rpms/bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Increase size of hazard pointer array

Browse Source 
Extends even more change Downstream specific changes related to KeyTrap,
which added safety guards into hazard pointers. Because it seems they
are not still enough. Add fixed base to accomodate common threads like
main app thread and ldap worker threads. Multiply one more, just to be
sure. We do not want to hit maximal limit again.

Resolves: RHEL-39131
This commit is contained in:
Petr Menšík 2024-07-09 16:27:52 +02:00
parent f8826d54eb
commit 1cd66a1c12
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
bind-9.16-isc_hp-additional.patch Normal file
View File

@ -0,0 +1,34 @@
From beeb4527b25c8d48842bbc78f100b716df118699 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Tue, 9 Jul 2024 16:06:02 +0200
Subject: [PATCH] Increase even further hazard pointers after KeyTrap
Extends even more change Downstream specific changes related to KeyTrap,
which added safety guards into hazard pointers. Because it seems they
are not still enough. Add fixed base to accomodate common threads like
main app thread and ldap worker threads. Multiply one more, just to be
sure. We do not want to hit maximal limit again.
---
lib/isc/managers.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/isc/managers.c b/lib/isc/managers.c
index 3bdca99..fffff78 100644
--- a/lib/isc/managers.c
+++ b/lib/isc/managers.c
@@ -26,9 +26,10 @@ isc_managers_create(isc_mem_t *mctx, size_t workers, size_t quantum,
/*
* We have ncpus network threads, ncpus old network threads - make
* it 4x just to be on the safe side. One additional for slow netmgr
- * thread.
+ * thread. One extra to be safe. Add base for main application thread
+ * or bind-dyndb-ldap worker threads.
*/
- isc_hp_init(5 * workers);
+ isc_hp_init(6 + 6 * workers);
REQUIRE(netmgrp != NULL && *netmgrp == NULL);
isc__netmgr_create(mctx, workers, &netmgr);
--
2.45.2

7
bind.spec
View File

@ -51,7 +51,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind Name: bind
License: MPLv2.0 License: MPLv2.0
Version: 9.16.23 Version: 9.16.23
Release: 20%{?dist} Release: 21%{?dist}
Epoch: 32 Epoch: 32
Url: https://www.isc.org/downloads/bind/ Url: https://www.isc.org/downloads/bind/
# #
@ -152,6 +152,7 @@ Patch202: bind-9.16-isc-mempool-attach.patch
Patch203: bind-9.16-isc_hp-CVE-2023-50387.patch Patch203: bind-9.16-isc_hp-CVE-2023-50387.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/1237d73cd1120b146ee699bbae7b2fe837cf2f98 # https://gitlab.isc.org/isc-projects/bind9/commit/1237d73cd1120b146ee699bbae7b2fe837cf2f98
Patch204: bind-9.16-CVE-2023-6516-test.patch Patch204: bind-9.16-CVE-2023-6516-test.patch
Patch205: bind-9.16-isc_hp-additional.patch
%{?systemd_ordering} %{?systemd_ordering}
Requires: coreutils Requires: coreutils
@ -488,6 +489,7 @@ in HTML and PDF format.
%patch202 -p1 -b .mempool-attach %patch202 -p1 -b .mempool-attach
%patch203 -p1 -b .isc_hp-CVE-2023-50387 %patch203 -p1 -b .isc_hp-CVE-2023-50387
%patch204 -p1 -b .CVE-2023-6516-test %patch204 -p1 -b .CVE-2023-6516-test
%patch205 -p1 -b .RHEL-39131
%if %{with PKCS11} %if %{with PKCS11}
%patch135 -p1 -b .config-pkcs11 %patch135 -p1 -b .config-pkcs11
@ -1216,6 +1218,9 @@ fi;
%endif %endif
%changelog %changelog
* Tue Jul 09 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-21
- Increase size of hazard pointer array (RHEL-39131)
* Tue May 28 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-20 * Tue May 28 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-20
- Ensure bind CVE fixes hits public Stream repository - Ensure bind CVE fixes hits public Stream repository