mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

Fix rare control channel socket reference leak

Browse Source 
Commit 9ee60e7a17bf34c7ef7f4d79e6a00ca45444ec8c enabled netmgr shutdown
to cause read callbacks for active control channel sockets to be invoked
with the ISC_R_SHUTTINGDOWN result code.  However, control channel code
only recognizes ISC_R_CANCELED as an indicator of an in-progress netmgr
shutdown (which was correct before the above commit).  This discrepancy
enables the following scenario to happen in rare cases:

 1. A control channel request is received and responded to.  libuv
    manages to write the response to the TCP socket, but the completion
    callback (control_senddone()) is yet to be invoked.

 2. Server shutdown is initiated.  All TCP sockets are shut down, which
    i.a. causes control_recvmessage() to be invoked with the
    ISC_R_SHUTTINGDOWN result code.  As the result code is not
    ISC_R_CANCELED, control_recvmessage() does not set
    listener->controls->shuttingdown to 'true'.

 3. control_senddone() is called with the ISC_R_SUCCESS result code.  As
    neither listener->controls->shuttingdown is 'true' nor is the result
    code ISC_R_CANCELED, reading is resumed on the control channel
    socket.  However, this read can never be completed because the read
    callback on that socket was cleared when the TCP socket was shut
    down.  This causes a reference on the socket's handle to be held
    indefinitely, leading to a hang upon shutdown.

Ensure listener->controls->shuttingdown is also set to 'true' when
control_recvmessage() is invoked with the ISC_R_SHUTTINGDOWN result
code.  This ensures the send completion callback does not resume reading
after the control channel socket is shut down.
This commit is contained in:
Michał Kępień 2021-12-27 15:41:04 +01:00
parent ab52c99843
commit fc678b19d9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/named/controlconf.c
View File

@ -412,7 +412,7 @@ control_recvmessage(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
}
if (result != ISC_R_SUCCESS) {
if (result == ISC_R_CANCELED) {
if (result == ISC_R_SHUTTINGDOWN || result == ISC_R_CANCELED) {
atomic_store_release(&listener->controls->shuttingdown,
true);
} else if (result != ISC_R_EOF) {