t nrequests_client_max) >> { >> virNetServerServicePtr svc; >>@@ -292,6 +294,9 @@ virNetServerServicePtr virNetServerServiceNewFD(int fd, >> goto error; >> >> for (i = 0; i < svc->nsocks; i++) { >>+ if (virNetSocketListen(svc->socks[i], max_queued_clients) < 0) >>+ goto error; > >Hmm, systemd should have already called listen() on the socket FD it >passes to us. I wonder if it is better than we do the same when >auto-spawning libvirtd passing it a listening socket. You kind of >need to listen() to avoid a race condition I believe when spawning >libvirtd twice. eg if libvirt.so calls listen() and it fails then >we know there's another libvirtd in the process of being started >on that socket, so we can go back to trying to connect() until it >succeeeds. > Yes, it does, but we call listen() here to adjust the backlog value. It still works, no clients get disconnected, but kernel knows what backlog we want from now on. Because of this and other settings that must be done by systemd (or virsh), there is a new comment in the configuration file saying that systemd should be set the same way libvirt is (socket permissions, backlog, etc.)