Witold Kręcicki
3942b226b8
Fix a shutdown race in netmgr udp
...
We need to mark the socket as inactive early (and synchronously)
in the stoplistening process; otherwise we might destroy the
callback argument before we actually stop listening, and call
the callback on bad memory.
(cherry picked from commit 1cf65cd882
2020-10-01 16:44:43 +02:00
Evan Hunt
ca39572e5d
clean up outerhandle when a tcpdns socket is disconnected
...
this prevents a crash when some non-netmgr thread, such as a
recursive lookup, times out after the TCP socket is already
disconnected.
(cherry picked from commit 3704c4fff2
2020-10-01 16:44:43 +02:00
Evan Hunt
f64a881a30
change the signature of recv callbacks to include a result code
...
this will allow recv event handlers to distinguish between cases
in which the region is NULL because of error, shutdown, or cancelation.
(cherry picked from commit 75c985c07f
2020-10-01 16:44:43 +02:00
Evan Hunt
d9d482e9e2
implement isc_nm_cancelread()
...
The isc_nm_cancelread() function cancels reading on a connected
socket and calls its read callback function with a 'result'
parameter of ISC_R_CANCELED.
(cherry picked from commit 5191ec8f86
2020-10-01 16:44:43 +02:00
Evan Hunt
e1ebbaacea
shorten the sleep in isc_nm_destroy()
...
when isc_nm_destroy() is called, there's a loop that waits for
other references to be detached, pausing and unpausing the netmgr
to ensure that all the workers' events are run, followed by a
1-second sleep. this caused a delay on shutdown which will be
noticeable when netmgr is used in tools other than named itself,
so the delay has now been reduced to a hundredth of a second.
(cherry picked from commit 870204fe47
2020-10-01 16:44:43 +02:00
Evan Hunt
a9061ea123
implement isc_nm_tcpconnect()
...
the isc_nm_tcpconnect() function establishes a client connection via
TCP. once the connection is esablished, a callback function will be
called with a newly created network manager handle.
(cherry picked from commit abbb79f9d1
2020-10-01 16:44:43 +02:00
Witold Kręcicki
8db2ef9f8e
allow tcpdns sockets to self-reference while connected
...
A TCPDNS socket creates a handle for each complete DNS message.
Previously, when all the handles were disconnected, the socket
would be closed, but the wrapped TCP socket might still have
more to read.
Now, when a connection is established, the TCPDNS socket creates
a reference to itself by attaching itself to sock->self. This
reference isn't cleared until the connection is closed via
EOF, timeout, or server shutdown. This allows the socket to remain
open even when there are no active handles for it.
(cherry picked from commit cd79b49538
2020-10-01 16:44:43 +02:00
Evan Hunt
4209f051e9
modify reference counting within netmgr
...
- isc__nmhandle_get() now attaches to the sock in the nmhandle object.
the caller is responsible for dereferencing the original socket
pointer when necessary.
- tcpdns listener sockets attach sock->outer to the outer tcp listener
socket. tcpdns connected sockets attach sock->outerhandle to the handle
for the tcp connected socket.
- only listener sockets need to be attached/detached directly. connected
sockets should only be accessed and reference-counted via their
associated handles.
(cherry picked from commit 5ea26ee1f1
2020-10-01 16:44:43 +02:00
Evan Hunt
573bcdf932
make isc_nmsocket_{attach,detach}{} functions private
...
there is no need for a caller to reference-count socket objects.
they need tto be able tto close listener sockets (i.e., those
returned by isc_nm_listen{udp,tcp,tcpdns}), and an isc_nmsocket_close()
function has been added for that. other sockets are only accessed via
handles.
(cherry picked from commit 9e740cad21
2020-10-01 16:44:43 +02:00
Ondřej Surý
826ddb246e
Revert the tree to allow cherry-picking netmgr changes from main
...
The following reverted changes will be picked again as part of the
netmgr sync with main branch.
Revert "Merge branch '1996-confidential-issue-v9_16' into 'security-v9_16'"
This reverts commit e160b1509fc01e6437155f8ecfb91823021385d5f20bc90a72490016ebf10a6c7ab2a94ea84740e64ea84740e6d761cd576b
2020-10-01 16:44:43 +02:00
Mark Andrews
2b4f4cbbd0
Add the ability select individual tests to rdata_test
...
(cherry picked from commit 6293682020
2020-10-01 22:57:47 +10:00
Mark Andrews
119630ec4b
Add the ability to print out the list of test names (-l)
...
(cherry picked from commit a9c3374717
2020-10-01 22:57:46 +10:00
Mark Andrews
6583a9437f
Add the ability to select tests to run
...
task_test [-t <test_name>]
(cherry picked from commit 76837484e7
2020-10-01 22:57:43 +10:00
Mark Andrews
8746e496c7
Alphabetise tests
...
(cherry picked from commit 96febe6b38
2020-10-01 22:56:16 +10:00
Mark Andrews
fc3cab22a4
Add missing rwlock calls when access keynode.initial and keynode.managed
...
WARNING: ThreadSanitizer: data race
Write of size 1 at 0x000000000001 by thread T1 (mutexes: write M1):
#0 dns_keynode_trust lib/dns/keytable.c:836
#1 keyfetch_done lib/dns/zone.c:10187
#2 dispatch lib/isc/task.c:1152
#3 run lib/isc/task.c:1344
#4 <null> <null>
Previous read of size 1 at 0x000000000001 by thread T2 (mutexes: read M2):
#0 keynode_dslist_totext lib/dns/keytable.c:682
#1 dns_keytable_totext lib/dns/keytable.c:732
#2 named_server_dumpsecroots bin/named/server.c:11357
#3 named_control_docommand bin/named/control.c:264
#4 control_command bin/named/controlconf.c:390
#5 dispatch lib/isc/task.c:1152
#6 run lib/isc/task.c:1344
#7 <null> <null>
Location is heap block of size 241 at 0x000000000010 allocated by thread T3:
#0 malloc <null>
#1 default_memalloc lib/isc/mem.c:713
#2 mem_get lib/isc/mem.c:622
#3 mem_allocateunlocked lib/isc/mem.c:1268
#4 isc___mem_allocate lib/isc/mem.c:1288
#5 isc__mem_allocate lib/isc/mem.c:2453
#6 isc___mem_get lib/isc/mem.c:1037
#7 isc__mem_get lib/isc/mem.c:2432
#8 new_keynode lib/dns/keytable.c:346
#9 insert lib/dns/keytable.c:393
#10 dns_keytable_add lib/dns/keytable.c:421
#11 process_key bin/named/server.c:955
#12 load_view_keys bin/named/server.c:983
#13 configure_view_dnsseckeys bin/named/server.c:1140
#14 configure_view bin/named/server.c:5371
#15 load_configuration bin/named/server.c:9110
#16 loadconfig bin/named/server.c:10310
#17 named_server_reconfigcommand bin/named/server.c:10693
#18 named_control_docommand bin/named/control.c:250
#19 control_command bin/named/controlconf.c:390
#20 dispatch lib/isc/task.c:1152
#21 run lib/isc/task.c:1344
#22 <null> <null>
Mutex M1 is already destroyed.
Mutex M2 is already destroyed.
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create pthreads/thread.c:73
#2 isc_taskmgr_create lib/isc/task.c:1434
#3 create_managers bin/named/main.c:915
#4 setup bin/named/main.c:1223
#5 main bin/named/main.c:1523
Thread T2 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create pthreads/thread.c:73
#2 isc_taskmgr_create lib/isc/task.c:1434
#3 create_managers bin/named/main.c:915
#4 setup bin/named/main.c:1223
#5 main bin/named/main.c:1523
Thread T3 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create pthreads/thread.c:73
#2 isc_taskmgr_create lib/isc/task.c:1434
#3 create_managers bin/named/main.c:915
#4 setup bin/named/main.c:1223
#5 main bin/named/main.c:1523
SUMMARY: ThreadSanitizer: data race lib/dns/keytable.c:836 in dns_keynode_trust
(cherry picked from commit 840cf7adb3
2020-10-01 18:14:37 +10:00
Mark Andrews
ebf16118df
Add ISO time stamps to the microsecond
...
(cherry picked from commit 519b070618
2020-10-01 00:14:45 +10:00
Ondřej Surý
f0989bdf03
The dns_message_create() cannot fail, change the return to void
...
The dns_message_create() function cannot soft fail (as all memory
allocations either succeed or cause abort), so we change the function to
return void and cleanup the calls.
(cherry picked from commit 33eefe9f85
2020-09-30 14:26:26 +02:00
Diego Fronza
f557681472
Properly handling dns_message_t shared references
...
This commit fix the problems that arose when moving the dns_message_t
object from fetchctx_t to the query structure.
Since the lifetime of query objects are different than that of a
fetchctx and the dns_message_t object held by the query may be being
used by some external module, e.g. validator, even after the query
may have been destroyed, propery handling of the references to the
message were added in this commit to avoid accessing an already
destroyed object.
Specifically, in rctx_done(), a reference to the message is attached
at the beginning of the function and detached at the end, since a
possible call to fctx_cancelquery() would release the dns_message_t
object, and in the next lines of code a call to rctx_nextserver()
or rctx_chaseds() would require a valid pointer to the same object.
In valcreate() a new reference is attached to the message object,
this ensures that if the corresponding query object is destroyed
before the validator attempts to access it, no invalid pointer
access occurs.
In validated() we have to attach a new reference to the message,
since we destroy the validator object at the beginning of the
function, and we need access to the message in the next lines of
the same function.
rctx_nextserver() and rctx_chaseds() functions were adapted to
receive a new parameter of dns_message_t* type, this was so they
could receive a valid reference to a dns_message_t since using the
response context respctx_t to access the message through
rctx->query->rmessage could lead to an already released reference
due to the query being canceled.
(cherry picked from commit cde6227a68
2020-09-30 11:35:11 +10:00
Diego Fronza
dfa2b7a247
Fix invalid dns message state in resolver's logic
...
The assertion failure REQUIRE(msg->state == DNS_SECTION_ANY), caused
by calling dns_message_setclass within function resquery_response()
in resolver.c, was happening due to wrong management of dns message_t
objects used to process responses to the queries issued by the
resolver.
Before the fix, a resolver's fetch context (fetchctx_t) would hold
a pointer to the message, this same reference would then be used
over all the attempts to resolve the query, trying next server,
etc... for this to work the message object would have it's state
reset between each iteration, marking it as ready for a new processing.
The problem arose in a scenario with many different forwarders
configured, managing the state of the dns_message_t object was
lacking better synchronization, which have led it to a invalid
dns_message_t state in resquery_response().
Instead of adding unnecessarily complex code to synchronize the
object, the dns_message_t object was moved from fetchctx_t structure
to the query structure, where it better belongs to, since each query
will produce a response, this way whenever a new query is created
an associated dns_messate_t is also created.
This commit deals mainly with moving the dns_message_t object from
fetchctx_t to the query structure.
(cherry picked from commit 02f9e125c1
2020-09-30 11:34:57 +10:00
Diego Fronza
da84f8d1fd
Refactored dns_message_t for using attach/detach semantics
...
This commit will be used as a base for the next code updates in
order to have a better control of dns_message_t objects' lifetime.
(cherry picked from commit 12d6d13100
2020-09-30 11:34:42 +10:00
Mark Andrews
0c5191f27a
Update comments to have binary notation
...
(cherry picked from commit 6727e23a47
2020-09-29 10:40:56 +10:00
Michał Kępień
e05e5d7c12
Clean up use of function wrapping
...
Currently, building BIND using "--without-dlopen" universally breaks
building unit tests which employ the --wrap linker option (because the
replacement functions are put in a shared library and building shared
objects requires "--with-dlopen"). Fix by moving the overridden symbol,
isc_nmhandle_unref(), to lib/ns/tests/nstest.c and dropping
lib/ns/tests/wrap.c altogether. This makes lib/ns/tests/Makefile.in
simpler and prevents --without-dlopen from messing with the process of
building unit tests.
Remove parts of configure.ac which are made redundant by the above
changes.
Put the replacement definition of isc_nmhandle_unref() inside an #ifdef
block, so that the build does not break for non-libtool builds (see
below).
These changes allow the broadest possible set of build variants to work
while also simplifying the build process:
- for libtool builds, overriding isc_nmhandle_unref() is done by
placing that symbol directly in lib/ns/tests/nstest.c and relying on
the dynamic linker to perform symbol resolution in the expected way
when the test binary is run,
- for non-libtool builds, overriding isc_nmhandle_unref() is done
using the --wrap linker option (the libtool approach cannot be used
in this case as multiple strong symbols with the same name cannot
coexist in the same binary),
- the "--without-dlopen" option no longer affects building unit tests.
2020-09-28 09:16:48 +02:00
Evan Hunt
50cc4d6a3e
Purge memory pool upon plugin destruction
...
The typical sequence of events for AAAA queries which trigger recursion
for an A RRset at the same name is as follows:
1. Original query context is created.
2. An AAAA RRset is found in cache.
3. Client-specific data is allocated from the filter-aaaa memory pool.
4. Recursion is triggered for an A RRset.
5. Original query context is torn down.
6. Recursion for an A RRset completes.
7. A second query context is created.
8. Client-specific data is retrieved from the filter-aaaa memory pool.
9. The response to be sent is processed according to configuration.
10. The response is sent.
11. Client-specific data is returned to the filter-aaaa memory pool.
12. The second query context is torn down.
However, steps 6-12 are not executed if recursion for an A RRset is
canceled. Thus, if named is in the process of recursing for A RRsets
when a shutdown is requested, the filter-aaaa memory pool will have
outstanding allocations which will never get released. This in turn
leads to a crash since every memory pool must not have any outstanding
allocations by the time isc_mempool_destroy() is called.
Fix by creating a stub query context whenever fetch_callback() is called,
including cancellation events. When the qctx is destroyed, it will ensure
the client is detached and the plugin memory is freed.
(cherry picked from commit 86eddebc83
2020-09-25 14:04:54 -07:00
Matthijs Mekking
f521948b2b
rndc dumpdb -expired: print when RRsets expired
...
When calling 'rndc dumpdb -expired', also print when the RRset expired.
(cherry picked from commit d14c2d0d73
2020-09-25 08:21:24 +02:00
Matthijs Mekking
02b53d38af
Handle ancient rrsets in bind_rdataset
...
An ancient RRset is one still in the cache but expired, and awaiting
cleanup.
(cherry picked from commit 388cc666e5
2020-09-25 08:21:02 +02:00
Matthijs Mekking
c139f1c23b
Include expired rdatasets in iteration functions
...
By changing the check in 'rdatasetiter_first' and 'rdatasetiter_next'
from "now > header->rdh_ttl" to "now - RBDTB_VIRTUAL > header->rdh_ttl"
we include expired rdataset entries so that they can be used for
"rndc dumpdb -expired".
(cherry picked from commit 17d5bd4493
2020-09-25 08:20:46 +02:00
Matthijs Mekking
d77283ff63
Add -expired flag to rndc dumpdb command
...
This flag is the same as -cache, but will use a different style format
that will also print expired entries (awaiting cleanup) from the cache.
(cherry picked from commit 8beda7d2ea
2020-09-25 08:20:02 +02:00
Mark Andrews
c4edcaf140
It appears that you can't change what you are polling for while connecting.
...
WARNING: ThreadSanitizer: data race
Read of size 8 at 0x000000000001 by thread T1 (mutexes: write M1):
#0 epoll_ctl <null>
#1 watch_fd lib/isc/unix/socket.c:704:8
#2 wakeup_socket lib/isc/unix/socket.c:897:11
#3 process_ctlfd lib/isc/unix/socket.c:3362:3
#4 process_fds lib/isc/unix/socket.c:3275:10
#5 netthread lib/isc/unix/socket.c:3516:10
Previous write of size 8 at 0x000000000001 by thread T2 (mutexes: write M2):
#0 connect <null>
#1 isc_socket_connect lib/isc/unix/socket.c:4737:7
#2 resquery_send lib/dns/resolver.c:2892:13
#3 fctx_query lib/dns/resolver.c:2202:12
#4 fctx_try lib/dns/resolver.c:4300:11
#5 resquery_connected lib/dns/resolver.c:3130:4
#6 dispatch lib/isc/task.c:1152:7
#7 run lib/isc/task.c:1344:2
Location is file descriptor 513 created by thread T2 at:
#0 connect <null>
#1 isc_socket_connect lib/isc/unix/socket.c:4737:7
#2 resquery_send lib/dns/resolver.c:2892:13
#3 fctx_query lib/dns/resolver.c:2202:12
#4 fctx_try lib/dns/resolver.c:4300:11
#5 resquery_connected lib/dns/resolver.c:3130:4
#6 dispatch lib/isc/task.c:1152:7
#7 run lib/isc/task.c:1344:2
Mutex M1 (0x000000000016) created at:
#0 pthread_mutex_init <null>
#1 isc__mutex_init lib/isc/pthreads/mutex.c:288:8
#2 setup_thread lib/isc/unix/socket.c:3584:3
#3 isc_socketmgr_create2 lib/isc/unix/socket.c:3825:3
#4 create_managers bin/named/main.c:932:11
#5 setup bin/named/main.c:1223:11
#6 main bin/named/main.c:1523:2
Mutex M2 is already destroyed.
Thread T1 'isc-socket-1' (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_socketmgr_create2 lib/isc/unix/socket.c:3826:3
#3 create_managers bin/named/main.c:932:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
Thread T2 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
SUMMARY: ThreadSanitizer: data race in epoll_ctl
(cherry picked from commit c37b251eb9
2020-09-23 14:22:15 +10:00
Mark Andrews
9bd58a1c7a
Address lock order inversions.
...
WARNING: ThreadSanitizer: lock-order-inversion (potential deadlock)
Cycle in lock order graph: M1 (0x000000000000) => M2 (0x000000000000) => M1
Mutex M2 acquired here while holding mutex M1 in thread T1:
#0 pthread_mutex_lock <null>
#1 dns_view_findzonecut lib/dns/view.c:1310:2
#2 fctx_create lib/dns/resolver.c:5070:13
#3 dns_resolver_createfetch lib/dns/resolver.c:10813:12
#4 dns_resolver_prime lib/dns/resolver.c:10442:12
#5 dns_view_find lib/dns/view.c:1176:4
#6 dbfind_name lib/dns/adb.c:3833:11
#7 dns_adb_createfind lib/dns/adb.c:3155:12
#8 findname lib/dns/resolver.c:3497:11
#9 fctx_getaddresses lib/dns/resolver.c:3808:3
#10 fctx_try lib/dns/resolver.c:4197:12
#11 fctx_start lib/dns/resolver.c:4824:4
#12 dispatch lib/isc/task.c:1152:7
#13 run lib/isc/task.c:1344:2
Mutex M1 previously acquired by the same thread here:
#0 pthread_mutex_lock <null>
#1 dns_resolver_createfetch lib/dns/resolver.c:10767:2
#2 dns_resolver_prime lib/dns/resolver.c:10442:12
#3 dns_view_find lib/dns/view.c:1176:4
#4 dbfind_name lib/dns/adb.c:3833:11
#5 dns_adb_createfind lib/dns/adb.c:3155:12
#6 findname lib/dns/resolver.c:3497:11
#7 fctx_getaddresses lib/dns/resolver.c:3808:3
#8 fctx_try lib/dns/resolver.c:4197:12
#9 fctx_start lib/dns/resolver.c:4824:4
#10 dispatch lib/isc/task.c:1152:7
#11 run lib/isc/task.c:1344:2
Mutex M1 acquired here while holding mutex M2 in thread T1:
#0 pthread_mutex_lock <null>
#1 dns_resolver_shutdown lib/dns/resolver.c:10530:4
#2 view_flushanddetach lib/dns/view.c:632:4
#3 dns_view_detach lib/dns/view.c:689:2
#4 qctx_destroy lib/ns/query.c:5152:2
#5 fetch_callback lib/ns/query.c:5749:3
#6 dispatch lib/isc/task.c:1152:7
#7 run lib/isc/task.c:1344:2
Mutex M2 previously acquired by the same thread here:
#0 pthread_mutex_lock <null>
#1 view_flushanddetach lib/dns/view.c:630:3
#2 dns_view_detach lib/dns/view.c:689:2
#3 qctx_destroy lib/ns/query.c:5152:2
#4 fetch_callback lib/ns/query.c:5749:3
#5 dispatch lib/isc/task.c:1152:7
#6 run lib/isc/task.c:1344:2
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
SUMMARY: ThreadSanitizer: lock-order-inversion (potential deadlock) in pthread_mutex_lock
(cherry picked from commit a669c919c8
2020-09-23 01:49:56 +00:00
Mark Andrews
9e79a7d7ce
Clone the saved / query message buffers
...
The message buffer passed to ns__client_request is only valid for
the life of the the ns__client_request call. Save a copy of it
when we recurse or process a update as ns__client_request will
return before those operations complete.
(cherry picked from commit f0d9bf7c30
2020-09-23 11:17:23 +10:00
Mark Andrews
0b861934b4
Address lock-order-inversion
...
WARNING: ThreadSanitizer: lock-order-inversion (potential deadlock)
Cycle in lock order graph: M1 (0x000000000001) => M2 (0x000000000002) => M1
Mutex M2 acquired here while holding mutex M1 in thread T1:
#0 pthread_rwlock_wrlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:52:4
#2 zone_postload lib/dns/zone.c:5101:2
#3 receive_secure_db lib/dns/zone.c:16206:11
#4 dispatch lib/isc/task.c:1152:7
#5 run lib/isc/task.c:1344:2
Mutex M1 previously acquired by the same thread here:
#0 pthread_mutex_lock <null>
#1 receive_secure_db lib/dns/zone.c:16204:2
#2 dispatch lib/isc/task.c:1152:7
#3 run lib/isc/task.c:1344:2
Mutex M1 acquired here while holding mutex M2 in thread T1:
#0 pthread_mutex_lock <null>
#1 get_raw_serial lib/dns/zone.c:2518:2
#2 zone_gotwritehandle lib/dns/zone.c:2559:4
#3 dispatch lib/isc/task.c:1152:7
#4 run lib/isc/task.c:1344:2
Mutex M2 previously acquired by the same thread here:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 zone_gotwritehandle lib/dns/zone.c:2552:2
#3 dispatch lib/isc/task.c:1152:7
#4 run lib/isc/task.c:1344:2
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
SUMMARY: ThreadSanitizer: lock-order-inversion (potential deadlock) in pthread_rwlock_wrlock
(cherry picked from commit 1090876693
2020-09-22 22:26:53 +10:00
Mark Andrews
d04d43c777
Remove the memmove call on dns_rbtnode_t structure that contains atomics
...
Calling the plain memmove on the structure that contains atomic members
triggers following TSAN warning (even when we don't really use the
atomic members in the code):
WARNING: ThreadSanitizer: data race
Read of size 8 at 0x000000000001 by thread T1 (mutexes: write M1, write M2):
#0 memmove <null>
#1 memmove /usr/include/x86_64-linux-gnu/bits/string_fortified.h:40:10
#2 deletefromlevel lib/dns/rbt.c:2675:3
#3 dns_rbt_deletenode lib/dns/rbt.c:2143:2
#4 delete_node lib/dns/rbtdb.c
#5 decrement_reference lib/dns/rbtdb.c:2202:4
#6 prune_tree lib/dns/rbtdb.c:2259:3
#7 dispatch lib/isc/task.c:1152:7
#8 run lib/isc/task.c:1344:2
Previous atomic write of size 8 at 0x000000000001 by thread T2 (mutexes: read M3):
#0 __tsan_atomic64_fetch_sub <null>
#1 decrement_reference lib/dns/rbtdb.c:2103:7
#2 detachnode lib/dns/rbtdb.c:5440:6
#3 dns_db_detachnode lib/dns/db.c:588:2
#4 qctx_clean lib/ns/query.c:5104:3
#5 ns_query_done lib/ns/query.c:10868:2
#6 query_sign_nodata lib/ns/query.c
#7 query_nodata lib/ns/query.c:8438:11
#8 query_gotanswer lib/ns/query.c
#9 query_lookup lib/ns/query.c:5624:10
#10 ns__query_start lib/ns/query.c:5500:10
#11 query_setup lib/ns/query.c:5224:11
#12 ns_query_start lib/ns/query.c:11357:8
#13 ns__client_request lib/ns/client.c:2166:3
#14 udp_recv_cb lib/isc/netmgr/udp.c:414:2
#15 uv__udp_recvmsg /home/ondrej/Projects/tsan/libuv/src/unix/udp.c
#16 uv__udp_io /home/ondrej/Projects/tsan/libuv/src/unix/udp.c:180:5
#17 uv__io_poll /home/ondrej/Projects/tsan/libuv/src/unix/linux-core.c:461:11
#18 uv_run /home/ondrej/Projects/tsan/libuv/src/unix/core.c:385:5
#19 nm_thread lib/isc/netmgr/netmgr.c:500:11
Location is heap block of size 132 at 0x000000000030 allocated by thread T3:
#0 malloc <null>
#1 default_memalloc lib/isc/mem.c:713:8
#2 mem_get lib/isc/mem.c:622:8
#3 mem_allocateunlocked lib/isc/mem.c:1268:8
#4 isc___mem_allocate lib/isc/mem.c:1288:7
#5 isc__mem_allocate lib/isc/mem.c:2453:10
#6 isc___mem_get lib/isc/mem.c:1037:11
#7 isc__mem_get lib/isc/mem.c:2432:10
#8 create_node lib/dns/rbt.c:2239:9
#9 dns_rbt_addnode lib/dns/rbt.c:1435:12
#10 findnodeintree lib/dns/rbtdb.c:2895:12
#11 findnode lib/dns/rbtdb.c:2941:10
#12 dns_db_findnode lib/dns/db.c:439:11
#13 diff_apply lib/dns/diff.c:306:5
#14 dns_diff_apply lib/dns/diff.c:459:10
#15 do_one_tuple lib/ns/update.c:444:11
#16 update_one_rr lib/ns/update.c:495:10
#17 update_action lib/ns/update.c:3123:6
#18 dispatch lib/isc/task.c:1152:7
#19 run lib/isc/task.c:1344:2
Mutex M1 is already destroyed.
Mutex M2 is already destroyed.
Mutex M3 is already destroyed.
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
Thread T2 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_nm_start lib/isc/netmgr/netmgr.c:223:3
#3 create_managers bin/named/main.c:909:15
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
Thread T3 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
SUMMARY: ThreadSanitizer: data race in memmove
(cherry picked from commit 48d54368d5
2020-09-21 19:21:28 +10:00
Ondřej Surý
0ad77036d9
Handle the errors from sysconf() call in isc_meminfo_totalphys()
...
isc_meminfo_totalphys() would return invalid memory size when sysconf()
call would fail, because ((size_t)-1 * -1) is very large number.
(cherry picked from commit 79ca724d46
2020-09-21 10:58:37 +02:00
Michał Kępień
170b869294
Fix updating summary RPZ DB for mixed-case RPZs
...
Each dns_rpz_zone_t structure keeps a hash table of the names this RPZ
database contains. Here is what happens when an RPZ is updated:
- a new hash table is prepared for the new version of the RPZ by
iterating over it; each name found is added to the summary RPZ
database,
- every name added to the new hash table is searched for in the old
hash table; if found, it is removed from the old hash table,
- the old hash table is iterated over; all names found in it are
removed from the summary RPZ database (because at that point the old
hash table should only contain names which are not present in the
new version of the RPZ),
- the new hash table replaces the old hash table.
When the new version of the RPZ is iterated over, if a given name is
spelled using a different letter case than in the old version of the
RPZ, the new variant will hash to a different value than the old
variant, which means it will not be removed from the old hash table.
When the old hash table is subsequently iterated over to remove
seemingly deleted names, the old variant of the name will still be
there, causing the name to be deleted from the summary RPZ database
(which effectively causes a given rule to be ignored).
The issue can be triggered not just by altering the case of existing
names in an RPZ, but also by adding sibling names spelled with a
different letter case. This is because RBT code preserves case when
node splitting occurs. The end result is that when the RPZ is iterated
over, a given name may be using a different case than in the zone file
(or XFR contents).
Fix by downcasing all names found in the RPZ database before adding them
to the summary RPZ database.
(cherry picked from commit dc8a7791bd
2020-09-21 09:32:21 +02:00
Ondřej Surý
8b1e4a5373
Exclude isc_mem_isovermem from ThreadSanitizer
...
The .is_overmem member of isc_mem_t structure is intentionally accessed
unlocked as 100% accuracy isn't necessary here.
Without the attribute, following TSAN warning would show up:
WARNING: ThreadSanitizer: data race
Write of size 1 at 0x000000000001 by thread T1 (mutexes: write M1, write M2):
#0 isc___mem_put lib/isc/mem.c:1119:19
#1 isc__mem_put lib/isc/mem.c:2439:2
#2 dns_rdataslab_fromrdataset lib/dns/rdataslab.c:327:2
#3 addrdataset lib/dns/rbtdb.c:6761:11
#4 dns_db_addrdataset lib/dns/db.c:719:10
#5 cache_name lib/dns/resolver.c:6538:13
#6 cache_message lib/dns/resolver.c:6628:14
#7 resquery_response lib/dns/resolver.c:7883:13
#8 dispatch lib/isc/task.c:1152:7
#9 run lib/isc/task.c:1344:2
Previous read of size 1 at 0x000000000001 by thread T2 (mutexes: write M3):
#0 isc_mem_isovermem lib/isc/mem.c:1553:15
#1 addrdataset lib/dns/rbtdb.c:6866:25
#2 dns_db_addrdataset lib/dns/db.c:719:10
#3 addoptout lib/dns/ncache.c:281:10
#4 dns_ncache_add lib/dns/ncache.c:101:10
#5 ncache_adderesult lib/dns/resolver.c:6668:12
#6 ncache_message lib/dns/resolver.c:6845:11
#7 rctx_ncache lib/dns/resolver.c:9174:11
#8 resquery_response lib/dns/resolver.c:7894:2
#9 dispatch lib/isc/task.c:1152:7
#10 run lib/isc/task.c:1344:2
Location is heap block of size 328 at 0x000000000020 allocated by thread T3:
#0 malloc <null>
#1 default_memalloc lib/isc/mem.c:713:8
#2 mem_create lib/isc/mem.c:763:8
#3 isc_mem_create lib/isc/mem.c:2425:2
#4 configure_view bin/named/server.c:4494:4
#5 load_configuration bin/named/server.c:9062:3
#6 run_server bin/named/server.c:9771:2
#7 dispatch lib/isc/task.c:1152:7
#8 run lib/isc/task.c:1344:2
[...]
SUMMARY: ThreadSanitizer: data race lib/isc/mem.c:1119:19 in isc___mem_put
(cherry picked from commit 0110d1ab17
2020-09-17 17:35:58 +02:00
Mark Andrews
b7b0a4d71f
Pause dbiterator ealier to prevent lock-order-inversion
...
WARNING: ThreadSanitizer: lock-order-inversion (potential deadlock)
Cycle in lock order graph: M1 (0x000000000000) => M2 (0x000000000000) => M1
Mutex M2 acquired here while holding mutex M1 in thread T1:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 findnodeintree lib/dns/rbtdb.c:2877:2
#3 findnode lib/dns/rbtdb.c:2941:10
#4 dns_db_findnode lib/dns/db.c:439:11
#5 resume_addnsec3chain lib/dns/zone.c:3776:11
#6 rss_post lib/dns/zone.c:20659:3
#7 setnsec3param lib/dns/zone.c:20471:3
#8 dispatch lib/isc/task.c:1152:7
#9 run lib/isc/task.c:1344:2
Mutex M1 previously acquired by the same thread here:
#0 pthread_mutex_lock <null>
#1 rss_post lib/dns/zone.c:20658:3
#2 setnsec3param lib/dns/zone.c:20471:3
#3 dispatch lib/isc/task.c:1152:7
#4 run lib/isc/task.c:1344:2
Mutex M1 acquired here while holding mutex M2 in thread T2:
#0 pthread_mutex_lock <null>
#1 zone_nsec3chain lib/dns/zone.c:8666:5
#2 zone_maintenance lib/dns/zone.c:11063:4
#3 zone_timer lib/dns/zone.c:14098:2
#4 dispatch lib/isc/task.c:1152:7
#5 run lib/isc/task.c:1344:2
Mutex M2 previously acquired by the same thread here:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 resume_iteration lib/dns/rbtdb.c:9357:2
#3 dbiterator_next lib/dns/rbtdb.c:9647:3
#4 dns_dbiterator_next lib/dns/dbiterator.c:87:10
#5 zone_nsec3chain lib/dns/zone.c:8656:13
#6 zone_maintenance lib/dns/zone.c:11063:4
#7 zone_timer lib/dns/zone.c:14098:2
#8 dispatch lib/isc/task.c:1152:7
#9 run lib/isc/task.c:1344:2
(cherry picked from commit 9e584a4511
2020-09-17 18:24:07 +10:00
Mark Andrews
6edd349af5
Pause the database iterator to release rwlock
...
(cherry picked from commit 2e63de94aa
2020-09-17 18:24:07 +10:00
Mark Andrews
5cdc4671ec
Pause dbiterator to release rwlock to prevent lock-order-inversion.
...
WARNING: ThreadSanitizer: lock-order-inversion (potential deadlock)
Cycle in lock order graph: M1 (0x000000000000) => M2 (0x000000000001) => M1
Mutex M2 acquired here while holding mutex M1 in thread T1:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 getsigningtime lib/dns/rbtdb.c:8198:2
#3 dns_db_getsigningtime lib/dns/db.c:979:11
#4 set_resigntime lib/dns/zone.c:3887:11
#5 dns_zone_markdirty lib/dns/zone.c:11119:4
#6 update_action lib/ns/update.c:3376:3
#7 dispatch lib/isc/task.c:1152:7
#8 run lib/isc/task.c:1344:2
Mutex M1 previously acquired by the same thread here:
#0 pthread_mutex_lock <null>
#1 dns_zone_markdirty lib/dns/zone.c:11089:2
#2 update_action lib/ns/update.c:3376:3
#3 dispatch lib/isc/task.c:1152:7
#4 run lib/isc/task.c:1344:2
Mutex M1 acquired here while holding mutex M2 in thread T1:
#0 pthread_mutex_lock <null>
#1 zone_nsec3chain lib/dns/zone.c:8502:3
#2 zone_maintenance lib/dns/zone.c:11056:4
#3 zone_timer lib/dns/zone.c:14091:2
#4 dispatch lib/isc/task.c:1152:7
#5 run lib/isc/task.c:1344:2
Mutex M2 previously acquired by the same thread here:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 resume_iteration lib/dns/rbtdb.c:9357:2
#3 dbiterator_current lib/dns/rbtdb.c:9695:3
#4 dns_dbiterator_current lib/dns/dbiterator.c:101:10
#5 zone_nsec3chain lib/dns/zone.c:8539:3
#6 zone_maintenance lib/dns/zone.c:11056:4
#7 zone_timer lib/dns/zone.c:14091:2
#8 dispatch lib/isc/task.c:1152:7
#9 run lib/isc/task.c:1344:2
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
SUMMARY: ThreadSanitizer: lock-order-inversion (potential deadlock) in pthread_rwlock_rdlock
(cherry picked from commit fbed962204
2020-09-17 18:24:07 +10:00
Mark Andrews
02f09ac566
Pause dbiterator to release rwlock to prevent lock-order-inversion.
...
WARNING: ThreadSanitizer: lock-order-inversion (potential deadlock)
Cycle in lock order graph: M1 (0x000000000001) => M2 (0x000000000000) => M1
Mutex M2 acquired here while holding mutex M1 in thread T1:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 zone_sign lib/dns/zone.c:9247:3
#3 zone_maintenance lib/dns/zone.c:11047:4
#4 zone_timer lib/dns/zone.c:14090:2
#5 dispatch lib/isc/task.c:1152:7
#6 run lib/isc/task.c:1344:2
Mutex M1 previously acquired by the same thread here:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 resume_iteration lib/dns/rbtdb.c:9357:2
#3 dbiterator_next lib/dns/rbtdb.c:9647:3
#4 dns_dbiterator_next lib/dns/dbiterator.c:87:10
#5 zone_sign lib/dns/zone.c:9488:13
#6 zone_maintenance lib/dns/zone.c:11047:4
#7 zone_timer lib/dns/zone.c:14090:2
#8 dispatch lib/isc/task.c:1152:7
#9 run lib/isc/task.c:1344:2
Mutex M1 acquired here while holding mutex M2 in thread T2:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 findnodeintree lib/dns/rbtdb.c:2877:2
#3 findnode lib/dns/rbtdb.c:2941:10
#4 dns_db_findnode lib/dns/db.c:439:11
#5 dns_db_getsoaserial lib/dns/db.c:780:11
#6 dump_done lib/dns/zone.c:11428:15
#7 dump_quantum lib/dns/masterdump.c:1487:2
#8 dispatch lib/isc/task.c:1152:7
#9 run lib/isc/task.c:1344:2
Mutex M2 previously acquired by the same thread here:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 dump_done lib/dns/zone.c:11426:4
#3 dump_quantum lib/dns/masterdump.c:1487:2
#4 dispatch lib/isc/task.c:1152:7
#5 run lib/isc/task.c:1344:2
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
Thread T2 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
SUMMARY: ThreadSanitizer: lock-order-inversion (potential deadlock) in pthread_rwlock_rdlock
(cherry picked from commit c9dbad97b2
2020-09-17 18:24:07 +10:00
Mark Andrews
d36b4ed8ed
Pause dbiterator to release rwlock to prevent lock-order-inversion.
...
WARNING: ThreadSanitizer: lock-order-inversion (potential deadlock)
Cycle in lock order graph: M1 (0x000000000000) => M2 (0x000000000000) => M1
Mutex M2 acquired here while holding mutex M1 in thread T1:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 getsigningtime lib/dns/rbtdb.c:8198:2
#3 dns_db_getsigningtime lib/dns/db.c:979:11
#4 set_resigntime lib/dns/zone.c:3887:11
#5 dns_zone_markdirty lib/dns/zone.c:11115:4
#6 update_action lib/ns/update.c:3376:3
#7 dispatch lib/isc/task.c:1152:7
#8 run lib/isc/task.c:1344:2
Mutex M1 previously acquired by the same thread here:
#0 pthread_mutex_lock <null>
#1 dns_zone_markdirty lib/dns/zone.c:11085:2
#2 update_action lib/ns/update.c:3376:3
#3 dispatch lib/isc/task.c:1152:7
#4 run lib/isc/task.c:1344:2
Mutex M1 acquired here while holding mutex M2 in thread T2:
#0 pthread_mutex_lock <null>
#1 zone_nsec3chain lib/dns/zone.c:8274:3
#2 zone_maintenance lib/dns/zone.c:11052:4
#3 zone_timer lib/dns/zone.c:14087:2
#4 dispatch lib/isc/task.c:1152:7
#5 run lib/isc/task.c:1344:2
Mutex M2 previously acquired by the same thread here:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 resume_iteration lib/dns/rbtdb.c:9357:2
#3 dbiterator_next lib/dns/rbtdb.c:9647:3
#4 dns_dbiterator_next lib/dns/dbiterator.c:87:10
#5 zone_nsec3chain lib/dns/zone.c:8412:13
#6 zone_maintenance lib/dns/zone.c:11052:4
#7 zone_timer lib/dns/zone.c:14087:2
#8 dispatch lib/isc/task.c:1152:7
#9 run lib/isc/task.c:1344:2
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
Thread T2 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
SUMMARY: ThreadSanitizer: lock-order-inversion (potential deadlock) in pthread_rwlock_rdlock
(cherry picked from commit 98025e15d0
2020-09-17 18:24:07 +10:00
Mark Andrews
6a1cd20473
Pause dbiterator to release rwlock to prevent lock-order-inversion.
...
WARNING: ThreadSanitizer: lock-order-inversion (potential deadlock)
Cycle in lock order graph: M1 (0x000000000001) => M2 (0x000000000002) => M3 (0x000000000000) => M1
Mutex M2 acquired here while holding mutex M1 in thread T1:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 findnodeintree lib/dns/rbtdb.c:2877:2
#3 findnode lib/dns/rbtdb.c:2941:10
#4 dns_db_findnode lib/dns/db.c:439:11
#5 copy_non_dnssec_records lib/dns/zone.c:16031:11
#6 receive_secure_db lib/dns/zone.c:16163:12
#7 dispatch lib/isc/task.c:1152:7
#8 run lib/isc/task.c:1344:2
Mutex M1 previously acquired by the same thread here:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 resume_iteration lib/dns/rbtdb.c:9357:2
#3 dbiterator_first lib/dns/rbtdb.c:9407:3
#4 dns_dbiterator_first lib/dns/dbiterator.c:43:10
#5 receive_secure_db lib/dns/zone.c:16160:16
#6 dispatch lib/isc/task.c:1152:7
#7 run lib/isc/task.c:1344:2
Mutex M3 acquired here while holding mutex M2 in thread T2:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 zone_sign lib/dns/zone.c:9244:3
#3 zone_maintenance lib/dns/zone.c:11044:4
#4 zone_timer lib/dns/zone.c:14087:2
#5 dispatch lib/isc/task.c:1152:7
#6 run lib/isc/task.c:1344:2
Mutex M2 previously acquired by the same thread here:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 resume_iteration lib/dns/rbtdb.c:9357:2
#3 dbiterator_next lib/dns/rbtdb.c:9647:3
#4 dns_dbiterator_next lib/dns/dbiterator.c:87:10
#5 zone_sign lib/dns/zone.c:9485:13
#6 zone_maintenance lib/dns/zone.c:11044:4
#7 zone_timer lib/dns/zone.c:14087:2
#8 dispatch lib/isc/task.c:1152:7
#9 run lib/isc/task.c:1344:2
Mutex M1 acquired here while holding mutex M3 in thread T3:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 findnodeintree lib/dns/rbtdb.c:2877:2
#3 findnode lib/dns/rbtdb.c:2941:10
#4 dns_db_findnode lib/dns/db.c:439:11
#5 zone_get_from_db lib/dns/zone.c:5602:11
#6 get_raw_serial lib/dns/zone.c:2520:12
#7 zone_gotwritehandle lib/dns/zone.c:2559:4
#8 dispatch lib/isc/task.c:1152:7
#9 run lib/isc/task.c:1344:2
Mutex M3 previously acquired by the same thread here:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 zone_gotwritehandle lib/dns/zone.c:2552:2
#3 dispatch lib/isc/task.c:1152:7
#4 run lib/isc/task.c:1344:2
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
Thread T2 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
Thread T3 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
SUMMARY: ThreadSanitizer: lock-order-inversion (potential deadlock) in pthread_rwlock_rdlock
(cherry picked from commit e185e37137
2020-09-17 18:24:06 +10:00
Mark Andrews
f5a8d9055f
Address lock-order-inversion between the keytable and the db locks.
...
WARNING: ThreadSanitizer: lock-order-inversion (potential deadlock)
Cycle in lock order graph: M1 (0x000000000000) => M2 (0x000000000000) => M1
Mutex M2 acquired here while holding mutex M1 in thread T1:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 dns_keytable_find lib/dns/keytable.c:522:2
#3 sync_keyzone lib/dns/zone.c:4560:12
#4 dns_zone_synckeyzone lib/dns/zone.c:4635:11
#5 mkey_refresh bin/named/server.c:15423:2
#6 named_server_mkeys bin/named/server.c:15727:4
#7 named_control_docommand bin/named/control.c:236:12
#8 control_command bin/named/controlconf.c:365:17
#9 dispatch lib/isc/task.c:1152:7
#10 run lib/isc/task.c:1344:2
Mutex M1 previously acquired by the same thread here:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 resume_iteration lib/dns/rbtdb.c:9357:2
#3 dbiterator_first lib/dns/rbtdb.c:9407:3
#4 dns_dbiterator_first lib/dns/dbiterator.c:43:10
#5 dns_rriterator_first lib/dns/rriterator.c:71:15
#6 sync_keyzone lib/dns/zone.c:4543:16
#7 dns_zone_synckeyzone lib/dns/zone.c:4635:11
#8 mkey_refresh bin/named/server.c:15423:2
#9 named_server_mkeys bin/named/server.c:15727:4
#10 named_control_docommand bin/named/control.c:236:12
#11 control_command bin/named/controlconf.c:365:17
#12 dispatch lib/isc/task.c:1152:7
#13 run lib/isc/task.c:1344:2
Mutex M1 acquired here while holding mutex M2 in thread T1:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 zone_find lib/dns/rbtdb.c:4029:2
#3 dns_db_find lib/dns/db.c:500:11
#4 addifmissing lib/dns/zone.c:4481:11
#5 dns_keytable_forall lib/dns/keytable.c:786:4
#6 sync_keyzone lib/dns/zone.c:4586:2
#7 dns_zone_synckeyzone lib/dns/zone.c:4635:11
#8 mkey_refresh bin/named/server.c:15423:2
#9 named_server_mkeys bin/named/server.c:15727:4
#10 named_control_docommand bin/named/control.c:236:12
#11 control_command bin/named/controlconf.c:365:17
#12 dispatch lib/isc/task.c:1152:7
#13 run lib/isc/task.c:1344:2
Mutex M2 previously acquired by the same thread here:
#0 pthread_rwlock_rdlock <null>
#1 isc_rwlock_lock lib/isc/rwlock.c:48:3
#2 dns_keytable_forall lib/dns/keytable.c:770:2
#3 sync_keyzone lib/dns/zone.c:4586:2
#4 dns_zone_synckeyzone lib/dns/zone.c:4635:11
#5 mkey_refresh bin/named/server.c:15423:2
#6 named_server_mkeys bin/named/server.c:15727:4
#7 named_control_docommand bin/named/control.c:236:12
#8 control_command bin/named/controlconf.c:365:17
#9 dispatch lib/isc/task.c:1152:7
#10 run lib/isc/task.c:1344:2
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:73:8
#2 isc_taskmgr_create lib/isc/task.c:1434:3
#3 create_managers bin/named/main.c:915:11
#4 setup bin/named/main.c:1223:11
#5 main bin/named/main.c:1523:2
SUMMARY: ThreadSanitizer: lock-order-inversion (potential deadlock) in pthread_rwlock_rdlock
(cherry picked from commit 9e5f83c499
2020-09-17 18:24:06 +10:00
Tinderbox User
a4f73cfe8a
prep 9.16.7
2020-09-16 22:50:38 +02:00
Evan Hunt
df698d73f4
update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00
Mark Andrews
2c1b6b2168
Silence REVERSE_INULL warning (CID 306652)
...
(cherry picked from commit 584dbffab1
2020-09-10 07:54:19 +10:00
Mark Andrews
c359fa0933
Turn off TSAN for isc_log_wouldlog
...
(cherry picked from commit 7b3c7f52c2
2020-09-09 16:22:39 +10:00
Mark Andrews
947bc2594b
Only test node->data if we care about whether data is present or not.
...
WARNING: ThreadSanitizer: data race (pid=28788)
Write of size 8 at 0x7b200002e060 by thread T1 (mutexes: write M2947):
#0 add32 /builds/isc-projects/bind9/lib/dns/rbtdb.c:6638:18 (libdns.so.1110+0xe7843)
#1 addrdataset /builds/isc-projects/bind9/lib/dns/rbtdb.c:6975:12 (libdns.so.1110+0xe4185)
#2 dns_db_addrdataset /builds/isc-projects/bind9/lib/dns/db.c:783:10 (libdns.so.1110+0x650ee)
#3 validated /builds/isc-projects/bind9/lib/dns/resolver.c:5140:11 (libdns.so.1110+0x1909f7)
#4 dispatch /builds/isc-projects/bind9/lib/isc/task.c:1157:7 (libisc.so.1107+0x507f5)
#5 run /builds/isc-projects/bind9/lib/isc/task.c:1331:2 (libisc.so.1107+0x4d749)
Previous read of size 8 at 0x7b200002e060 by thread T5 (mutexes: write M521146194917735760):
#0 dns_rbt_findnode /builds/isc-projects/bind9/lib/dns/rbt.c:1708:9 (libdns.so.1110+0xd910d)
#1 cache_find /builds/isc-projects/bind9/lib/dns/rbtdb.c:5098:11 (libdns.so.1110+0xe188e)
#2 dns_db_find /builds/isc-projects/bind9/lib/dns/db.c:554:11 (libdns.so.1110+0x642bb)
#3 dns_view_find2 /builds/isc-projects/bind9/lib/dns/view.c:1068:11 (libdns.so.1110+0x1cc2c4)
#4 dbfind_name /builds/isc-projects/bind9/lib/dns/adb.c:3714:11 (libdns.so.1110+0x46a4b)
#5 dns_adb_createfind2 /builds/isc-projects/bind9/lib/dns/adb.c:3133:12 (libdns.so.1110+0x45278)
#6 findname /builds/isc-projects/bind9/lib/dns/resolver.c:3166:11 (libdns.so.1110+0x1827f0)
#7 fctx_getaddresses /builds/isc-projects/bind9/lib/dns/resolver.c:3462:3 (libdns.so.1110+0x18032d)
#8 fctx_try /builds/isc-projects/bind9/lib/dns/resolver.c:3819:12 (libdns.so.1110+0x17e174)
#9 fctx_start /builds/isc-projects/bind9/lib/dns/resolver.c:4219:4 (libdns.so.1110+0x1787a3)
#10 dispatch /builds/isc-projects/bind9/lib/isc/task.c:1157:7 (libisc.so.1107+0x507f5)
#11 run /builds/isc-projects/bind9/lib/isc/task.c:1331:2 (libisc.so.1107+0x4d749)
(cherry picked from commit 71ef3a8038
2020-09-09 16:22:39 +10:00
Mark Andrews
f6ba3ec731
Address lock-order-inversion
...
WARNING: ThreadSanitizer: lock-order-inversion (potential deadlock) (pid=12714)
Cycle in lock order graph: M100252 (0x7b7c00010a08) => M1171 (0x7b7400000dc8) => M100252
Mutex M1171 acquired here while holding mutex M100252 in thread T1:
#0 pthread_mutex_lock <null> (delv+0x4483a6)
#1 dns_resolver_createfetch3 /builds/isc-projects/bind9/lib/dns/resolver.c:9585:2 (libdns.so.1110+0x1769fd)
#2 dns_resolver_createfetch /builds/isc-projects/bind9/lib/dns/resolver.c:9504:10 (libdns.so.1110+0x174e17)
#3 create_fetch /builds/isc-projects/bind9/lib/dns/validator.c:1156:10 (libdns.so.1110+0x1c1e5f)
#4 validatezonekey /builds/isc-projects/bind9/lib/dns/validator.c:2124:13 (libdns.so.1110+0x1c3b6d)
#5 start_positive_validation /builds/isc-projects/bind9/lib/dns/validator.c:2301:10 (libdns.so.1110+0x1bfde9)
#6 validator_start /builds/isc-projects/bind9/lib/dns/validator.c:3647:12 (libdns.so.1110+0x1bef62)
#7 dispatch /builds/isc-projects/bind9/lib/isc/task.c:1157:7 (libisc.so.1107+0x507d5)
#8 run /builds/isc-projects/bind9/lib/isc/task.c:1331:2 (libisc.so.1107+0x4d729)
Mutex M100252 previously acquired by the same thread here:
#0 pthread_mutex_lock <null> (delv+0x4483a6)
#1 validator_start /builds/isc-projects/bind9/lib/dns/validator.c:3628:2 (libdns.so.1110+0x1bee31)
#2 dispatch /builds/isc-projects/bind9/lib/isc/task.c:1157:7 (libisc.so.1107+0x507d5)
#3 run /builds/isc-projects/bind9/lib/isc/task.c:1331:2 (libisc.so.1107+0x4d729)
Mutex M100252 acquired here while holding mutex M1171 in thread T1:
#0 pthread_mutex_lock <null> (delv+0x4483a6)
#1 dns_validator_destroy /builds/isc-projects/bind9/lib/dns/validator.c:3912:2 (libdns.so.1110+0x1bf788)
#2 validated /builds/isc-projects/bind9/lib/dns/resolver.c:4916:2 (libdns.so.1110+0x18fdfd)
#3 dispatch /builds/isc-projects/bind9/lib/isc/task.c:1157:7 (libisc.so.1107+0x507d5)
#4 run /builds/isc-projects/bind9/lib/isc/task.c:1331:2 (libisc.so.1107+0x4d729)
Mutex M1171 previously acquired by the same thread here:
#0 pthread_mutex_lock <null> (delv+0x4483a6)
#1 validated /builds/isc-projects/bind9/lib/dns/resolver.c:4907:2 (libdns.so.1110+0x18fc3d)
#2 dispatch /builds/isc-projects/bind9/lib/isc/task.c:1157:7 (libisc.so.1107+0x507d5)
#3 run /builds/isc-projects/bind9/lib/isc/task.c:1331:2 (libisc.so.1107+0x4d729)
Thread T1 'isc-worker0000' (tid=12729, running) created by main thread at:
#0 pthread_create <null> (delv+0x42afdb)
#1 isc_thread_create /builds/isc-projects/bind9/lib/isc/pthreads/thread.c:60:8 (libisc.so.1107+0x726d8)
#2 isc__taskmgr_create /builds/isc-projects/bind9/lib/isc/task.c:1468:7 (libisc.so.1107+0x4d635)
#3 isc_taskmgr_createinctx /builds/isc-projects/bind9/lib/isc/task.c:2091:11 (libisc.so.1107+0x4f4ac)
#4 main /builds/isc-projects/bind9/bin/delv/delv.c:1639:2 (delv+0x4b7f96)
SUMMARY: ThreadSanitizer: lock-order-inversion (potential deadlock) (/builds/isc-projects/bind9/bin/delv/.libs/delv+0x4483a6) in pthread_mutex_lock
(cherry picked from commit 992a79a14b
2020-09-09 16:22:39 +10:00
Mark Andrews
5d469f2498
Address lock-order-inversion
...
Obtain references to view->redirect and view->managed_keys then
release view->lock so dns_zone_setviewcommit and dns_zone_setviewrevert
can obtain the view->lock while holding zone->lock.
WARNING: ThreadSanitizer: lock-order-inversion (potential deadlock) (pid=9132)
Cycle in lock order graph: M987831431424375936 (0x000000000000) => M1012319771577875480 (0x000000000000) => M987831431424375936
Mutex M1012319771577875480 acquired here while holding mutex M987831431424375936 in thread T2:
#0 pthread_mutex_lock <null> (named+0x4642a6)
#1 dns_zone_setviewcommit /builds/isc-projects/bind9/lib/dns/zone.c:1571:2 (libdns.so.1110+0x1d74eb)
#2 dns_view_setviewcommit /builds/isc-projects/bind9/lib/dns/view.c:2388:3 (libdns.so.1110+0x1cfe29)
#3 load_configuration /builds/isc-projects/bind9/bin/named/./server.c:8188:3 (named+0x51eadd)
#4 loadconfig /builds/isc-projects/bind9/bin/named/./server.c:9438:11 (named+0x510c66)
#5 ns_server_reconfigcommand /builds/isc-projects/bind9/bin/named/./server.c:9773:2 (named+0x510b41)
#6 ns_control_docommand /builds/isc-projects/bind9/bin/named/control.c:243:12 (named+0x4e451a)
#7 control_recvmessage /builds/isc-projects/bind9/bin/named/controlconf.c:465:13 (named+0x4e9056)
#8 dispatch /builds/isc-projects/bind9/lib/isc/task.c:1157:7 (libisc.so.1107+0x507d5)
#9 run /builds/isc-projects/bind9/lib/isc/task.c:1331:2 (libisc.so.1107+0x4d729)
Mutex M987831431424375936 previously acquired by the same thread here:
#0 pthread_mutex_lock <null> (named+0x4642a6)
#1 dns_view_setviewcommit /builds/isc-projects/bind9/lib/dns/view.c:2382:2 (libdns.so.1110+0x1cfde7)
#2 load_configuration /builds/isc-projects/bind9/bin/named/./server.c:8188:3 (named+0x51eadd)
#3 loadconfig /builds/isc-projects/bind9/bin/named/./server.c:9438:11 (named+0x510c66)
#4 ns_server_reconfigcommand /builds/isc-projects/bind9/bin/named/./server.c:9773:2 (named+0x510b41)
#5 ns_control_docommand /builds/isc-projects/bind9/bin/named/control.c:243:12 (named+0x4e451a)
#6 control_recvmessage /builds/isc-projects/bind9/bin/named/controlconf.c:465:13 (named+0x4e9056)
#7 dispatch /builds/isc-projects/bind9/lib/isc/task.c:1157:7 (libisc.so.1107+0x507d5)
#8 run /builds/isc-projects/bind9/lib/isc/task.c:1331:2 (libisc.so.1107+0x4d729)
Mutex M987831431424375936 acquired here while holding mutex M1012319771577875480 in thread T7:
#0 pthread_mutex_lock <null> (named+0x4642a6)
#1 dns_view_findzonecut2 /builds/isc-projects/bind9/lib/dns/view.c:1300:2 (libdns.so.1110+0x1cc93a)
#2 dns_view_findzonecut /builds/isc-projects/bind9/lib/dns/view.c:1261:9 (libdns.so.1110+0x1cc864)
#3 fctx_create /builds/isc-projects/bind9/lib/dns/resolver.c:4459:13 (libdns.so.1110+0x1779d3)
#4 dns_resolver_createfetch3 /builds/isc-projects/bind9/lib/dns/resolver.c:9628:12 (libdns.so.1110+0x176cb6)
#5 dns_resolver_createfetch /builds/isc-projects/bind9/lib/dns/resolver.c:9504:10 (libdns.so.1110+0x174e17)
#6 zone_refreshkeys /builds/isc-projects/bind9/lib/dns/zone.c:10061:12 (libdns.so.1110+0x2055a5)
#7 zone_maintenance /builds/isc-projects/bind9/lib/dns/zone.c:10274:5 (libdns.so.1110+0x203a78)
#8 zone_timer /builds/isc-projects/bind9/lib/dns/zone.c:13106:2 (libdns.so.1110+0x1e815a)
#9 dispatch /builds/isc-projects/bind9/lib/isc/task.c:1157:7 (libisc.so.1107+0x507d5)
#10 run /builds/isc-projects/bind9/lib/isc/task.c:1331:2 (libisc.so.1107+0x4d729)
Mutex M1012319771577875480 previously acquired by the same thread here:
#0 pthread_mutex_lock <null> (named+0x4642a6)
#1 zone_refreshkeys /builds/isc-projects/bind9/lib/dns/zone.c:9951:2 (libdns.so.1110+0x204dc3)
#2 zone_maintenance /builds/isc-projects/bind9/lib/dns/zone.c:10274:5 (libdns.so.1110+0x203a78)
#3 zone_timer /builds/isc-projects/bind9/lib/dns/zone.c:13106:2 (libdns.so.1110+0x1e815a)
#4 dispatch /builds/isc-projects/bind9/lib/isc/task.c:1157:7 (libisc.so.1107+0x507d5)
#5 run /builds/isc-projects/bind9/lib/isc/task.c:1331:2 (libisc.so.1107+0x4d729)
Thread T2 'isc-worker0001' (tid=9163, running) created by main thread at:
#0 pthread_create <null> (named+0x446edb)
#1 isc_thread_create /builds/isc-projects/bind9/lib/isc/pthreads/thread.c:60:8 (libisc.so.1107+0x726d8)
#2 isc__taskmgr_create /builds/isc-projects/bind9/lib/isc/task.c:1468:7 (libisc.so.1107+0x4d635)
#3 isc_taskmgr_create /builds/isc-projects/bind9/lib/isc/task.c:2109:11 (libisc.so.1107+0x4f587)
#4 create_managers /builds/isc-projects/bind9/bin/named/./main.c:886:11 (named+0x4f1a97)
#5 setup /builds/isc-projects/bind9/bin/named/./main.c:1305:11 (named+0x4f05ee)
#6 main /builds/isc-projects/bind9/bin/named/./main.c:1556:2 (named+0x4ef12d)
Thread T7 'isc-worker0006' (tid=9168, running) created by main thread at:
#0 pthread_create <null> (named+0x446edb)
#1 isc_thread_create /builds/isc-projects/bind9/lib/isc/pthreads/thread.c:60:8 (libisc.so.1107+0x726d8)
#2 isc__taskmgr_create /builds/isc-projects/bind9/lib/isc/task.c:1468:7 (libisc.so.1107+0x4d635)
#3 isc_taskmgr_create /builds/isc-projects/bind9/lib/isc/task.c:2109:11 (libisc.so.1107+0x4f587)
#4 create_managers /builds/isc-projects/bind9/bin/named/./main.c:886:11 (named+0x4f1a97)
#5 setup /builds/isc-projects/bind9/bin/named/./main.c:1305:11 (named+0x4f05ee)
#6 main /builds/isc-projects/bind9/bin/named/./main.c:1556:2 (named+0x4ef12d)
SUMMARY: ThreadSanitizer: lock-order-inversion (potential deadlock) (/builds/isc-projects/bind9/bin/named/.libs/named+0x4642a6) in pthread_mutex_lock
(cherry picked from commit cdcfde9e65
2020-09-09 16:22:39 +10:00
Mark Andrews
5b425046dd
isc_mutex_init_errcheck prototype should not be under ISC_MUTEX_PROFILE
...
(cherry picked from commit 552e0b852e
2020-09-09 16:22:38 +10:00
