Add mitigation for long processing of signals in VD's environments

* waiting for signals - timeout increased to 20s from 10s
* added 2 ms timeout if tgkill() will return EAGAIN (happend in actual product image in testing once)

Change-Id: I26ce63e66fc36536136a3eab7903efb07fb35437

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index 2716be8..69d930d 100644 (file)
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -109,7 +109,7 @@ struct TidStatus {
 static TidStatus *g_tid_status;
 static int g_all_tid_num;
 
-#define MAX_SIG_WAIT_TIME   5000 // times 2 ms thats 10 seconds
+#define MAX_SIG_WAIT_TIME   10000 // times 2 ms thats 20 seconds
 
 // Hackish, based on glibc's definition in sysdeps/unix/sysv/linux/nptl-signals.h
 #define SIGSETXID           (__SIGRTMIN + 1)
@@ -720,7 +720,18 @@ static inline int security_manager_sync_threads_internal(const std::string &app_
             g_tid_status[tid_index++].tid = *it;
 
             if (Syscall::tgkill(cur_pid, *it, SIGSETXID) < 0) {
-                const auto err = errno;
+                auto err = errno;
+
+                if (EAGAIN == err) { // resource temporarily unavailable, trying again
+                    LogWarning("Received EAGAIN from tgkill, will wait 2 ms & try again");
+                    usleep(2000);   // 2 ms
+                    if (Syscall::tgkill(cur_pid, *it, SIGSETXID) < 0) {
+                        err = errno;
+                    } else {
+                        ++it;
+                        continue;
+                    }
+                }
                 if (ESRCH == err) { // thread already gone
                     threads_gone++;
                     g_tid_status[tid_index-1].status = TID_STATUS_DEAD;