2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00

39204 Commits

Author SHA1 Message Date
Michal Nowak
2e0550970b
Add Fedora 38 2023-05-19 13:47:53 +02:00
Michal Nowak
55cec5d45d Merge branch '4077-add-RUNTIME_CHECK-around-wrap' into 'main'
Ensure "wrap" variable is non-NULL

Closes #4077

See merge request isc-projects/bind9!7948
2023-05-19 09:07:18 +00:00
Michal Nowak
1fe5c008d6
Ensure "wrap" variable is non-NULL
RUNTIME_CHECK on the "wrap" variable avoids possible NULL dereference:

    thread.c: In function 'thread_wrap':
    thread.c:60:15: error: dereference of possibly-NULL 'wrap' [CWE-690] [-Werror=analyzer-possible-null-dereference]
       60 |         *wrap = (struct thread_wrap){

The RUNTIME_CHECK was there before
7d1ceaf35dbc25dfbca32deffa7f6ff8f452e75f.
2023-05-19 11:02:59 +02:00
Michal Nowak
896cf6364a Merge branch 'mnowak/get_core_dumps-fix-misplaced-tsan-line' into 'main'
TSAN summarising line was misplaced in get_core_dumps.sh

See merge request isc-projects/bind9!7870
2023-05-19 07:18:11 +00:00
Michal Nowak
0c4c7ddec4
TSAN summarising line was misplaced in get_core_dumps.sh
The line summarising TSAN reports was misplaced in the ASAN territory
and thus never used.

I also made core dumps, assertion failures, and TSAN reports detection
independent of each other.
2023-05-19 08:57:36 +02:00
Michał Kępień
59ea45fc48 Merge branch 'michal/cmocka-future-proofing' into 'main'
cmocka future-proofing

See merge request isc-projects/bind9!7939
2023-05-18 13:30:48 +00:00
Michał Kępień
6029010dd2
Remove <isc/cmocka.h>
The last use of the cmocka_add_test_byname() helper macro was removed in
commit 63fe9312ff8f54bc79e399bdbd5aaa15cd3e5459.  Remove the
<isc/cmocka.h> header that defines it.
2023-05-18 15:12:23 +02:00
Michał Kępień
8d36e68c7a
Fix cmocka-related compiler warnings in ht_test
tests/isc/ht_test.c triggers the following compiler warnings when built
against development versions of cmocka:

    In file included from ht_test.c:24:
    ht_test.c: In function ‘test_ht_full’:
    ht_test.c:68:45: warning: passing argument 2 of ‘_assert_ptr_equal’ makes pointer from integer without a cast [-Wint-conversion]
       68 |                 assert_ptr_equal((void *)i, (uintptr_t)f);
    /usr/include/cmocka.h:1513:56: note: in definition of macro ‘assert_ptr_equal’
     1513 | #define assert_ptr_equal(a, b) _assert_ptr_equal((a), (b), __FILE__, __LINE__)
          |                                                        ^
    /usr/include/cmocka.h:2907:36: note: expected ‘const void *’ but argument is of type ‘long unsigned int’
     2907 |                        const void *b,
          |                        ~~~~~~~~~~~~^
    ht_test.c:163:45: warning: passing argument 2 of ‘_assert_ptr_equal’ makes pointer from integer without a cast [-Wint-conversion]
      163 |                 assert_ptr_equal((void *)i, (uintptr_t)f);
    /usr/include/cmocka.h:1513:56: note: in definition of macro ‘assert_ptr_equal’
     1513 | #define assert_ptr_equal(a, b) _assert_ptr_equal((a), (b), __FILE__, __LINE__)
          |                                                        ^
    /usr/include/cmocka.h:2907:36: note: expected ‘const void *’ but argument is of type ‘long unsigned int’
     2907 |                        const void *b,
          |                        ~~~~~~~~~~~~^

These are caused by a change to the definitions of pointer assert
functions in cmocka's development branch [1].  Fix by casting the
affected variables to (void *) instead of (uintptr_t).

[1] https://git.cryptomilk.org/projects/cmocka.git/commit/?id=09621179af67535788a67957a910d9f17c975b45
2023-05-18 15:12:23 +02:00
Michał Kępień
c2dcd055fe
Include <inttypes.h> whenever including <cmocka.h>
Development versions of cmocka require the intmax_t and uintmax_t types
to be defined by the time the test code includes the <cmocka.h> header.
These types are defined in the <stdint.h> header, which is included by
the <inttypes.h> header, which in turn is already explicitly included by
some of the programs in the tests/ directory.  Ensure all programs in
that directory that include the <cmocka.h> header also include the
<inttypes.h> header to future-proof the code while keeping the change
set minimal and the resulting code consistent.  Also prevent explicitly
including the <stdint.h> header in those programs as it is included by
the <inttypes.h> header.
2023-05-18 15:12:23 +02:00
Michał Kępień
ddbbb8612d BIND 9.19.13
-----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCgAtFiEENKwGS3ftSQfs1TU17QVz/8hFYQUFAmRY+ukPHG1pY2hhbEBp
 c2Mub3JnAAoJEO0Fc//IRWEFksoP/Rx7KTI4Htbh7+oE630S23Yi5NpxUVJWLEtV
 0fL97kg3Yq3/AIwYXs+Gr3GzsTOYGZAxYi/n7q+OyLBQjsigAegmdHGwyUzzr9yY
 o3WRi3GH/PH3CUg/Be6wh2y747b1O/aXRAAFf429Qe4IVX2iLcNveqVx6Z6otI9B
 pf7ZrqhK2Na5FCms58XfMbMLNDdZGaJ0/oWjtwnnbKEtAzMqsiAfLH67FfLL8L5H
 rymlHSpMSOZpBFv0m8aHMsf7tfFqL4ouOvOhiSpuyDLAkuvF5LUoKKpYUQOp7kj/
 9Bem2Yf1zCq8o2YdKGF/zPkK4sjga15JIC+E6qLY6gXPhyGiTwUJLocvx47nLds3
 PN9Q9y/AA79MOTN5yRD0EC/gkTYDolfZg0nkM6K3aM00DccUl0OeNZMj1dxYT3Vn
 JQxnoL9VPlKyaKxuqcDwl0IX7FSguYn6BPwVsSSHOfGqq6+MFHLdEOtxlSBVgV+2
 gnCMp3YkSwGs1rVu+zxr9DT0Gr2x+E5/Zv75Xaz1/z81FxZdYyyHTwR8MU+fSz/c
 yxD4TIOEhsaeuhwvzMIvHKwbQ68/vnKIesRPao+jtkrtQ+3l5b/XohWtPPqDGFtK
 rZ88HsnLVnL8BT0294/yYM/WJQaD7gKYSj0/VJkw3xslBW2JJiWzz9cseo0hLrTp
 52sp68Bt
 =sw5x
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN SSH SIGNATURE-----
 U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAg25GGAuUyFX1gxo7QocNm8V6J/8
 frHSduYX7Aqk4iJLwAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
 AAAAQItgB8Uzd8nX/JAJsnR7vqOIyPjMA4+mq730TN43PBT/CFnQngS1ARI6VuXym/i4Mg
 a68t/1QoApXb4/5ESrwwA=
 -----END SSH SIGNATURE-----

Merge tag 'v9.19.13'

BIND 9.19.13
2023-05-18 14:06:04 +02:00
Mark Andrews
1845e8bff3 Merge branch '4022-three-dnssec-failures-on-fedora-38' into 'main'
Resolve "Three "dnssec" failures on Fedora 38"

Closes #4022

See merge request isc-projects/bind9!7932
2023-05-18 00:42:17 +00:00
Mark Andrews
d360d8af8f Let RSASHA1 signing keys be ignored in FIPS mode
When the FIPS provider is available, RSASHA1 signing keys for zone
"example.com." are ignored if the zone is attempted to be signed with
the dnssec-signzone "-F" (FIPS mode) option:

    "fatal: No signing keys specified or found"
2023-05-17 23:51:39 +00:00
Michał Kępień
35094195cf Merge branch '4071-placeholder' into 'main'
Add placeholder for GL #4071

Closes #4071

See merge request isc-projects/bind9!7941
2023-05-17 14:28:22 +00:00
Michał Kępień
b95f85f4a9
Add placeholder for GL #4071 2023-05-17 16:26:39 +02:00
Tony Finch
55cc071547 Merge branch '4069-upforwd-wait' into 'main'
Fix the `upforwd` system test

Closes #4069

See merge request isc-projects/bind9!7931
2023-05-16 15:29:29 +00:00
Tony Finch
725c2b12e8
CHANGES for [GL #4069]
[test]		Fix the `upforwd` system test to be more reliable,
		especially when using thread sanitizer.
2023-05-16 13:38:05 +01:00
Evan Hunt
6bf35c2f19
Match UQ and UR stats to domain name
The upforwd test for forwarding updates to a dead primary can continue
running a little bit past its end, causing update replies to be
recorded during a subsequent test case. Correct this by only looking
for update requests and replies for the specific domain name being
tested at any given time.
2023-05-16 13:37:07 +01:00
Tony Finch
2e96d225ae
Fix the upforwd system test
After the RCU changes were merged, the `upforwd` test started
consistenly failing when run under thread sanitizer. After some
investigation, it turned out that retry attempts were continuing after
the "update forwarding to dead primary" test. This caused mismatches
in the DNSTAP message counts for the subsequent tests, because they
were also counting retries.

Fix this problem by `wait`ing for the `nsupdate` processes to exit.

While investigating the bug, I replaced several fixed 15 second delays
with `wait_for_log`, so the test runs faster.
2023-05-16 13:37:02 +01:00
Mark Andrews
7d3cd47a7a Merge branch '4066-resolv-conf-parsing-eats-lines-if-more-than-3-nameservers-set' into 'main'
Resolve "resolv.conf parsing eats lines if more than 3 nameservers set"

Closes #4066

See merge request isc-projects/bind9!7922
2023-05-16 03:25:34 +00:00
Mark Andrews
36dab033dc Add CHANGES for [GL #4066] 2023-05-16 02:04:55 +00:00
Mark Andrews
864cd08052 Properly process extra nameserver lines in resolv.conf
The whole line needs to be read rather than just the token "nameserver"
otherwise the next line in resolv.conf is not properly processed.
2023-05-16 02:04:55 +00:00
Tony Finch
15eaf9d3f2 Merge branch 'fanf-urcu-qsbr-build' into 'main'
Fixes for liburcu-qsbr

Closes #4067

See merge request isc-projects/bind9!7925
2023-05-15 20:49:47 +00:00
Tony Finch
c319ccd4c9 Fixes for liburcu-qsbr
Move registration and deregistration of the main thread from
`isc_loopmgr_run()` into `isc__initialize()` / `isc__shutdown()`:
liburcu-qsbr fails an assertion if we try to use it from an
unregistered thread, and we need to be able to use it when the
event loops are not running.

Use `rcu_assign_pointer()` and `rcu_dereference()` in qp-trie
transactions so that they properly mark threads as online. The
RCU-protected pointer is no longer declared atomic because
liburcu does not (yet) use standard C atomics.

Fix the definition of `isc_qsbr_rcu_dereference()` to return
the referenced value, and to call the right function inside
liburcu.

Change the thread sanitizer suppressions to match any variant of
`rcu_*_barrier()`
2023-05-15 20:49:42 +00:00
Tony Finch
b4326572dd Merge branch '4068-coverity-uv_async_send' into 'main'
Check the return value from uv_async_send()

Closes #4068

See merge request isc-projects/bind9!7926
2023-05-15 20:49:23 +00:00
Tony Finch
afae41aa40
Check the return value from uv_async_send()
An omission pointed out by the following report from Coverity:

    /lib/isc/loop.c: 483 in isc_loopmgr_pause()
    >>>     CID 455002:  Error handling issues  (CHECKED_RETURN)
    >>>     Calling "uv_async_send" without checking return value (as is done elsewhere 5 out of 6 times).
    483     		uv_async_send(&loop->pause_trigger);
2023-05-15 18:52:04 +01:00
Michal Nowak
e047508cb4 Merge branch 'mnowak/openbsd-7.3' into 'main'
Add OpenBSD 7.3

See merge request isc-projects/bind9!7847
2023-05-15 17:46:44 +00:00
Michal Nowak
ff52cd9604
Add OpenBSD 7.3 2023-05-15 18:55:38 +02:00
Michal Nowak
b59c58702e Merge branch 'mnowak/freebsd-13.2' into 'main'
Add FreeBSD 13.2

See merge request isc-projects/bind9!7846
2023-05-15 16:31:38 +00:00
Michal Nowak
81ad645d7d
Add FreeBSD 13.2 2023-05-15 18:31:07 +02:00
Evan Hunt
996819b0a3 Merge branch '4064-read-timeout-failure' into 'main'
allow streamdns read to resume after timeout

Closes #4064

See merge request isc-projects/bind9!7921
2023-05-15 16:25:45 +00:00
Evan Hunt
b4ac7faee9 allow streamdns read to resume after timeout
when reading on a streamdns socket failed due to timeout, but
the dispatch was still waiting for other responses, it would
resume reading by calling isc_nm_read() again. this caused
an assertion because the socket was already reading.

we now check that either the socket is reading, or that it was
already reading on the same handle.
2023-05-13 23:31:45 -07:00
Tony Finch
562697e703 Merge branch 'fanf-urcu-qp' into 'main'
Replace isc_qsbr with liburcu-qsbr

Closes #3936 and #4019

See merge request isc-projects/bind9!7668
2023-05-12 20:43:30 +00:00
Tony Finch
5e97ec5ead
CHANGES note for [GL #3936]
[cleanup]	Refactor the loop manager and qp-trie code to remove
		isc_qsbr and use liburcu instead. [GL #3936]
2023-05-12 20:50:37 +01:00
Tony Finch
fc770a8bd0
Remove the now-unused ISC_STACK
We are using the liburcu concurrent data structures instead.
2023-05-12 20:49:43 +01:00
Tony Finch
f11cc83142
Use per-CPU RCU helper threads
Create and free per-CPU helper threads from the main thread and tell
thread sanitizer to suppress leaking threads. (We are not leaking
threads ourselves and we can safely ignore the Userspace-RCU thread
leaks.)
2023-05-12 20:48:31 +01:00
Tony Finch
c377e0a9e3
Help thread sanitizer to cope with liburcu
All the places the qp-trie code was using `call_rcu()` needed
`__tsan_release()` and `__tsan_acquire()` annotations, so
add a couple of wrappers to encapsulate this pattern.

With these wrappers, the tests run almost clean under thread
sanitizer. The remaining problems are due to `rcu_barrier()`
which can be suppressed using `.tsan-suppress`. It does not
suppress the whole of `liburcu`, because we would like thread
sanitizer to detect problems in `call_rcu()` callbacks, which
are called from `liburcu`.

The CI jobs have been updated to use `.tsan-suppress` by
default, except for a special-case job that needs the
additional suppressions in `.tsan-suppress-extra`.

We might be able to get rid of some of this after liburcu gains
support for thread sanitizer.

Note: the `rcu_barrier()` suppression is not entirely effective:
tsan sometimes reports races that originate inside `rcu_barrier()`
but tsan has discarded the stack so it does not have the
information required to suppress the report. These "races" can
be made much easier to reproduce by adding `atexit_sleep_ms=1000`
to `TSAN_OPTIONS`. The problem with tsan's short memory can be
addressed by increasing `history_size`: when it is large enough
(6 or 7) the `rcu_barrier()` stack usually survives long enough
for suppression to work.
2023-05-12 20:48:31 +01:00
Tony Finch
2bce998b2b
Avoid using the zone timer after its loop has gone
Shutdown and cleanup of zones is more asynchronous with the qp-trie
zone table. As a result it's possible that some activity is delayed
until after a zone has been released from its zonemanager.

Previously, the dns_zone code was not very strict in the way it
refers to the loop it is running on: The loop pointer was stashed when
dns_zonemgr_managezone() was called and never cleared. Now, zones
properly attach to and detach from their loops.

The zone timer depends on its loop. The shutdown crashes occurred
when asynchronous calls tried to modify the zone timer after
dns_zonemgr_releasezone() has been called and the loop was
invalidated. In these cases the attempt to set the timer is now
ignored, with a debug log message.
2023-05-12 20:48:31 +01:00
Tony Finch
c890b9b124
Get the tests working with liburcu
Mostly a few qp-trie details to adjust.
2023-05-12 20:48:31 +01:00
Tony Finch
9882a6ef90
The zone table no longer depends on the loop manager
This reverts some of the changes in commit b171cacf4f0123ba
because now it isn't necessary to pass the loopmgr around.
2023-05-12 20:48:31 +01:00
Tony Finch
6217e434b5
Refactor the core qp-trie code to use liburcu
A `dns_qmpulti_t` no longer needs to know about its loopmgr. We no
longer keep a linked list of `dns_qpmulti_t` that have reclamation
work, and we no longer mark chunks with the phase in which they are to
be reclaimed. Instead, empty chunks are listed in an array in a
`qp_rcu_t`, which is passed to call_rcu().
2023-05-12 20:48:31 +01:00
Tony Finch
05ca11e122
Remove isc_qsbr (we are using liburcu instead)
This commit breaks the qp-trie code.
2023-05-12 20:48:31 +01:00
Tony Finch
cd0795beea
Slightly more sanitary thread dispatch
Tell thread sanitizer that the thread wrapper is released before
passing it to a new thread.
2023-05-12 20:48:31 +01:00
Tony Finch
2e0c954806
Wait for RCU to finish before destroying a memory context
Memory reclamation by `call_rcu()` is asynchronous, so during shutdown
it can lose a race with the destruction of its memory context. When we
defer memory reclamation, we need to attach to the memory context to
indicate that it is still in use, but that is not enough to delay its
destruction. So, call `rcu_barrier()` in `isc_mem_destroy()` to wait
for pending RCU work to finish before proceeding to destroy the memory
context.
2023-05-12 20:48:31 +01:00
Tony Finch
4f97a679f0
A macro for the size of a struct with a flexible array member
It can be fairly long-winded to allocate space for a struct with a
flexible array member: in general we need the size of the struct, the
size of the member, and the number of elements. Wrap them all up in a
STRUCT_FLEX_SIZE() macro, and use the new macro for the flexible
arrays in isc_ht and dns_qp.
2023-05-12 20:48:31 +01:00
Evan Hunt
5673c9912e Merge branch '4046-rndc-t-option' into 'main'
add 'rndc -t' option to set timeout

Closes #4046

See merge request isc-projects/bind9!7889
2023-05-12 19:37:36 +00:00
Evan Hunt
0ee38f905f CHANGES and release note for part 2 of [GL #4046] 2023-05-12 11:29:16 -07:00
Evan Hunt
922a390852 add 'rndc -t' option to set timeout
Allow an arbitrary TCP timeout value to be specified when running
rndc, so that commands that take a long time to execute (for example,
reloading a very large configuration) can be given time to do so.
2023-05-12 11:28:21 -07:00
Arаm Sаrgsyаn
7a2784addd Merge branch '4054-zone_resigninc-bugfix' into 'main'
zone_resigninc(): check whether zone->db is a valid pointer before attaching

Closes #4054

See merge request isc-projects/bind9!7914
2023-05-12 13:37:46 +00:00
Aram Sargsyan
00ed5f84a9 Add a CHANGES note for [GL #4054] 2023-05-12 13:37:27 +00:00
Aram Sargsyan
fae0930eb8 Check whether zone->db is a valid pointer before attaching
The zone_resigninc() function does not check the validity of
'zone->db', which can crash named if the zone was unloaded earlier,
for example with "rndc delete".

Check that 'zone->db' is not 'NULL' before attaching to it, like
it is done in zone_sign() and zone_nsec3chain() functions, which
can similarly be called by zone maintenance.
2023-05-12 13:37:27 +00:00