2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Commit Graph

139 Commits

Author SHA1 Message Date
Aram Sargsyan
c584899b1a Fix catz db update callback registration logic error (take two)
Please see the 998765fea5 commit for
the description of the original issue. The commit had fixed the
logic error, but it was reintroduced again later with the
a1afa31a5a commit, where the check of
the 'db_registered' flag was removed in dns__catz_update_cb(). The
check was removed, because the registration function was made
idempotent, so double registration is not an issue, but the check
also prevented from unneeded registration, on which the original
fix relied.

This commit just removes the update callback registration code from
the dns__catz_update_cb() function instead of bringing back the check,
because after code flow analysis, it is now clear that it's not required
at all. The "call onupdate() artificially" comment (which was mentioned
by the removed code) is speaking about the dns_catz_dbupdate_callback()
function, which is called by server.c on (re)configuration, and that
function already takes care of update callback's registration since the
998765fea5 commit was applied, so there
is no need to do that here again.
2023-11-14 08:59:48 +00:00
Aram Sargsyan
4eb4fa288c Fix shutdown races in catzs
The dns__catz_update_cb() does not expect that 'catzs->zones'
can become NULL during shutdown.

Add similar checks in the dns__catz_update_cb() and dns_catz_zone_get()
functions to protect from such a case. Also add an INSIST in the
dns_catz_zone_add() function to explicitly state that such a case
is not expected there, because that function is called only during a
reconfiguration.
2023-10-23 08:21:39 +00:00
Ondřej Surý
3340c82b99 Improve isc_refcount with initializer and implicit destroy
Add ISC_REFCOUNT_INITIALIZER(x) macro and implicitly call
isc_refcount_destroy() in the ISC_REFCOUNT_IMPL() macros
to reduce code duplicities.
2023-09-24 10:08:56 +02:00
Evan Hunt
8bda38e7d4 remove dns_name_totext2() and dns_name_toprincipal()
we can pass option flags to dns_name_totext() to get the same
results, and eliminate the extra function names.
2023-08-31 12:53:32 -07:00
Evan Hunt
a290ed5bd0 remove dns_name_fromstring2()
we don't need two versions of dns_name_fromstring() any longer; we
can just specify an origin value of dns_rootname for absolute names.
2023-08-31 10:29:16 -07:00
Ondřej Surý
a1afa31a5a Use cds_lfht for updatenotify mechanism in dns_db unit
The updatenotify mechanism in dns_db relied on unlocked ISC_LIST for
adding and removing the "listeners".  The mechanism relied on the
exclusive mode - it should have been updated only during reconfiguration
of the server.  This turned not to be true anymore in the dns_catz - the
updatenotify list could have been updated during offloaded work as the
offloaded threads are not subject to the exclusive mode.

Change the update_listeners to be cds_lfht (lock-free hash-table), and
slightly refactor how register and unregister the callbacks - the calls
are now idempotent (the register call already was and the return value
of the unregister function was mostly ignored by the callers).
2023-07-31 18:11:34 +02:00
Ondřej Surý
48714a9c1d Cleanup the dns_catz unit API
1. Change the _new, _add and _copy functions to return the new object
   instead of returning 'void' (or always ISC_R_SUCCESS)

2. Cleanup the isc_ht_find() + isc_ht_add() usage - the code is always
   locked with catzs->lock (mutex), so when isc_ht_find() returns
   ISC_R_NOTFOUND, the isc_ht_add() must always succeed.

3. Instead of returning direct iterator for the catalog zone entries,
   add dns_catz_zone_for_each_entry2() function that calls callback
   for each catalog zone entry and passes two extra arguments to the
   callback.  This will allow changing the internal storage for the
   catalog zone entries.

4. Cleanup the naming - dns_catz_<fn>_<obj> -> dns_catz_<obj>_<fn>, as an
   example dns_catz_new_zone() gets renamed to dns_catz_zone_new().
2023-07-24 19:49:14 +02:00
Aram Sargsyan
28bb419edc Add shutdown checks in dns_catz_dbupdate_callback()
When a zone database update callback is called, the 'catzs' object,
extracted from the callback argument, might be already shutting down,
in which case the 'catzs->zones' can be NULL and cause an assertion
failure when calling isc_ht_find().

Add an early return from the callback if 'catzs->shuttingdown' is true.

Also check the validity of 'catzs->zones' after locking 'catzs' in
case there is a race with dns_catz_shutdown_catzs() running in another
thread.
2023-07-06 10:46:46 +00:00
Aram Sargsyan
6f1f5fc307 Fix a data race between the dns_zone and dns_catz modules
The dns_zone_catz_enable_db() and dns_zone_catz_disable_db()
functions can race with similar operations in the catz module
because there is no synchronization between the threads.

Add catz functions which use the view's catalog zones' lock
when registering/unregistering the database update notify callback,
and use those functions in the dns_zone module, instead of doing it
directly.
2023-06-15 08:49:20 +00:00
Aram Sargsyan
998765fea5 Fix catz db update callback registration logic error
When a catalog zone is updated using AXFR, the zone database is changed,
so it is required to unregister the update notification callback from
the old database, and register it for the new one.

Currently, here is the order of the steps happening in such scenario:

1. The zone.c:zone_startload() function registers the notify callback
   on the new database using dns_zone_catz_enable_db()
2. The callback, when called, notices that the new 'db' is different
   than 'catz->db', and unregisters the old callback for 'catz->db',
   marks that it's unregistered by setting 'catz->db_registered' to
   false, then it schedules an update if it isn't already scheduled.
3. The offloaded update process, after completing its job, notices that
   'catz->db_registered' is false, and (re)registers the update callback
   for the current database it is working on. There is no harm here even
   if it was registered also on step 1, and we can't skip it, because
   this function can also be called "artificially" during a
   reconfiguration, and in that case the registration step is required
   here.

A problem arises when before step 1 an update process was already
in a running state, operating on the old database, and finishing its
work only after step 2. As described in step 3, dns__catz_update_cb()
notices that 'catz->db_registered' is false and registers the callback
on the current database it is working on, which, at that state, is
already obsolete and unused by the zone. When it detaches the database,
the function which is responsible for its cleanup (e.g. free_rbtdb())
asserts because there is a registered update notify callback there.

To fix the problem, instead of delaying the (re)registration to step 3,
make sure that the new callback is registered and 'catz->db_registered'
is accordingly marked on step 2.
2023-06-13 12:58:13 +00:00
Mark Andrews
8d86fa7135 Extend dns_view_findzone to take an options argument
This is in preparation to allow the few remaining direct
dns_zt_find(view->zonetable, ...) to use it for rcu mediated
access to view->zonetable.
2023-06-01 16:51:38 +02:00
Tony Finch
b171cacf4f Use a qp-trie for the zone table
This change makes the zone table lock-free for reads. Previously, the
zone table used a red-black tree, which is not thread safe, so the hot
read path acquired both the per-view mutex and the per-zonetable
rwlock. (The double locking was to fix to cleanup races on shutdown.)

One visible difference is that zones are not necessarily shut down
promptly: it depends on when the qp-trie garbage collector cleans up
the zone table. The `catz` system test checks several times that zones
have been deleted; the test now checks for zones to be removed from
the server configuration, instead of being fully shut down. The catz
test does not churn through enough zones to trigger a gc, so the zones
are not fully detached until the server exits.

After this change, it is still possible to improve the way we handle
changes to the zone table, for instance, batching changes, or better
compaction heuristics.
2023-04-05 12:38:11 +01:00
Ondřej Surý
2ded876db2 Attach catzs to catz instead of doing this explicitly
Instead of explicitly adding a reference to catzs (catalog zones) when
calling the update callback, attach the catzs to the catz (catalog zone)
object to keep it referenced for the whole time the catz exists.
2023-04-04 10:33:04 +00:00
Ondřej Surý
a5f5f68502 Refactor isc_time_now() to return time, and not result
The isc_time_now() and isc_time_now_hires() were used inconsistently
through the code - either with status check, or without status check,
or via TIME_NOW() macro with RUNTIME_CHECK() on failure.

Refactor the isc_time_now() and isc_time_now_hires() to always fail when
getting current time has failed, and return the isc_time_t value as
return value instead of passing the pointer to result in the argument.
2023-03-31 15:02:06 +02:00
Aram Sargsyan
a2817541b3 Fix a data race in dns__catz_update_cb()
The dns__catz_update_cb() function was earlier updated (see
d2ecff3c4a) to use a separate
'dns_db_t' object ('catz->updb' instead of 'catz->db') to
avoid a race between the 'dns__catz_update_cb()' and
'dns_catz_dbupdate_callback()' functions, but the 'REQUIRE'
check there still checks the validity of the 'catz->db' object.

Fix the omission.
2023-03-27 11:02:25 +00:00
Aram Sargsyan
dc2b8bb1c9 Hold a catz reference while the update process is running
This should delay the catalog zone from being destroyed during
shutdown, if the update process is still running.

Doing this should not introduce significant shutdown delays, as
the update function constantly checks the 'shuttingdown' flag
and cancels the process if it is set.
2023-03-21 10:15:30 +00:00
Aram Sargsyan
6980e3b354 Check if catz is active in dns__catz_update_cb()
A reconfiguration can deactivate the catalog zone, while the
offloaded update process was preparing to run.
2023-03-02 17:40:10 +00:00
Aram Sargsyan
67c77aba38 Check if catz is active in dns__catz_timer_cb()
A reconfiguration can deactivate the catalog zone, while the
update process was deferred using a timer.
2023-03-02 17:40:10 +00:00
Aram Sargsyan
3973724d67 Use catzs->lock in dns_catz_prereconfig()
There can be an update running in another thread, so use a lock,
like it's done in dns_catz_postreconfig().
2023-03-02 17:40:10 +00:00
Aram Sargsyan
a87859f1fa catz: protect db_registered and db callback (un)registration with a lock
Doing this to avoid a race between the 'dns__catz_update_cb()' and
'dns_catz_dbupdate_callback()' functions.
2023-03-02 17:40:10 +00:00
Aram Sargsyan
d2ecff3c4a catz: use two pairs of dns_db_t and dns_dbversion_t in a catalog zone
As it is done in the RPZ module, use 'db' and 'dbversion' for the
database we are going to update to, and 'updb' and 'updbversion' for
the database we are working on.

Doing this should avoid a race between the 'dns__catz_update_cb()' and
'dns_catz_dbupdate_callback()' functions.
2023-03-02 17:39:43 +00:00
Aram Sargsyan
2ae3bc6e1d Add a lock for dns_catz_zone_t
Use a lock for the catalog zones during dns__catz_zones_merge() to
avoid races between 'catz' and 'parentcatz'.
2023-03-01 15:36:36 +00:00
Aram Sargsyan
cf79692a66 catz: unregister the db update-notify callback before detaching from db
When detaching from the previous version of the database, make sure
that the update-notify callback is unregistered, otherwise there is
an INSIST check which can generate an assertion failure in free_rbtdb(),
which checks that there are no outstanding update listeners in the list.

There is a similar code already in place for RPZ.
2023-02-27 10:06:32 +00:00
Aram Sargsyan
0ef0c86632 Searching catzs->zones requires a read lock
Lock the catzs->lock mutex before searching in the catzs->zones
hash table.
2023-02-27 10:06:32 +00:00
Aram Sargsyan
030ffbf475 Make sure catz->catzs isn't destroyed before catz
Call dns_catz_unref_catzs() only after detaching 'catz'.
2023-02-24 19:40:34 +00:00
Ondřej Surý
4e7187601f Pause the catz dbiterator while processing the zone
The dbiterator read-locks the whole zone and it stayed locked during
whole processing time when catz is being read.  Pause the iterator, so
the updates to catz zone are not being blocked while processing the catz
update.
2023-02-24 17:06:18 +01:00
Ondřej Surý
b1cd4a066a Unlock catzs during dns__catz_update_cb()
Instead of holding the catzs->lock the whole time we process the catz
update, only hold it for hash table lookup and then release it.  This
should unblock any other threads that might be processing updates to
catzs triggered by extra incoming transfer.
2023-02-24 17:04:33 +01:00
Aram Sargsyan
0b96c9234f Offload catalog zone updates
Offload catalog zone processing so that the network manager threads
are not interrupted by a large catalog zone update.

Introduce a new 'updaterunning' state alongside with 'updatepending',
like it is done in the RPZ module.

Note that the dns__catz_update_cb() function currently holds the
catzs->lock during the whole process, which is far from being optimal,
but the issue is going to be addressed separately.
2023-02-24 15:18:02 +01:00
Aram Sargsyan
246b7084d6 Add shutdown signaling for catalog zones
This change should make sure that catalog zone update processing
doesn't happen when the catalog zone is being shut down. This
should help avoid races when offloading the catalog zone updates
in the follow-up commit.
2023-02-24 15:06:54 +01:00
Aram Sargsyan
53f0c5a9ac Add reference count tracing for dns_catz_zone_t and dns_catz_zones_t
Tracing can be activated by defining DNS_RPZ_TRACE in catz.h.
2023-02-24 15:00:26 +01:00
Aram Sargsyan
8cb79fec9d Light refactoring of catz.c
* Change 'dns_catz_new_zones()' function's prototype (the order of the
  arguments) to synchronize it with the similar function in rpz.c.
* Rename 'refs' to 'references' in preparation of ISC_REFCOUNT_*
  macros usage for reference tracking.
* Unify dns_catz_zone_t naming to catz, and dns_catz_zones_t naming to
  catzs, following the logic of similar changes in rpz.c.
* Use C compound literals for structure initialization.
* Synchronize the "new zone version came too soon" log message with the
  one in rpz.c.
* Use more of 'sizeof(*ptr)' style instead of the 'sizeof(type_t)' style
  expressions when allocating or freeing memory for 'ptr'.
2023-02-24 15:00:26 +01:00
Aram Sargsyan
18d67fa916 Remove catzs->loop
The 'loop' member of the dns_catz_zones structure is not used.
2023-02-23 08:56:37 +00:00
Evan Hunt
a52b17d39b remove isc_task completely
as there is no further use of isc_task in BIND, this commit removes
it, along with isc_taskmgr, isc_event, and all other related types.

functions that accepted taskmgr as a parameter have been cleaned up.
as a result of this change, some functions can no longer fail, so
they've been changed to type void, and their callers have been
updated accordingly.

the tasks table has been removed from the statistics channel and
the stats version has been updated. dns_dyndbctx has been changed
to reference the loopmgr instead of taskmgr, and DNS_DYNDB_VERSION
has been udpated as well.
2023-02-16 18:35:32 +01:00
Evan Hunt
a9f9041fe6 refactor dns_catz to use loop callbacks
catz events are now scheduled using isc_task_async() instead
of isc_task_send().
2023-02-16 17:51:55 +01:00
Tony Finch
6927a30926 Remove do-nothing header <isc/print.h>
This one really truly did nothing. No lines added!
2023-02-15 16:44:47 +00:00
Evan Hunt
916ea26ead remove nonfunctional DSCP implementation
DSCP has not been fully working since the network manager was
introduced in 9.16, and has been completely broken since 9.18.
This seems to have caused very few difficulties for anyone,
so we have now marked it as obsolete and removed the
implementation.

To ensure that old config files don't fail, the code to parse
dscp key-value pairs is still present, but a warning is logged
that the feature is obsolete and should not be used. Nothing is
done with configured values, and there is no longer any
range checking.
2023-01-09 12:15:21 -08:00
Ondřej Surý
6bd2b34180 Enable auto-reallocation for all isc_buffer_allocate() buffers
When isc_buffer_t buffer is created with isc_buffer_allocate() assume
that we want it to always auto-reallocate instead of having an extra
call to enable auto-reallocation.
2022-12-20 19:13:48 +01:00
Ondřej Surý
135ec7a0f0 Remove single use isc_buffer_putdecint() function
The isc_buffer_putdecint() could be easily replaced with
isc_buffer_printf() with just a small overhead of calling vsnprintf()
twice instead once.  This is not on a hot-path (dns_catz unit), so we
can ignore the overhead and instead have less single-use code in favor
of using reusable more generic function.
2022-12-20 19:13:48 +01:00
Ondřej Surý
aea251f3bc Change the isc_buffer_reserve() to take just buffer pointer
The isc_buffer_reserve() would be passed a reference to the buffer
pointer, which was unnecessary as the pointer would never be changed
in the current implementation.  Remove the extra dereference.
2022-12-20 19:13:48 +01:00
Aram Sargsyan
72b1760ea6 Fix logging a uint32_t SOA serial value in dns_catz_update_from_db()
The dns_catz_update_from_db() function prints serial number as a signed
number (with "%d" in the format string), but the `vers` variable's type
is 'uint32_t'. This breaks serials bigger than 2^31.

Use PRIu32 instead of "d" in the format string.
2022-12-15 13:24:58 +00:00
Mark Andrews
7695c36a5d Extend dns_db_allrdatasets to control interation results
Add an options parameter to control what rdatasets are returned when
iteratating over the node.  Specific modes will be added later.
2022-12-07 22:20:02 +00:00
Mark Andrews
b1086a5561 Add missing DbC magic checks
Checking for value != NULL is not sufficient to detect use after
free errors.
2022-12-07 09:04:08 +11:00
Mark Andrews
f13e71e551 Suppress duplicate dns_db_updatenotify_register registrations
Duplicate dns_db_updatenotify_register registrations need to be
suppressed to ensure that dns_db_updatenotify_unregister is successful.
2022-12-07 09:04:08 +11:00
Michal Nowak
afdb41a5aa Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
Mark Andrews
65f2512315 TLS setting of primaries with catalog zones where being ignored
Extract the tlss values if present from the ipkeylist entry and add
the resulting tls setting to the constructed configuration for the
primary.

When comparing catalog zone entries for reuse also check the
masters.tlss values for equality.
2022-11-25 08:50:36 +11:00
Ondřej Surý
c1d26b53eb Add and use semantic patch to replace isc_mem_get/allocate+memset
Add new semantic patch to replace the straightfoward uses of:

  ptr = isc_mem_{get,allocate}(..., size);
  memset(ptr, 0, size);

with the new API call:

  ptr = isc_mem_{get,allocate}x(..., size, ISC_MEM_ZERO);
2022-10-05 16:44:05 +02:00
Mark Andrews
9172bd9b5a Check that primary key names have not changed
When looking for changes in a catalog zone member zone we need to
also check if the TSIG key name associated with a primary server
has be added, removed or changed.
2022-09-27 21:54:02 +10:00
Ondřej Surý
1c7295af46 Create the catalog zones update timer on demand
Instead of creating the catalog zone deferred update timer when creating
the catalog zone object, create it on demand on the current loop and
destroy it as soon as the timer has finished its job.  There's a
side-effect - the processing of the catalog zone update is now done on
the current loop - previously, it was always on the main loop.
2022-09-21 14:25:33 -07:00
Ondřej Surý
b69e783164 Update netmgr, tasks, and applications to use isc_loopmgr
Previously:

* applications were using isc_app as the base unit for running the
  application and signal handling.

* networking was handled in the netmgr layer, which would start a
  number of threads, each with a uv_loop event loop.

* task/event handling was done in the isc_task unit, which used
  netmgr event loops to run the isc_event calls.

In this refactoring:

* the network manager now uses isc_loop instead of maintaining its
  own worker threads and event loops.

* the taskmgr that manages isc_task instances now also uses isc_loopmgr,
  and every isc_task runs on a specific isc_loop bound to the specific
  thread.

* applications have been updated as necessary to use the new API.

* new ISC_LOOP_TEST macros have been added to enable unit tests to
  run isc_loop event loops. unit tests have been updated to use this
  where needed.
2022-08-26 09:09:24 +02:00
Ondřej Surý
49b149f5fd Update isc_timer to use isc_loopmgr
* isc_timer was rewritten using the uv_timer, and isc_timermgr_t was
  completely removed; isc_timer objects are now directly created on the
  isc_loop event loops.

* the isc_timer API has been simplified. the "inactive" timer type has
  been removed; timers are now stopped by calling isc_timer_stop()
  instead of resetting to inactive.

* isc_manager now creates a loop manager rather than a timer manager.

* modules and applications using isc_timer have been updated to use the
  new API.
2022-08-25 17:17:07 +02:00