From 768fcd779fbb9fd86932da4bef031260b88da210 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 13 Jun 2023 10:15:59 +0200 Subject: [PATCH] socket: bump listen() backlog to INT_MAX everywhere MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is a rework of #24764 by Cristian Rodríguez , which stalled. Instead of assigning -1 we'll use a macro defined to INT_MAX however. --- man/systemd.socket.xml | 13 +++++++------ src/basic/socket-util.h | 7 +++++++ src/core/dbus.c | 2 +- src/core/socket.c | 2 +- src/journal/journald-stream.c | 2 +- src/libsystemd/sd-bus/test-bus-watch-bind.c | 2 +- src/resolve/resolved-dns-stub.c | 4 ++-- src/resolve/resolved-llmnr.c | 4 ++-- src/shared/socket-netlink.c | 2 +- src/shared/varlink.c | 2 +- src/test/test-socket-util.c | 6 +++--- src/userdb/userdbd-manager.c | 2 +- 12 files changed, 28 insertions(+), 20 deletions(-) diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index 474f1d309d..ec145c3710 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -341,12 +341,13 @@ Backlog= - Takes an unsigned integer argument. Specifies - the number of connections to queue that have not been accepted - yet. This setting matters only for stream and sequential - packet sockets. See - listen2 - for details. Defaults to SOMAXCONN (128). + Takes an unsigned 32bit integer argument. Specifies the number of connections to + queue that have not been accepted yet. This setting matters only for stream and sequential packet + sockets. See + listen2 for + details. Note that this value is silently capped by the net.core.somaxconn sysctl, + which typically defaults to 4096. By default this is set to 4294967295, so that the sysctl takes full + effect. diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h index b323b1b99f..37763446bd 100644 --- a/src/basic/socket-util.h +++ b/src/basic/socket-util.h @@ -354,3 +354,10 @@ int connect_unix_path(int fd, int dir_fd, const char *path); * protocol mismatch. */ int socket_address_parse_unix(SocketAddress *ret_address, const char *s); int socket_address_parse_vsock(SocketAddress *ret_address, const char *s); + +/* libc's SOMAXCONN is defined to 128 or 4096 (at least on glibc). But actually, the value can be much + * larger. In our codebase we want to set it to the max usually, since noawadays socket memory is properly + * tracked by memcg, and hence we don't need to enforce extra limits here. Moreover, the kernel caps it to + * /proc/sys/net/core/somaxconn anyway, thus by setting this to unbounded we just make that sysctl file + * authoritative. */ +#define SOMAXCONN_DELUXE INT_MAX diff --git a/src/core/dbus.c b/src/core/dbus.c index 3fef44e668..ba2cec4d77 100644 --- a/src/core/dbus.c +++ b/src/core/dbus.c @@ -972,7 +972,7 @@ int bus_init_private(Manager *m) { if (r < 0) return log_error_errno(errno, "Failed to bind private socket: %m"); - r = listen(fd, SOMAXCONN); + r = listen(fd, SOMAXCONN_DELUXE); if (r < 0) return log_error_errno(errno, "Failed to make private socket listening: %m"); diff --git a/src/core/socket.c b/src/core/socket.c index f8fe62c919..8e7797139b 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -82,7 +82,7 @@ static void socket_init(Unit *u) { assert(u); assert(u->load_state == UNIT_STUB); - s->backlog = SOMAXCONN; + s->backlog = SOMAXCONN_DELUXE; s->timeout_usec = u->manager->default_timeout_start_usec; s->directory_mode = 0755; s->socket_mode = 0666; diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c index 735e2c5e8b..222b036698 100644 --- a/src/journal/journald-stream.c +++ b/src/journal/journald-stream.c @@ -938,7 +938,7 @@ int server_open_stdout_socket(Server *s, const char *stdout_socket) { (void) chmod(sa.un.sun_path, 0666); - if (listen(s->stdout_fd, SOMAXCONN) < 0) + if (listen(s->stdout_fd, SOMAXCONN_DELUXE) < 0) return log_error_errno(errno, "listen(%s) failed: %m", sa.un.sun_path); } else (void) fd_nonblock(s->stdout_fd, true); diff --git a/src/libsystemd/sd-bus/test-bus-watch-bind.c b/src/libsystemd/sd-bus/test-bus-watch-bind.c index 987d151b55..a504437ac5 100644 --- a/src/libsystemd/sd-bus/test-bus-watch-bind.c +++ b/src/libsystemd/sd-bus/test-bus-watch-bind.c @@ -76,7 +76,7 @@ static void* thread_server(void *p) { assert_se(bind(fd, &u.sa, sa_len) >= 0); usleep(100 * USEC_PER_MSEC); - assert_se(listen(fd, SOMAXCONN) >= 0); + assert_se(listen(fd, SOMAXCONN_DELUXE) >= 0); usleep(100 * USEC_PER_MSEC); assert_se(touch(path) >= 0); diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c index 3a7d6977f6..259f82eff4 100644 --- a/src/resolve/resolved-dns-stub.c +++ b/src/resolve/resolved-dns-stub.c @@ -1205,7 +1205,7 @@ static int manager_dns_stub_fd( return -errno; if (type == SOCK_STREAM && - listen(fd, SOMAXCONN) < 0) + listen(fd, SOMAXCONN_DELUXE) < 0) return -errno; r = sd_event_add_io(m->event, event_source, fd, EPOLLIN, @@ -1295,7 +1295,7 @@ static int manager_dns_stub_fd_extra(Manager *m, DnsStubListenerExtra *l, int ty goto fail; if (type == SOCK_STREAM && - listen(fd, SOMAXCONN) < 0) { + listen(fd, SOMAXCONN_DELUXE) < 0) { r = -errno; goto fail; } diff --git a/src/resolve/resolved-llmnr.c b/src/resolve/resolved-llmnr.c index 4ab455eb2f..8fac351ee6 100644 --- a/src/resolve/resolved-llmnr.c +++ b/src/resolve/resolved-llmnr.c @@ -392,7 +392,7 @@ int manager_llmnr_ipv4_tcp_fd(Manager *m) { return log_error_errno(r, "LLMNR-IPv4(TCP): Failed to set SO_REUSEADDR: %m"); } - r = listen(s, SOMAXCONN); + r = listen(s, SOMAXCONN_DELUXE); if (r < 0) return log_error_errno(errno, "LLMNR-IPv4(TCP): Failed to listen the stream: %m"); @@ -457,7 +457,7 @@ int manager_llmnr_ipv6_tcp_fd(Manager *m) { return log_error_errno(r, "LLMNR-IPv6(TCP): Failed to set SO_REUSEADDR: %m"); } - r = listen(s, SOMAXCONN); + r = listen(s, SOMAXCONN_DELUXE); if (r < 0) return log_error_errno(errno, "LLMNR-IPv6(TCP): Failed to listen the stream: %m"); diff --git a/src/shared/socket-netlink.c b/src/shared/socket-netlink.c index e115dff506..0ba5762761 100644 --- a/src/shared/socket-netlink.c +++ b/src/shared/socket-netlink.c @@ -180,7 +180,7 @@ int make_socket_fd(int log_level, const char* address, int type, int flags) { a.type = type; - fd = socket_address_listen(&a, type | flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT, + fd = socket_address_listen(&a, type | flags, SOMAXCONN_DELUXE, SOCKET_ADDRESS_DEFAULT, NULL, false, false, false, 0755, 0644, NULL); if (fd < 0 || log_get_max_level() >= log_level) { _cleanup_free_ char *p = NULL; diff --git a/src/shared/varlink.c b/src/shared/varlink.c index ab97af57e2..333cd3af58 100644 --- a/src/shared/varlink.c +++ b/src/shared/varlink.c @@ -2750,7 +2750,7 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t return r; } - if (listen(fd, SOMAXCONN) < 0) + if (listen(fd, SOMAXCONN_DELUXE) < 0) return -errno; r = varlink_server_create_listen_fd_socket(s, fd, &ss); diff --git a/src/test/test-socket-util.c b/src/test/test-socket-util.c index 71ec766ca1..0259cbf3bb 100644 --- a/src/test/test-socket-util.c +++ b/src/test/test-socket-util.c @@ -444,9 +444,9 @@ TEST(flush_accept) { assert_se(flush_accept(listen_dgram) < 0); assert_se(flush_accept(listen_seqpacket) < 0); - assert_se(listen(listen_stream, SOMAXCONN) >= 0); - assert_se(listen(listen_dgram, SOMAXCONN) < 0); - assert_se(listen(listen_seqpacket, SOMAXCONN) >= 0); + assert_se(listen(listen_stream, SOMAXCONN_DELUXE) >= 0); + assert_se(listen(listen_dgram, SOMAXCONN_DELUXE) < 0); + assert_se(listen(listen_seqpacket, SOMAXCONN_DELUXE) >= 0); assert_se(flush_accept(listen_stream) >= 0); assert_se(flush_accept(listen_dgram) < 0); diff --git a/src/userdb/userdbd-manager.c b/src/userdb/userdbd-manager.c index 80735b3fd9..8101ac52db 100644 --- a/src/userdb/userdbd-manager.c +++ b/src/userdb/userdbd-manager.c @@ -272,7 +272,7 @@ int manager_startup(Manager *m) { if (r < 0) return log_error_errno(r, "Failed to bind io.systemd.Multiplexer: %m"); - if (listen(m->listen_fd, SOMAXCONN) < 0) + if (listen(m->listen_fd, SOMAXCONN_DELUXE) < 0) return log_error_errno(errno, "Failed to listen on socket: %m"); }