Commit Graph

35655 Commits

Author SHA1 Message Date
Michał Kępień
cb9928aaeb Gracefully handle resending a node to prune_tree()
Commit 801e888d03 made the prune_tree()
function use send_to_prune_tree() for triggering pruning of deleted leaf
nodes' parents.  This enabled the following sequence of events to
happen:

 1. Node A, which is a leaf node, is passed to send_to_prune_tree() and
    its pruning is queued.

 2. Node B is added to the RBTDB as a child of node A before the latter
    gets pruned.

 3. Node B, which is now a leaf node itself (and is likely to belong to
    a different node bucket than node A), is passed to
    send_to_prune_tree() and its pruning gets queued.

 4. Node B gets pruned.  Its parent, node A, now becomes a leaf again
    and therefore the prune_tree() call that handled node B calls
    send_to_prune_tree() for node A.

 5. Since node A was already queued for pruning in step 1 (but not yet
    pruned), the INSIST(!ISC_LINK_LINKED(node, prunelink)); assertion
    fails for node A in send_to_prune_tree().

The above sequence of events is not a sign of pathological behavior.
Replace the assertion check with a conditional early return from
send_to_prune_tree().

(cherry picked from commit f6289ad931)
2024-02-29 18:06:12 +01:00
Ondřej Surý
0a2746acba Merge branch '4591-improve-ttl-based-cleaning-9.16-v9.16.49-release' into 'v9.16.49-release'
[9.16.49] Remove expired rdataset headers from the heap

See merge request isc-projects/bind9!8802
2024-02-29 15:28:16 +00:00
Ondřej Surý
abef835c4c Add CHANGES note for [GL #4591]
(cherry picked from commit db69cc7891)
(cherry picked from commit 99d0ba4420)
2024-02-29 16:14:05 +01:00
Ondřej Surý
d7e3c782fd Make the TTL-based cleaning more aggressive
It was discovered that the TTL-based cleaning could build up
a significant backlog of the rdataset headers during the periods where
the top of the TTL heap isn't expired yet.  Make the TTL-based cleaning
more aggressive by cleaning more headers from the heap when we are
adding new header into the RBTDB.

(cherry picked from commit d8220ca4ca)
(cherry picked from commit 496fe6bc60)
2024-02-29 16:14:05 +01:00
Ondřej Surý
1082495439 Remove expired rdataset headers from the heap
It was discovered that an expired header could sit on top of the heap
a little longer than desireable.  Remove expired headers (headers with
rdh_ttl set to 0) from the heap completely, so they don't block the next
TTL-based cleaning.

(cherry picked from commit a9383e4b95)
(cherry picked from commit abe080d16e)
2024-02-29 16:14:05 +01:00
Ondřej Surý
e1db06d1a6 Merge branch '4596-regression-in-cache-cleaning-9.16-v9.16.49-release' into 'v9.16.49-release'
[9.16.49] Reduce lock contention during RBTDB tree pruning

See merge request isc-projects/bind9!8797
2024-02-29 12:45:46 +00:00
Ondřej Surý
a5bbbe7553 Add CHANGES and release note for [GL #4596]
(cherry picked from commit 774204ea74)
2024-02-29 12:48:04 +01:00
Ondřej Surý
801e888d03 Reduce lock contention during RBTDB tree pruning
The log message for commit c3377cbfaa
explained:

    Instead of issuing a separate isc_task_send() call for every RBTDB node
    that triggers tree pruning, maintain a list of nodes from which tree
    pruning can be started from and only issue an isc_task_send() call if
    pruning has not yet been triggered by another RBTDB node.

    The extra queuing overhead eliminated by this change could be remotely
    exploited to cause excessive memory use.

However, it turned out that having a single queue for the nodes to be
pruned increased lock contention to a level where cleaning up nodes from
the RBTDB took too long, causing the amount of memory used by the cache
to grow indefinitely over time.

This commit makes the prunenodes list bucketed, adds a quantum of 10
items per prune_tree() run, and simplifies parent node cleaning in the
prune_tree() logic.

Instead of juggling node locks in a cycle, only clean up the node
currently being pruned and queue its parent (if it is also eligible) for
pruning in the same way (by sending an event).

This simplifies the code and also spreads the pruning load across more
task loop ticks, which is better for lock contention as less things run
in a tight loop.

(cherry picked from commit 2df147cb12)
2024-02-29 12:47:25 +01:00
Ondřej Surý
90c48c7b85 Merge branch '4595-fix-expire-lru-headers-race-9.16' into 'v9.16.49-release'
[9.16] Do not use header_prev in expire_lru_headers

See merge request isc-projects/bind9!8777
2024-02-23 14:51:19 +00:00
Mark Andrews
cf6e5793c5 Add CHANGES and release note for [GL #4495]
(cherry picked from commit 4f8539ac23)
2024-02-23 12:38:31 +01:00
Mark Andrews
742dc803a8 Do not use header_prev in expire_lru_headers
dns__cacherbt_expireheader can unlink / free header_prev underneath
it.  Use ISC_LIST_TAIL after calling dns__cacherbt_expireheader
instead to get the next pointer to be processed.

(cherry picked from commit 7ce2e86024)
2024-02-23 12:38:31 +01:00
Ondřej Surý
b806c75b54 Merge branch 'michal/set-up-version-and-release-notes-for-bind-9.16.49-v9.16.49-release' into 'v9.16.49-release'
Update BIND version to 9.16.49-dev

See merge request isc-projects/bind9!8780
2024-02-23 11:29:26 +00:00
Michał Kępień
11ac625dbe Set up release notes for BIND 9.16.49
(cherry picked from commit ae9d795a13)
2024-02-23 12:28:26 +01:00
Michał Kępień
b58bf82da8 Update BIND version to 9.16.49-dev
(cherry picked from commit 8e4896ffa4)
2024-02-23 12:27:04 +01:00
Michał Kępień
0dab57e15f Merge branch 'prep-release' into v9.16.48-release v9.16.48 2024-02-11 12:31:39 +01:00
Michał Kępień
7fc5ef173b prep 9.16.48 2024-02-11 12:31:23 +01:00
Michał Kępień
2cdf003dae Merge branch 'michal/prepare-documentation-for-bind-9.16.48' into 'v9.16.48-release'
Prepare documentation for BIND 9.16.48

See merge request isc-private/bind9!658
2024-02-11 11:29:36 +00:00
Michał Kępień
43a6b02728 Add release note for GL #4459 2024-02-11 12:10:17 +01:00
Michał Kępień
659e0d80fd Prepare release notes for BIND 9.16.48 2024-02-11 12:10:17 +01:00
Michał Kępień
81ac09c421 Merge branch '4568-fix-isc_ht-case-insensitive-matching-9.16' into 'v9.16.48-release'
[9.16] Fix case insensitive matching in isc_ht hash table implementation

See merge request isc-private/bind9!654
2024-02-11 11:06:57 +00:00
Ondřej Surý
81479eaa63 Add CHANGES note for [GL #4568]
(cherry picked from commit e91884553f)
2024-02-11 11:57:58 +01:00
Ondřej Surý
b9c10a194d Add a system test for mixed-case data for the same owner
We were missing a test where a single owner name would have multiple
types with a different case.  The generated RRSIGs and NSEC records will
then have different case than the signed records and message parser have
to cope with that and treat everything as the same owner.

(cherry picked from commit a114042059)
2024-02-11 11:57:58 +01:00
Ondřej Surý
f493a83941 Fix case insensitive matching in isc_ht hash table implementation
The case insensitive matching in isc_ht was basically completely broken
as only the hashvalue computation was case insensitive, but the key
comparison was always case sensitive.

(cherry picked from commit 175655b771)
2024-02-11 11:57:58 +01:00
Michał Kępień
90dc9a326d Merge branch 'prep-release' into v9.16.47-release 2024-02-02 11:20:19 +01:00
Michal Nowak
bab1aa9666 prep 9.16.47 2024-02-02 11:19:57 +01:00
Michal Nowak
830e62aa8e Merge branch 'michal/prepare-documentation-for-bind-9.16.47' into 'v9.16.47-release'
Prepare documentation for BIND 9.16.47

See merge request isc-private/bind9!645
2024-02-02 10:06:42 +00:00
Michał Kępień
83cad74ae2 Prepare release notes for BIND 9.16.47 2024-02-02 09:23:00 +01:00
Michał Kępień
435787efa3 Merge branch 'ondrej/split-taskmgr-9.16' into 'v9.16.47-release'
[9.16] [CVE-2023-50387] Fix KeyTrap

See merge request isc-private/bind9!629
2024-02-01 20:54:47 +00:00
Ondřej Surý
0ab4125801 Add CHANGES and release note for [GL #4424]
(cherry picked from commit c847092a17)
2024-02-01 21:51:07 +01:00
Ondřej Surý
a520fbc047 Optimize selecting the signing key
Don't parse the crypto data before parsing and matching the id and the
algorithm for consecutive DNSKEYs.  This allows us to parse the RData
only in case the other parameters match allowing us to skip keys that
are of no interest to us, but still would consume precious CPU time by
parsing possibly garbage with OpenSSL.

(cherry picked from commit f39cd17a26)
2024-02-01 21:51:07 +01:00
Ondřej Surý
3d206e918b Don't iterate from start every time we select new signing key
Remember the position in the iterator when selecting the next signing
key.  This should speed up processing for larger DNSKEY RRSets because
we don't have to iterate from start over and over again.

(cherry picked from commit 21af5c9a97)
2024-02-01 21:51:07 +01:00
Mark Andrews
6a65a42528 Fail processing incoming DNS message on first validation failure
Stop processing the DNS validation when first validation failure occurs
in the DNS message.

(cherry picked from commit 0add293477)
2024-02-01 21:51:07 +01:00
Mark Andrews
751b7cc475 Skip revoked keys when selecting DNSKEY in the validation loop
Don't select revoked keys when iterating through DNSKEYs in the DNSSEC
validation routines.

(cherry picked from commit 439e16e4de)
2024-02-01 21:51:07 +01:00
Ondřej Surý
c12608ca93 Split fast and slow task queues
Change the taskmgr (and thus netmgr) in a way that it supports fast and
slow task queues.  The fast queue is used for incoming DNS traffic and
it will pass the processing to the slow queue for sending outgoing DNS
messages and processing resolver messages.

In the future, more tasks might get moved to the slow queues, so the
cached and authoritative DNS traffic can be handled without being slowed
down by operations that take longer time to process.

(cherry picked from commit 1b3b0cef22)
2024-02-01 21:51:07 +01:00
Michał Kępień
a0c78d19f1 Merge branch '4234-confidential-parser-regression-9.16' into 'v9.16.47-release'
[9.16] fix a message parsing regression

See merge request isc-private/bind9!634
2024-02-01 20:29:35 +00:00
Michał Kępień
010a660624 Add a CHANGES entry
(cherry picked from commit 04ba284e1a)
2024-01-31 16:04:59 +01:00
Evan Hunt
f397ff5bb8 fix another message parsing regression
The fix for CVE-2023-4408 introduced a regression in the message
parser, which could cause a crash if an rdata type that can only
occur in the question was found in another section.

(cherry picked from commit 510f1de8a6)
2024-01-31 16:04:59 +01:00
Evan Hunt
0bbb0065e6 fix a message parsing regression
the fix for CVE-2023-4408 introduced a regression in the message
parser, which could cause a crash if duplicate rdatasets were found
in the question section. this commit ensures that rdatasets are
correctly disassociated and freed when this occurs.

(cherry picked from commit 4c19d35614)
2024-01-31 16:04:59 +01:00
Michal Nowak
28d7802525 Merge branch 'prep-release' into v9.16.46-release 2024-01-05 15:25:06 +01:00
Michal Nowak
ac85b33c27 prep 9.16.46 2024-01-05 15:19:34 +01:00
Michal Nowak
cd2bbf7f3e Merge branch 'michal/prepare-documentation-for-bind-9.16.46' into 'v9.16.46-release'
Prepare documentation for BIND 9.16.46

See merge request isc-private/bind9!626
2024-01-05 14:14:15 +00:00
Michał Kępień
0b43bf1a38 Fix Danger rules for flagging release note issues
The logic contained in dangerfile.py incorrectly warns about missing
release note changes for merge requests preparing release documentation
as such merge requests rename files in the doc/notes/ directory.  This
(correctly) causes these files to be passed to dangerfile.py via
danger.git.created_files and danger.git.deleted_files rather than via
danger.git.modified_files, which in turn causes the logic checking the
use of the "Release Notes" label to assume that no release notes are
added, removed, or modified by a given merge request.

Fix by considering all types of file changes (modifications, additions,
and removals - which also covers file renaming) when checking whether a
given merge request modifies release notes.  Update the warning messages
accordingly.

However, when trying to find release notes added by a given merge
request, deleted files must not be considered.  Tweak the logic looking
for GitLab identifiers in the release notes added by a given merge
request so that it only scans modified and added (or renamed) files.

(cherry picked from commit 0fec404c64)
2024-01-05 13:01:26 +01:00
Michał Kępień
86a78021fe Tweak and reword release notes 2024-01-05 13:01:26 +01:00
Michał Kępień
c53e81a800 Prepare release notes for BIND 9.16.46 2024-01-05 13:01:26 +01:00
Michał Kępień
24b52a62fb Merge branch '4383-security-limit-tree-pruning-overhead-9.16' into 'v9.16.46-release'
[9.16] [CVE-2023-6516] Limit isc_task_send() overhead for tree pruning

See merge request isc-private/bind9!621
2024-01-05 11:49:35 +00:00
Michał Kępień
1237d73cd1 Fix map offsets in the "masterformat" system test
The "masterformat" system test attempts to check named-checkzone
behavior when it is fed corrupt map-format zone files.  However, despite
the RBTDB and RBT structures having evolved over the years, the offsets
at which a valid map-format zone file is malformed by the "masterformat"
test have not been updated accordingly, causing the relevant checks to
introduce a different type of corruption than they were originally meant
to cause:

  - the "bad node header" check originally mangled the 'type' member of
    the rdatasetheader_t structure for cname.example.nil,

  - the "bad node data" check originally mangled the 'serial' and
    'rdh_ttl' members of the rdatasetheader_t structure for
    aaaa.example.nil.

Update the offsets at which the map-format zone file is malformed at by
the "masterformat" system test so that the relevant checks fulfill their
original purpose again.
2024-01-05 12:40:50 +01:00
Michał Kępień
f66150204c Add CHANGES entry and release note for GL #4383
(cherry picked from commit 04df558d57)
2024-01-05 12:40:50 +01:00
Michał Kępień
c3377cbfaa Limit isc_task_send() overhead for tree pruning
Instead of issuing a separate isc_task_send() call for every RBTDB node
that triggers tree pruning, maintain a list of nodes from which tree
pruning can be started from and only issue an isc_task_send() call if
pruning has not yet been triggered by another RBTDB node.

The extra queuing overhead eliminated by this change could be remotely
exploited to cause excessive memory use.

As this change modifies struct dns_rbtnode by adding a new 'prunelink'
member to it, bump MAPAPI to prevent any attempts of loading map-format
zone files created using older BIND 9 versions.

(cherry picked from commit 24381cc36d)
2024-01-05 12:40:50 +01:00
Michał Kępień
38a03e5ab9 Merge branch '4334-confidential-dns64-and-serve-stale-bind-9.16' into 'v9.16.46-release'
[9.16] [CVE-2023-5679] Fix a bad interaction between DNS64 and serve-stale

See merge request isc-private/bind9!603
2024-01-05 11:29:58 +00:00
Mark Andrews
549d860b33 Add release note for [GL #4334]
(cherry picked from commit c4faf5c69f)
2024-01-05 12:24:05 +01:00