From 43f4de9bf31f591bdf5bf9acd4f68c2978cd2800 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 19 Dec 2019 19:20:36 +0100 Subject: [PATCH] Include more Thread Sanitizer changes Fix as much race conditions as possible. --- bind-9.11-rh1736762-6.patch | 159 ++++++++++++++++++++++++++++++++++++ bind-9.11-rh1736762-7.patch | 77 +++++++++++++++++ bind-9.11-rh1736762-8.patch | 38 +++++++++ bind.spec | 11 ++- 4 files changed, 284 insertions(+), 1 deletion(-) create mode 100644 bind-9.11-rh1736762-6.patch create mode 100644 bind-9.11-rh1736762-7.patch create mode 100644 bind-9.11-rh1736762-8.patch diff --git a/bind-9.11-rh1736762-6.patch b/bind-9.11-rh1736762-6.patch new file mode 100644 index 0000000..abc36f0 --- /dev/null +++ b/bind-9.11-rh1736762-6.patch @@ -0,0 +1,159 @@ +From 638561615c37e8eace986e268811335c12d1b6a1 Mon Sep 17 00:00:00 2001 +From: Mark Andrews +Date: Thu, 12 Dec 2019 20:41:44 +1100 +Subject: [PATCH] give zspill its own lock + +(cherry picked from commit a52189e8e67a20097539fe3e6f7da4e4c01dc340) +--- + lib/dns/resolver.c | 45 +++++++++++++++++++++++++++++---------------- + 1 file changed, 29 insertions(+), 16 deletions(-) + +diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c +index 9f65c0596a..04367f82c6 100644 +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -460,20 +460,21 @@ struct dns_resolver { + isc_mutex_t lock; + isc_mutex_t nlock; + isc_mutex_t primelock; ++ isc_mutex_t zspill_lock; + dns_rdataclass_t rdclass; + isc_socketmgr_t * socketmgr; + isc_timermgr_t * timermgr; + isc_taskmgr_t * taskmgr; + dns_view_t * view; +- bool frozen; ++ bool frozen; + unsigned int options; + dns_dispatchmgr_t * dispatchmgr; + dns_dispatchset_t * dispatches4; +- bool exclusivev4; ++ bool exclusivev4; + dns_dispatchset_t * dispatches6; + isc_dscp_t querydscp4; + isc_dscp_t querydscp6; +- bool exclusivev6; ++ bool exclusivev6; + unsigned int nbuckets; + fctxbucket_t * buckets; + zonebucket_t * dbuckets; +@@ -492,7 +493,7 @@ struct dns_resolver { + unsigned int spillatmax; + unsigned int spillatmin; + isc_timer_t * spillattimer; +- bool zero_no_soa_ttl; ++ bool zero_no_soa_ttl; + unsigned int query_timeout; + unsigned int maxdepth; + unsigned int maxqueries; +@@ -502,14 +503,16 @@ struct dns_resolver { + unsigned int retryinterval; /* in milliseconds */ + unsigned int nonbackofftries; + ++ /* Locked by lock. */ ++ unsigned int zspill; /* fetches-per-zone */ ++ + /* Locked by lock. */ + unsigned int references; +- bool exiting; ++ bool exiting; + isc_eventlist_t whenshutdown; + unsigned int activebuckets; +- bool priming; ++ bool priming; + unsigned int spillat; /* clients-per-query */ +- unsigned int zspill; /* fetches-per-zone */ + + dns_badcache_t * badcache; /* Bad cache. */ + +@@ -1257,7 +1260,7 @@ fcount_incr(fetchctx_t *fctx, bool force) { + isc_result_t result = ISC_R_SUCCESS; + zonebucket_t *dbucket; + fctxcount_t *counter; +- unsigned int bucketnum, spill; ++ unsigned int bucketnum; + + REQUIRE(fctx != NULL); + REQUIRE(fctx->res != NULL); +@@ -1266,10 +1269,6 @@ fcount_incr(fetchctx_t *fctx, bool force) { + bucketnum = dns_name_fullhash(&fctx->domain, false) + % RES_DOMAIN_BUCKETS; + +- LOCK(&fctx->res->lock); +- spill = fctx->res->zspill; +- UNLOCK(&fctx->res->lock); +- + dbucket = &fctx->res->dbuckets[bucketnum]; + + LOCK(&dbucket->lock); +@@ -1297,6 +1296,12 @@ fcount_incr(fetchctx_t *fctx, bool force) { + ISC_LIST_APPEND(dbucket->list, counter, link); + } + } else { ++ unsigned int spill; ++ ++ LOCK(&fctx->res->zspill_lock); ++ spill = fctx->res->zspill; ++ UNLOCK(&fctx->res->zspill_lock); ++ + if (!force && spill != 0 && counter->count >= spill) { + counter->dropped++; + fcount_logspill(fctx, counter); +@@ -8811,6 +8816,7 @@ destroy(dns_resolver_t *res) { + + INSIST(res->nfctx == 0); + ++ DESTROYLOCK(&res->zspill_lock); + DESTROYLOCK(&res->primelock); + DESTROYLOCK(&res->nlock); + DESTROYLOCK(&res->lock); +@@ -9089,10 +9095,14 @@ dns_resolver_create(dns_view_t *view, + if (result != ISC_R_SUCCESS) + goto cleanup_nlock; + ++ result = isc_mutex_init(&res->zspill_lock); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup_primelock; ++ + task = NULL; + result = isc_task_create(taskmgr, 0, &task); + if (result != ISC_R_SUCCESS) +- goto cleanup_primelock; ++ goto cleanup_zspill_lock; + isc_task_setname(task, "resolver_task", NULL); + + result = isc_timer_create(timermgr, isc_timertype_inactive, NULL, NULL, +@@ -9100,7 +9110,7 @@ dns_resolver_create(dns_view_t *view, + &res->spillattimer); + isc_task_detach(&task); + if (result != ISC_R_SUCCESS) +- goto cleanup_primelock; ++ goto cleanup_zspill_lock; + + #if USE_ALGLOCK + result = isc_rwlock_init(&res->alglock, 0, 0); +@@ -9133,6 +9143,9 @@ dns_resolver_create(dns_view_t *view, + isc_timer_detach(&res->spillattimer); + #endif + ++ cleanup_zspill_lock: ++ DESTROYLOCK(&res->zspill_lock); ++ + cleanup_primelock: + DESTROYLOCK(&res->primelock); + +@@ -10275,9 +10288,9 @@ dns_resolver_setfetchesperzone(dns_resolver_t *resolver, uint32_t clients) + { + REQUIRE(VALID_RESOLVER(resolver)); + +- LOCK(&resolver->lock); ++ LOCK(&resolver->zspill_lock); + resolver->zspill = clients; +- UNLOCK(&resolver->lock); ++ UNLOCK(&resolver->zspill_lock); + } + + +-- +2.21.0 + diff --git a/bind-9.11-rh1736762-7.patch b/bind-9.11-rh1736762-7.patch new file mode 100644 index 0000000..38617a2 --- /dev/null +++ b/bind-9.11-rh1736762-7.patch @@ -0,0 +1,77 @@ +From 23a6775f62deeee63e9f7927be387fecf23a8074 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= +Date: Tue, 10 Dec 2019 10:02:09 +0100 +Subject: [PATCH] Ensure all zone_settimer() calls are done on locked zone + +(cherry picked from commit cf48e8eb326f824170f2069e5d5c33992b1783a4) +(cherry picked from commit 3bac7e98074643ff62582545e5840e4195517b07) +--- + lib/dns/zone.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/lib/dns/zone.c b/lib/dns/zone.c +index e8cff77588..db837aae50 100644 +--- a/lib/dns/zone.c ++++ b/lib/dns/zone.c +@@ -10291,7 +10291,9 @@ zone_maintenance(dns_zone_t *zone) { + default: + break; + } ++ LOCK_ZONE(zone); + zone_settimer(zone, &now); ++ UNLOCK_ZONE(zone); + } + + void +@@ -13081,6 +13083,7 @@ zone_settimer(dns_zone_t *zone, isc_time_t *now) { + isc_result_t result; + + REQUIRE(DNS_ZONE_VALID(zone)); ++ REQUIRE(LOCKED_ZONE(zone)); + ENTER; + + if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) +@@ -18405,6 +18408,7 @@ zone_rekey(dns_zone_t *zone) { + UNLOCK_ZONE(zone); + } + ++ LOCK_ZONE(zone); + isc_time_settoepoch(&zone->refreshkeytime); + + /* +@@ -18416,11 +18420,9 @@ zone_rekey(dns_zone_t *zone) { + isc_time_t timethen; + isc_stdtime_t then; + +- LOCK_ZONE(zone); + DNS_ZONE_TIME_ADD(&timenow, zone->refreshkeyinterval, + &timethen); + zone->refreshkeytime = timethen; +- UNLOCK_ZONE(zone); + + for (key = ISC_LIST_HEAD(dnskeys); + key != NULL; +@@ -18431,12 +18433,10 @@ zone_rekey(dns_zone_t *zone) { + continue; + + DNS_ZONE_TIME_ADD(&timenow, then - now, &timethen); +- LOCK_ZONE(zone); + if (isc_time_compare(&timethen, + &zone->refreshkeytime) < 0) { + zone->refreshkeytime = timethen; + } +- UNLOCK_ZONE(zone); + } + + zone_settimer(zone, &timenow); +@@ -18444,6 +18444,7 @@ zone_rekey(dns_zone_t *zone) { + isc_time_formattimestamp(&zone->refreshkeytime, timebuf, 80); + dns_zone_log(zone, ISC_LOG_INFO, "next key event: %s", timebuf); + } ++ UNLOCK_ZONE(zone); + + done: + dns_diff_clear(&diff); +-- +2.21.0 + diff --git a/bind-9.11-rh1736762-8.patch b/bind-9.11-rh1736762-8.patch new file mode 100644 index 0000000..f04a98a --- /dev/null +++ b/bind-9.11-rh1736762-8.patch @@ -0,0 +1,38 @@ +From 7e844b093b0442bdc5cdc5aefd56fdc05f9be88f Mon Sep 17 00:00:00 2001 +From: Mark Andrews +Date: Thu, 12 Dec 2019 19:17:39 +1100 +Subject: [PATCH] acquire task lock before calling push_readyq for task->flags + access + +(cherry picked from commit 7c94d2cd7dfaa3f04cd86ad9ed97e8366a774a4c) +--- + lib/isc/task.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/isc/task.c b/lib/isc/task.c +index 329604a465..f9c4354bd2 100644 +--- a/lib/isc/task.c ++++ b/lib/isc/task.c +@@ -473,7 +473,9 @@ task_ready(isc__task_t *task) { + XTRACE("task_ready"); + + LOCK(&manager->lock); ++ LOCK(&task->lock); + push_readyq(manager, task); ++ UNLOCK(&task->lock); + #ifdef USE_WORKER_THREADS + if (manager->mode == isc_taskmgrmode_normal || has_privilege) + SIGNAL(&manager->work_available); +@@ -1263,7 +1265,9 @@ dispatch(isc__taskmgr_t *manager) { + * might even hurt rather than help. + */ + #ifdef USE_WORKER_THREADS ++ LOCK(&task->lock); + push_readyq(manager, task); ++ UNLOCK(&task->lock); + #else + ENQUEUE(new_ready_tasks, task, ready_link); + if ((task->flags & TASK_F_PRIVILEGED) != 0) +-- +2.21.0 + diff --git a/bind.spec b/bind.spec index a88c81a..23cf476 100644 --- a/bind.spec +++ b/bind.spec @@ -64,7 +64,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.11.14 -Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Release: 2%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -165,6 +165,9 @@ Patch177: bind-9.11-serve-stale.patch Patch178: bind-9.11-serve-stale-dbfix.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1736762 Patch183: bind-9.11-rh1736762-5.patch +Patch184: bind-9.11-rh1736762-6.patch +Patch185: bind-9.11-rh1736762-7.patch +Patch186: bind-9.11-rh1736762-8.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -571,6 +574,9 @@ are used for building ISC DHCP. %patch177 -p1 -b .serve-stale %patch178 -p1 -b .rh1770492 %patch183 -p1 -b .rh1736762-5 +%patch184 -p1 -b .rh1736762-6 +%patch185 -p1 -b .rh1736762-7 +%patch186 -p1 -b .rh1736762-8 mkdir lib/dns/tests/testdata/dstrandom cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data @@ -1607,6 +1613,9 @@ fi; %changelog +* Thu Dec 19 2019 Petr Menšík - 32:9.11.14-2 +- Include more Thread Sanitizer detected changes (#1736762) + * Thu Dec 19 2019 Petr Menšík - 32:9.11.14-1 - Update to 9.11.14