TSAN reports a data race in FreeBSD's memset(), called by its
__crt_calloc() memory allocation function. There is a very similar
bug report [1] in FreeBSD bug tracker, and an existing code-review [2]
that tries to address an issue, the description of which is very
similar to what we are seeing.
Suppress this report by adding its signature to '.tsan-suppress'.
[1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282794
[2] https://reviews.freebsd.org/D28536?id=86694Closes#5267
Merge branch '5267-freebsd-suppress-tsan-data-race-false-positive' into 'main'
See merge request isc-projects/bind9!10353
TSAN reports a data race in FreeBSD's memset(), called by its
__crt_calloc() memory allocation function. There is a very similar
bug report [1] in FreeBSD bug tracker, and an existing code-review [2]
that tries to address an issue, the description of which is very
similar to what we are seeing.
Suppress this report by adding its signature to '.tsan-suppress'.
[1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282794
[2] https://reviews.freebsd.org/D28536?id=86694
The pattern `for (x = ISC_LIST_HEAD(...); x != NULL; ISC_LIST_NEXT(...)` has been changed to `ISC_LIST_FOREACH` throughout BIND, except in a few
cases where the change would be excessively complex.
In most cases this was a straightforward change. In some places, however, the list element variable was referenced after the loop ended. Where possible, code has now been refactored to avoid this necessity.
`ISC_LIST_FOREACH` has also been modified to use `typeof(list.head)` to declare list elements automatically. When the list object to be iterated is declared with a `const` qualifier, the qualifier is passed along to the element declaration, causing a compilation failure. To avoid this problem, some `const` qualifiers have been removed; where that was not possible, `UNCONST` was used.
Merge branch 'each-isc-list-foreach' into 'main'
See merge request isc-projects/bind9!10310
use the ISC_LIST_FOREACH pattern in places where lists had
been iterated using a different pattern from the typical
`for` loop: for example, `while (!ISC_LIST_EMPTY(...))` or
`while ((e = ISC_LIST_HEAD(...)) != NULL)`.
the pattern `for (x = ISC_LIST_HEAD(...); x != NULL; ISC_LIST_NEXT(...)`
has been changed to `ISC_LIST_FOREACH` throughout BIND, except in a few
cases where the change would be excessively complex.
in most cases this was a straightforward change. in some places,
however, the list element variable was referenced after the loop
ended, and the code was refactored to avoid this necessity.
also, because `ISC_LIST_FOREACH` uses typeof(list.head) to declare
the list elements, compilation failures can occur if the list object
has a `const` qualifier. some `const` qualifiers have been removed
from function parameters to avoid this problem, and where that was not
possible, `UNCONST` was used.
ISC_LIST_FOREACH and related macros now use 'typeof(list.head)' to
declare the list elements automatically; the caller no longer needs
to do so.
ISC_LIST_FOREACH_SAFE also now implicitly declares its own 'next'
pointer, so it only needs three parameters instead of four.
Clean up dead code following merge of !10302.
Closes#5262
Merge branch '5262-cleanup-dead-code-cid-548247' into 'main'
See merge request isc-projects/bind9!10346
Libedit is now ubiquitous and has a license compatible with
MPL 2.0. We are now dropping readline (GPL 3.0) and editline (obsolete) support
in favor of libedit.
Merge branch 'ondrej/cleanup-various-readline-libraries' into 'main'
See merge request isc-projects/bind9!10202
Previously the code would not check if the string intended to be used
for SNI is a hostname.
See also: !9923Closes#5225
Merge branch '5225-dig-sni-fix' into 'main'
See merge request isc-projects/bind9!10254
Add a function that checks if a 'hostname' is not a valid IPv4 or IPv6
address. Returns 'true' if the hostname is likely a domain name, and
'false' if it represents an IP address.
Previously changed mem_test (!10320) introduces a test which checks for
the value of `__FILE__`, which is different if the build is done
out-of-tree or not, even though this is not relevant for the test (only
the base filename is). This result in a broken test for out-of-tree
builds. Fix this by changing the way the "grep" is done in the test,
ignoring the optional path prefix in the filename.
Merge branch 'colin-fix-outoftree-memtest' into 'main'
See merge request isc-projects/bind9!10343
Previously changed mem_test (!10320) introduces a test which checks for
the value of `__FILE__`, which is different if the build is done
out-of-tree or not, even though this is not relevant for the test (only
the base filename is). This result in a broken test for out-of-tree
builds. Fix this by changing the way the "grep" is done in the test,
ignoring the optional path prefix in the filename.
A recent change to the dnssec system test depended on a file
that is only in the source tree, not in the build tree, and was
therefore not available in out-of-tree builds.
Merge branch 'each-fix-dnssec-oot' into 'main'
See merge request isc-projects/bind9!10342
A recent change to the dnssec system test depended on a file
that is only in the source tree, not in the build tree, and was
therefore not available in out-of-tree builds.
libsystemd, despite being useful, adds a huge surface area for just
using the sd_notify API. libsystemd's surface has been exploited in the
past [1].
Implement the systemd notification protocol by hand since it is just
sending newline-delimited datagrams to a UNIX socket. The code shouldn't
need more attention in the future since the notification protocol is
covered under systemd's stability promise [2].
We don't need to support VSOCK-backed service notifications since they
are only intended for virtual machine inits.
[1]: https://www.openwall.com/lists/oss-security/2024/03/29/4
[2]: https://systemd.io/PORTABILITY_AND_STABILITY/
When allocating memory under -m trace|record, the __FILE__ pointer is
stored, so it can be printed out later in order to figure out in which
file an allocation leaked. (among others, like the line number).
However named crashes when called with -m record and using a plugin
leaking memory. The reason is that plugins are unloaded earlier than
when the leaked allocations are dumped (obviously, as it's done as late
as possible). In such circumstances, `__FILE__` is dangling because the
dynamically loaded library (the plugin) is not in memory anymore.
Fix the crash by systematically copying the `__FILE__` string
instead of copying the pointer. Of course, this make each allocation to
consume a bit more memory (and longer, as it needs to calculate the
length of `__FILE__`) but this occurs only under -m trace|record debugging
flags.
Merge branch 'colin-memdump-plugins' into 'main'
See merge request isc-projects/bind9!10320
When allocating memory under -m trace|record, the __FILE__ pointer is
stored, so it can be printed out later in order to figure out in which
file an allocation leaked. (among others, like the line number).
However named crashes when called with -m record and using a plugin
leaking memory. The reason is that plugins are unloaded earlier than
when the leaked allocations are dumped (obviously, as it's done as late
as possible). In such circumstances, __FILE__ is dangling because the
dynamically loaded library (the plugin) is not in memory anymore.
Fix the crash by systematically copying the __FILE__ string
instead of copying the pointer. Of course, this make each allocation to
consume a bit more memory (and longer, as it needs to calculate the
length of __FILE__) but this occurs only under -m trace|record debugging
flags.
In term of unit test, because grepping in C is not fun, and because the
whole "syntax" of the dump output is tested in other tests, this simply
search for a substring in the whole buffer to make sure the expected
allocations are found.
The new ``reset-stats`` command for ``rndc`` allows some statistics
counters to be reset during runtime. At the moment only two "high-water"
counters are supported, so the ability to reset them after the
initial peaks during the server's "warm-up" phase may be useful for
some operators.
Closes#5251
Merge branch '5251-feature-rndc-reset-high-water-statistics' into 'main'
See merge request isc-projects/bind9!10318
This new rndc option allows to reset some statistics counters during
runtime. At this moment only the high-water type counters are supported
as such an ability to reset them after the initial peaks during the
server's "warm-up" phase can be useful for some operators.
In the code base it is very common to iterate over all names in a message
section and all rdatasets for each name, but various idioms are used for
iteration.
This commit standardizes them as much as possible to a single idiom,
through the macro `MSG_SECTION_FOREACH`, similar to the existing
`ISC_LIST_FOREACH`.
Merge branch 'alessio/message-namelist-refactor' into 'main'
See merge request isc-projects/bind9!10302
In the code base it is very common to iterate over all names in a message
section and all rdatasets for each name, but various idioms are used for
iteration.
This commit standardizes them as much as possible to a single idiom,
using the macro MSG_SECTION_FOREACH, similar to the existing
ISC_LIST_FOREACH.
The code in `query_dns64()` that applies the dns64 prefixes to an A rdataset has been moved into the `dns_dns64` module, and `dns_dns64_destroy()` now unlinks the dns64 object from its containing list.
With these changes, we no longer need the list-manipulation API calls, `dns_dns64_next()` and `dns_dns64_unlink()`.
Merge branch 'each-simplify-dns64' into 'main'
See merge request isc-projects/bind9!10324
the code in query_dns64() that applies the dns64 prefixes to
an A rdataset has been moved into the dns_dns64 module, and
dns_dns64_destroy() now unlinks the dns64 object from its
containing list. with these changes, we no longer need the
list-manipulation API calls dns_dns64_next() and
dns_dns64_unlink().
Improve the LRU cache-expiration mechanism to a SIEVE-LRU based mechanism that triggers when the cache is close to the `max-cache-size` limit. This improves the recursive server performance.
Merge branch 'ondrej/sieve' into 'main'
See merge request isc-projects/bind9!10153
This is the core implementation of the SIEVE algorithm described in the
following paper:
Zhang, Yazhuo, Juncheng Yang, Yao Yue, Ymir Vigfusson, and K V
Rashmi. “SIEVE Is Simpler than LRU: An Efficient Turn-Key Eviction
Algorithm for Web Caches,” n.d.. available online from
https://junchengyang.com/publication/nsdi24-SIEVE.pdf
Unit test for isc_netaddr_masktoprefixlen were missing IPv6 mask cases.
Add those and few other IPv4 cases. Also, the test is refactored in
order to make it easy to add new cases.
Merge branch 'colin-netaddrmasktest' into 'main'
See merge request isc-projects/bind9!10328
Unit test for isc_netaddr_masktoprefixlen were missing IPv6 mask cases.
Add those and few other IPv4 cases. Also, the test is refactored in
order to make it easy to add new cases.
The string literal initialalising compressed was too big for the
array as it has an unwanted NUL terminator. This is allowed for
in C for historical reasons but produces a warning with some
compilers. Adjust the declaration to include the NUL and adjust
the users to pass in an adjusted size which excludes the NUL rather
than sizeof(compressed).
Closes#5258
Merge branch '5258-avoid-warning-initialising-compresss' into 'main'
See merge request isc-projects/bind9!10326
The string literal initialalising compressed was too big for the
array as it has an unwanted NUL terminator. This is allowed for
in C for historical reasons but produces a warning with some
compilers. Adjust the declaration to include the NUL and adjust
the users to pass in an adjusted size which excludes the NUL rather
than sizeof(compressed).
When !10262 was rebased prior to merging, there was a new
use of dnssec-keygen -n in the dnssec system test that had
not been removed in the branch, causing a test failure.
This has been fixed.
Merge branch 'each-merge-error' into 'main'
See merge request isc-projects/bind9!10325
When !10262 was rebased prior to merging, there was a
use of dnssec-keygen -n in the dnssec system test that had
not been removed, causing a test failure. This has been fixed.
The `dnssec-keygen` utility (and `dnssec-keyfromlabel`, which was derived from it) had several options dating to the time when keys in DNS were still experimental and not fully specified, and when `dnssec-keygen` had the additional function of generating TSIG keys, which are now generated by `tsig-keygen`. These options are no longer necessary in the modern DNSSEC environment, and have been removed.
The removed options are:
- `-t` (key type), which formerly set flags to disable confidentiality or authentication support in a key; these are no longer used.
- `-n` (name type), which is now always set to "ZONE" for DNSKEY and "HOST" for KEY.
- `-p` (protocol), which is now always set to 3 (DNSSEC); no other value has ever been defined.
- `-s` (signatory field), which was never fully defined.
- `-d` (digest bits), which is meaningful only for TSIG keys.
Merge branch 'each-remove-keygen-options' into 'main'
See merge request isc-projects/bind9!10262
The -s option (previously incorrectly documented as "strength")
actually set the signatory flags for KEY fields, which are unused.
The option is not needed.
The -p (protocol) option for all keys defaults to 3 (DNSSEC).
There is currently no practical reason to use any other value;
we can simplify things by removing the option.
The -n (nametype) option for keys defaults to ZONE for DNSKEY
type keys, and HOST for KEY type keys. There is currently no
practical reason to use any other name type; we can simplify
things by removing the option.
The key type flag (indicating whether a key is valid for
authentication, confidentiality, or both) is essentially
unused. By default, all DNSKEY and KEY records are valid
for both uses. Non-authenticating DNSKEY records are undefined
and meaningless, and validity checks for flags in KEY records
are sporadic at best.
We can simplify the parameters to dnssec-keygen by removing
the -t option completely.
Otherwise curl 8.13 rejects the line with:
I:Check HTTP/1.1 keep-alive with truncated stream (21)
curl: option --header: error encountered when reading a file
curl: try 'curl --help' or 'curl --manual' for more information
Also, see https://github.com/curl/curl/pull/16572.
Closes#5249
Merge branch '5249-statschannel-limit-http-header-size' into 'main'
See merge request isc-projects/bind9!10319
Otherwise curl 8.13 rejects the line with:
I:Check HTTP/1.1 keep-alive with truncated stream (21)
curl: option --header: error encountered when reading a file
curl: try 'curl --help' or 'curl --manual' for more information
Also, see https://github.com/curl/curl/pull/16572.
In QPcache, there were two places that tried to upgrade the lock. In `clean_stale_header()`, the code would try to upgrade the lock and clean up the header, and in `qpzonode_release()`, the tree lock would be optionally upgraded, so we can clean up the node directly if empty. These
optimizations are not needed and they have no effect on the performance.
Merge branch 'ondrej/no-lock-upgrade-in-check_stale_headers' into 'main'
See merge request isc-projects/bind9!10305
