Commit Graph

34345 Commits

Author SHA1 Message Date
Ondřej Surý
32a3970b13 Replace netievent lock-free queue with simple locked queue
The current implementation of isc_queue uses Michael-Scott lock-free
queue that in turn uses hazard pointers.  It was discovered that the way
we use the isc_queue, such complicated mechanism isn't really needed,
because most of the time, we either execute the work directly when on
nmthread (in case of UDP) or schedule the work from the matching
nmthreads.

Replace the current implementation of the isc_queue with a simple locked
ISC_LIST.  There's a slight improvement - since copying the whole list
is very lightweight - we move the queue into a new list before we start
the processing and locking just for moving the queue and not for every
single item on the list.

NOTE: There's a room for future improvements - since we don't guarantee
the order in which the netievents are processed, we could have two lists
- one unlocked that would be used when scheduling the work from the
matching thread and one locked that would be used from non-matching
thread.

(cherry picked from commit 6bd025942c)
2022-05-25 16:01:58 +02:00
Ondřej Surý
5bed841c1c Merge branch '2801-unittest-isc-netmgr-s390x-v9_16' into 'v9_16'
Fix failures in isc netmgr_test on big endian machines

See merge request isc-projects/bind9!6354
2022-05-24 18:29:07 +00:00
Petr Menšík
1feb389f80 Fix failures in isc netmgr_test on big endian machines
Typing from libuv structure to isc_region_t is not possible, because
their sizes differ on 64 bit architectures. Little endian machines seems
to be lucky and still result in test passed. But big endian machine such
as s390x fails the test reliably.

Fix by directly creating the buffer as isc_region_t and skipping the
type conversion. More readable and still more correct.

(cherry picked from commit 057438cb45)
2022-05-24 20:23:04 +02:00
Matthijs Mekking
66ecde5b27 Merge branch '3354-cid-352776-missing_lock-v9_16' into 'v9_16'
[v9_16] Fix CID 352776: Concurrent data access violations

See merge request isc-projects/bind9!6345
2022-05-23 12:18:49 +00:00
Matthijs Mekking
d3147417c5 Require valid key for dst_key functions
Make sure that the key structure is valid when calling the following
functions:
- dst_key_setexternal
- dst_key_isexternal
- dst_key_setmodified
- dst_key_ismodified

This commit is adapted because 9.16 has a different approach
of deconsting the variable.

(cherry picked from commit 888ec4e0d4)
2022-05-23 12:31:23 +02:00
Matthijs Mekking
7c42c04f3f Fix CID 352776: Concurrent data access violations
*** CID 352776:  Concurrent data access violations  (MISSING_LOCK)
/lib/dns/dst_api.c: 474 in dst_key_setmodified()
468     dst_key_isexternal(dst_key_t *key) {
469		return (key->external);
470     }
471
472     void
473     dst_key_setmodified(dst_key_t *key, bool value) {
>>>     CID 352776:  Concurrent data access violations  (MISSING_LOCK)
>>>     Accessing "key->modified" without holding lock
>>>	"dst_key.mdlock". Elsewhere, "dst_key.modified" is accessed with
>>>	"dst_key.mdlock" held 8 out of 11 times (8 of these accesses
>>>	strongly imply that it is necessary).
474		key->modified = value;
475     }
476
477     bool
478     dst_key_ismodified(dst_key_t *key) {
479		return (key->modified);

(cherry picked from commit 1fa24d0afb)
2022-05-23 12:03:56 +02:00
Ondřej Surý
56adb30e23 Merge branch '3344-threadsanitizer-data-race-in-isc__nm_tcpdns_send-v9_16' into 'v9_16'
Move setting the sock->write_timeout to the async_*send [v9.16]

See merge request isc-projects/bind9!6342
2022-05-19 20:53:01 +00:00
Ondřej Surý
ed4eda5ebc Move setting the sock->write_timeout to the async_*send
Setting the sock->write_timeout from the TCP, TCPDNS, and TLSDNS send
functions could lead to (harmless) data race when setting the value for
the first time when the isc_nm_send() function would be called from
thread not-matching the socket we are sending to.  Move the setting the
sock->write_timeout to the matching async function which is always
called from the matching thread.

(cherry picked from commit 61117840c1)
2022-05-19 22:38:47 +02:00
Ondřej Surý
598c93f2b2 Merge branch '3371-check-for-__attribute__-fallthrough-support-is-sometimes-incorrect-v9_16' into 'v9_16'
Use C2x [[fallthrough]] when supported by LLVM/clang [v9.16]

See merge request isc-projects/bind9!6340
2022-05-19 20:35:26 +00:00
Ondřej Surý
4657b0f0c4 Use C2x [[fallthrough]] when supported by LLVM/clang
Clang added support for the gcc-style fallthrough
attribute (i.e. __attribute__((fallthrough))) in version 10.  However,
__has_attribute(fallthrough) will return 1 in C mode in older versions,
even though they only support the C++11 fallthrough attribute. At best,
the unsupported attribute is simply ignored; at worst, it causes errors.

The C2x fallthrough attribute has the advantages of being supported in
the broadest range of clang versions (added in version 9) and being easy
to check for support. Use C2x [[fallthrough]] attribute if possible, and
fall back to not using an attribute for clang versions that don't have
it.

Courtesy of Joshua Root

(cherry picked from commit 14c8d43863)
2022-05-19 22:02:07 +02:00
Michal Nowak
db5f8ebb6f Merge tag 'v9_16_29' into v9_16
BIND 9.16.29
2022-05-19 13:14:59 +02:00
Evan Hunt
17fd11edaf Merge branch '3350-rndc-dnssec-checkds-doc-v9_16' into 'v9_16'
specify time format in the documentation for 'rdnc dnssec -checkds'

See merge request isc-projects/bind9!6332
2022-05-18 22:49:56 +00:00
Evan Hunt
9aa68d0dd7 specify time format in the documentation for 'rdnc dnssec -checkds'
also clarified the writing in the surrounding paragraph.

(cherry picked from commit 83f9466d61)
2022-05-18 15:37:13 -07:00
Ondřej Surý
38b3d37475 Merge branch '3366-configure-fails-to-find-uv-h-on-bsd-v9_16' into 'v9_16'
Use libuv CFLAGS and LIBS when checking for features [v9.16]

See merge request isc-projects/bind9!6330
2022-05-18 19:55:03 +00:00
Ondřej Surý
b9e5b319db Use libuv CFLAGS and LIBS when checking for features
When autoconf was checking for libuv features, the LIBUV_CFLAGS was not
added to CFLAGS and LIBUV_LIBS to LIBS which resulted in false
negatives.

Use AX_SAVE_FLAGS and AX_RESTORE_FLAGS to temporarily add LIBUV_CFLAGS
and LIBUV_LIBS to their respective variables.

(cherry picked from commit f063ee276e)
2022-05-18 21:18:51 +02:00
Michal Nowak
3b6afee83b Merge branch 'mnowak/fix-typo-in-ednscompliance-test-v9_16' into 'v9_16'
[v9_16] Fix typo in ednscompliance test

See merge request isc-projects/bind9!6328
2022-05-18 17:30:20 +00:00
Michal Nowak
70c41c60b5 Fix typo in ednscompliance test
Caused by ba0313e649, an incomplete fix of
spelling errors.

(cherry picked from commit 9de2c06a21)
2022-05-18 19:19:48 +02:00
Mark Andrews
7204082bb6 Merge branch '3356-wrong-path-for-geoip-directory-v9_16' into 'v9_16'
Remove extraneous '$' in AS_VAR_COPY([MAXMINDDB_PREFIX], [with_maxminddb])

See merge request isc-projects/bind9!6319
2022-05-17 20:02:12 +00:00
Mark Andrews
ea54e39cdb Remove extraneous '$' in AS_VAR_COPY([MAXMINDDB_PREFIX], [with_maxminddb])
(cherry picked from commit 686d691fa9)
2022-05-18 05:38:46 +10:00
Matthijs Mekking
5b8d120d59 Merge branch '3352-kasp-test-broken-on-freebsd-v9_16' into 'v9_16'
[v9_16] Fix "kasp test broken on freebsd"

See merge request isc-projects/bind9!6313
2022-05-17 03:01:45 +00:00
Matthijs Mekking
f922dd3e70 Replace stat with PERL stat in kasp system test
7249bad7 introduced the -c option to stat(1) command, but BSD systems
do not know about it. Replace the stat(1) command with a PERL script
that achieves the same.

Why PERL? For consistency purposes, there are more places in the
system test where we use the same method.

(cherry picked from commit fe601c5915)
2022-05-16 18:53:17 +02:00
Matthijs Mekking
6eb3feb07f Merge branch '3302-keymgr-updates-key-files-each-run-v9_16' into 'v9_16'
[v9_16] Fix "keymgr updates key files each run"

See merge request isc-projects/bind9!6301
2022-05-16 16:51:42 +00:00
Matthijs Mekking
296cb390b6 Add new functions to lib/dns/win32/libdns.def.in
Missing from lib/dns/win32/libdns.def.in:
dst_key_setmodified
dst_key_ismodified
2022-05-16 18:31:55 +02:00
Matthijs Mekking
e8bcf3de5b Add changes and release notes for #3302
Add a comment to make danger happy.

(cherry picked from commit 0f89f0b134)
2022-05-16 10:35:50 +02:00
Matthijs Mekking
c2e8c72298 Check if key metadata is modified before writing
Add a new parameter to the dst_key structure, mark a key modified if
dst_key_(un)set[bool,num,state,time] is called. Only write out key
files during a keymgr run if the metadata has changed.

(cherry picked from commit 1da91b3ab4)
2022-05-16 10:35:33 +02:00
Matthijs Mekking
6226ab2fa9 Add kasp test for #3302
Add a test case that triggers a keymgr run that will not trigger any
metadata changes. Ensure that the last status change of the key files
is unmodified.

(cherry picked from commit 7249bad706)
2022-05-16 10:35:33 +02:00
Evan Hunt
62a5f5b81d Merge branch '3353-dyndb-failure' into 'v9_16'
dont run isc__trampoline_initialize() in dlopen library

See merge request isc-projects/bind9!6309
2022-05-15 19:54:47 +00:00
Evan Hunt
adeddfa8ff dont run isc__trampoline_initialize() in dlopen library
when built without libtool, the sample driver in the dyndb
system test runs library intializers that have already been
run, causing the value for isc__trampoline_min to be reset.
wrap the trampoline initialize and shutdown routines under
isc_once_do() to ensure that they are only run once.
2022-05-15 00:25:32 -07:00
Evan Hunt
7a1ae6255a Merge branch '3327-fetches-per-server-quota-v9_16' into 'v9_16'
fix the fetches-per-server quota calculation

See merge request isc-projects/bind9!6308
2022-05-14 08:28:12 +00:00
Evan Hunt
cd0e13f876 Add CHANGES note for [GL #3327]
(cherry picked from commit 3f478a3bed)
2022-05-14 00:58:29 -07:00
Evan Hunt
6edbe8452c Add lower bound checks to fetchlimit test
Check that the recursing client count is above a reasonable
minimum, as well as below a maximum, so that we can detect
bugs that cause recursion to fail too early or too often.

(cherry picked from commit 8834c44683)
2022-05-14 00:58:29 -07:00
Evan Hunt
82c197d93b Cleanup: always count ns_statscounter_recursclients
The ns_statscounter_recursclients counter was previously only
incremented or decremented if client->recursionquota was non-NULL.
This was harmless, because that value should always be non-NULL if
recursion is enabled, but it made the code slightly confusing.

(cherry picked from commit 0201eab655)
2022-05-14 00:58:26 -07:00
Evan Hunt
9582d05683 Disable EDNS for the fetchlimit test server
The fetchlimit test depends on a resolver continuing to try UDP
and timing out while the client waits for resolution to succeed.
but since commit bb990030 (flag day 2020), a fetch will always
switch to TCP after two timeouts, unless EDNS was disabled for
the query.

This commit adds "edns no;" to server statements in the fetchlimit
resolver, to restore the behavior expected by the test.

(cherry picked from commit 81deb24deb)
2022-05-14 00:52:22 -07:00
Evan Hunt
8516efa4fd Fix the fetches-per-server quota calculation
Since commit bad5a523c2, when the fetches-per-server quota
was increased or decreased, instead of the value being set to
the newly calculated quota, it was set to the *minimum* of
the new quota or 1 - which effectively meant it was always set to 1.
it should instead have been the maximum, to prevent the value from
ever dropping to zero.

(cherry picked from commit 694bc50273)
2022-05-14 00:52:22 -07:00
Evan Hunt
77418a1117 Merge branch '3351-checkconf-overflow-v9_16' into 'v9_16'
prevent a possible buffer overflow in configuration check

See merge request isc-projects/bind9!6305
2022-05-14 04:21:08 +00:00
Evan Hunt
b6670787d2 prevent a possible buffer overflow in configuration check
corrected code that could have allowed a buffer overfow while
parsing named.conf.

(cherry picked from commit 921043b541)
2022-05-13 20:30:41 -07:00
Ondřej Surý
45fbcb2f94 Merge branch 'ondrej-fix-trampoline-locking-v9_16' into 'v9_16'
Lock the trampoline when attaching [v9.16]

See merge request isc-projects/bind9!6299
2022-05-13 12:06:23 +00:00
Ondřej Surý
be7f672fcc Lock the trampoline when attaching
When attaching to the trampoline, the isc__trampoline_max was access
unlocked.  This would not manifest under normal circumstances because we
initialize 65 trampolines by default and that's enough for most
commodity hardware, but there are ARM machines with 128+ cores where
this would be reported by ThreadSanitizer.

Add locking around the code in isc__trampoline_attach().  This also
requires the lock to leak on exit (along with memory that we already)
because a new thread might be attaching to the trampoline while we are
running the library destructor at the same time.

(cherry picked from commit 933162ae14)
2022-05-13 13:42:23 +02:00
Matthijs Mekking
b2ae8ba5f8 Merge branch '3335-confusing-parental-source-documentation-v9_16' into 'v9_16'
[v9_16] Remove confusing parental-source line

See merge request isc-projects/bind9!6287
2022-05-11 15:02:32 +00:00
Matthijs Mekking
24913fc696 Remove confusing parental-source line
Remove the line "This address must appear in the secondary server’s
parental-agents zone clause". This line is a copy paste error from
notify-source.

Rewrap.

(cherry picked from commit 313f606692)
2022-05-11 15:01:35 +00:00
Michał Kępień
31abf01e04 Merge branch 'michal/drop-post-merge-pipelines-v9_16' into 'v9_16'
[v9_16] Drop post-merge pipelines

See merge request isc-projects/bind9!6294
2022-05-11 13:08:00 +00:00
Michał Kępień
fc028b873d Drop post-merge pipelines
Commit 24961f6068 introduced the concept
of post-merge pipelines.  These were used to build documentation after
each merge to any of the maintained branches, to allow up-to-date
documentation to be subsequently published on the bind.isc.org
microsite.  As the latter no longer downloads documentation from GitLab,
instead linking to Read the Docs for all currently maintained branches,
post-merge pipelines have become redundant since running the
"autoreconf" and "docs" jobs after each merge is not necessary any more.
Drop the "release_branch_triggering_rules" YAML anchor and revert to
default triggering rules for the "autoconf" and "docs" jobs, effectively
preventing pipelines from being created after each merge to any of the
maintained branches.

(cherry picked from commit 7b8c9e04fc)
2022-05-11 15:06:09 +02:00
Michał Kępień
925b15024d Merge branch '565-do-not-trigger-gitlab-pages-pipelines-any-more-v9_16' into 'v9_16'
Do not trigger GitLab Pages pipelines any more

See merge request isc-projects/bind9!6291
2022-05-11 12:22:44 +00:00
Michał Kępień
8ddb6cb12c Do not trigger GitLab Pages pipelines any more
The bind.isc.org microsite no longer downloads documentation from
GitLab, instead linking to Read the Docs for all currently maintained
branches.  This makes it redundant to trigger GitLab Pages pipelines
after each merge to any of the maintained branches.  Revert changes
introduced by commit 31bde118db: remove
the "push:docs" job along with the "push" stage it is associated with
and revert artifact expiry time for the "docs" job to the default value.

(cherry picked from commit a7fccaee82)
2022-05-11 14:14:11 +02:00
Petr Špaček
fb220e3652 Merge branch 'pspacek/arm-remove-solaris251-v9_16' into 'v9_16'
Remove ARM notes about Solaris 2.5.1 [v9_16]

See merge request isc-projects/bind9!6289
2022-05-11 10:54:24 +00:00
Petr Špaček
0366ff94ee Remove ARM notes about Solaris 2.5.1
It was released in May 1996 and hopefully is not used to run BIND
anymore.

(cherry picked from commit 4388656f60)
2022-05-11 12:54:01 +02:00
Michal Nowak
ed266b41cb Merge branch 'mnowak/set-up-version-and-release-notes-for-bind-9.16.30' into 'v9_16'
Set up version and release notes for BIND 9.16.30

See merge request isc-projects/bind9!6283
2022-05-11 09:13:53 +00:00
Michal Nowak
9b7487b2f2 Set up release notes for BIND 9.16.30 2022-05-11 11:04:21 +02:00
Michal Nowak
68fe5ac27f Update BIND version to 9.16.30-dev 2022-05-11 11:03:35 +02:00
Tinderbox User
7e23e43e14 Merge branch 'prep-release' into v9_16_29-release v9.16.29 2022-05-10 09:02:21 +00:00