From 1cd66a1c12e4a92dcd75741a3c130693a50a61d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Tue, 9 Jul 2024 16:27:52 +0200 Subject: [PATCH] Increase size of hazard pointer array Extends even more change Downstream specific changes related to KeyTrap, which added safety guards into hazard pointers. Because it seems they are not still enough. Add fixed base to accomodate common threads like main app thread and ldap worker threads. Multiply one more, just to be sure. We do not want to hit maximal limit again. Resolves: RHEL-39131 --- bind-9.16-isc_hp-additional.patch | 34 +++++++++++++++++++++++++++++++ bind.spec | 7 ++++++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 bind-9.16-isc_hp-additional.patch diff --git a/bind-9.16-isc_hp-additional.patch b/bind-9.16-isc_hp-additional.patch new file mode 100644 index 0000000..63c633e --- /dev/null +++ b/bind-9.16-isc_hp-additional.patch @@ -0,0 +1,34 @@ +From beeb4527b25c8d48842bbc78f100b716df118699 Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Tue, 9 Jul 2024 16:06:02 +0200 +Subject: [PATCH] Increase even further hazard pointers after KeyTrap + +Extends even more change Downstream specific changes related to KeyTrap, +which added safety guards into hazard pointers. Because it seems they +are not still enough. Add fixed base to accomodate common threads like +main app thread and ldap worker threads. Multiply one more, just to be +sure. We do not want to hit maximal limit again. +--- + lib/isc/managers.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/isc/managers.c b/lib/isc/managers.c +index 3bdca99..fffff78 100644 +--- a/lib/isc/managers.c ++++ b/lib/isc/managers.c +@@ -26,9 +26,10 @@ isc_managers_create(isc_mem_t *mctx, size_t workers, size_t quantum, + /* + * We have ncpus network threads, ncpus old network threads - make + * it 4x just to be on the safe side. One additional for slow netmgr +- * thread. ++ * thread. One extra to be safe. Add base for main application thread ++ * or bind-dyndb-ldap worker threads. + */ +- isc_hp_init(5 * workers); ++ isc_hp_init(6 + 6 * workers); + + REQUIRE(netmgrp != NULL && *netmgrp == NULL); + isc__netmgr_create(mctx, workers, &netmgr); +-- +2.45.2 + diff --git a/bind.spec b/bind.spec index 810b9c8..d2f0500 100644 --- a/bind.spec +++ b/bind.spec @@ -51,7 +51,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.16.23 -Release: 20%{?dist} +Release: 21%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -152,6 +152,7 @@ Patch202: bind-9.16-isc-mempool-attach.patch Patch203: bind-9.16-isc_hp-CVE-2023-50387.patch # https://gitlab.isc.org/isc-projects/bind9/commit/1237d73cd1120b146ee699bbae7b2fe837cf2f98 Patch204: bind-9.16-CVE-2023-6516-test.patch +Patch205: bind-9.16-isc_hp-additional.patch %{?systemd_ordering} Requires: coreutils @@ -488,6 +489,7 @@ in HTML and PDF format. %patch202 -p1 -b .mempool-attach %patch203 -p1 -b .isc_hp-CVE-2023-50387 %patch204 -p1 -b .CVE-2023-6516-test +%patch205 -p1 -b .RHEL-39131 %if %{with PKCS11} %patch135 -p1 -b .config-pkcs11 @@ -1216,6 +1218,9 @@ fi; %endif %changelog +* Tue Jul 09 2024 Petr Menšík - 32:9.16.23-21 +- Increase size of hazard pointer array (RHEL-39131) + * Tue May 28 2024 Petr Menšík - 32:9.16.23-20 - Ensure bind CVE fixes hits public Stream repository