From 13bb8212804ce385010387d681a6623481921023 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Tue, 17 Jan 2023 07:18:16 +0100 Subject: [PATCH 1/3] Detach the views in zone_shutdown(), not in zone_free() The .view (and possibly .prev_view) would be kept attached to the removed zone until the zone is fully removed from the memory in zone_free(). If this process is delayed because server is busy something else like doing constant `rndc reconfig`, it could take seconds to detach the view, possibly keeping multiple dead views in the memory. This could quickly lead to a massive memory bloat. Release the views early in the zone_shutdown() call, and don't wait until the zone is freed. --- lib/dns/zone.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 28aeb00e04..411756d9cb 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -1246,6 +1246,8 @@ zone_free(dns_zone_t *zone) { INSIST(zone->readio == NULL); INSIST(zone->statelist == NULL); INSIST(zone->writeio == NULL); + INSIST(zone->view == NULL); + INSIST(zone->prev_view == NULL); if (zone->task != NULL) { isc_task_detach(&zone->task); @@ -1253,12 +1255,6 @@ zone_free(dns_zone_t *zone) { if (zone->loadtask != NULL) { isc_task_detach(&zone->loadtask); } - if (zone->view != NULL) { - dns_view_weakdetach(&zone->view); - } - if (zone->prev_view != NULL) { - dns_view_weakdetach(&zone->prev_view); - } /* Unmanaged objects */ while (!ISC_LIST_EMPTY(zone->setnsec3param_queue)) { @@ -14737,6 +14733,15 @@ zone_shutdown(void *arg) { LOCK_ZONE(zone); INSIST(zone != zone->raw); + + /* Detach the views early, we don't need them anymore */ + if (zone->view != NULL) { + dns_view_weakdetach(&zone->view); + } + if (zone->prev_view != NULL) { + dns_view_weakdetach(&zone->prev_view); + } + if (linked) { isc_refcount_decrement(&zone->irefs); } From 7e8b53720d73cc52bd19fc8245fb7d2ebfe21dc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Tue, 17 Jan 2023 07:21:34 +0100 Subject: [PATCH 2/3] Commit the change of view for view->managed_keys When we change the view in the view->managed_keys, we never commit the change, keeping the previous view possibly attached forever. Call the dns_zone_setviewcommit() immediately after changing the view as we are detaching the previous view anyway and there's no way to recover from that. --- bin/named/server.c | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/named/server.c b/bin/named/server.c index 3be36685ae..ef67cb81a4 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -6900,6 +6900,7 @@ add_keydata_zone(dns_view_t *view, const char *directory, isc_mem_t *mctx) { dns_zone_attach(pview->managed_keys, &view->managed_keys); dns_zone_setview(pview->managed_keys, view); + dns_zone_setviewcommit(pview->managed_keys); dns_view_detach(&pview); dns_zone_synckeyzone(view->managed_keys); return (ISC_R_SUCCESS); From b049e329efefe053ed88079197b572c7edd90f79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Tue, 17 Jan 2023 07:28:02 +0100 Subject: [PATCH 3/3] Add CHANGES and release note for [GL #3801] --- CHANGES | 4 ++++ doc/notes/notes-current.rst | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 253e3eac3c..301891bd4b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +6069. [bug] Detach from the view in zone_shutdown() to + release the memory held by the dead view + early. [GL #3801] + 6068. [bug] Downloading a zone via TLS from a server which does not negotiate "dot" ALPN token could crash BIND on shutdown. That has been fixed. [GL #3767] diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index dde2868cee..b4b5529b3e 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -35,7 +35,9 @@ Feature Changes Bug Fixes ~~~~~~~~~ -- None. +- A constant stream of zone additions and deletions via ``rndc reconfig`` could + cause increased memory consumption due to delayed cleaning of view memory. + This has been fixed. :gl:`#3801` Known Issues ~~~~~~~~~~~~