67 lines
2.2 KiB
Diff
67 lines
2.2 KiB
Diff
From 103b09187466b2afbff7e204d166d21e2fbb057c Mon Sep 17 00:00:00 2001
|
|
From: Petr Mensik <pemensik@redhat.com>
|
|
Date: Wed, 21 Feb 2024 11:54:27 +0100
|
|
Subject: [PATCH] Downstream specific changes related to KeyTrap
|
|
|
|
Fix for CVE-2023-50387 introduced new additional thread. But because
|
|
isc_hp functions were removed from later bind 9.16 release, their
|
|
changes did not contain increase of hazard pointers max thread limit.
|
|
To prevent obscure memory corruption increase thread max size.
|
|
|
|
In addition place at least few INSISTs to check this is catched before
|
|
random memory overwrites begins. It would be quite difficult to track
|
|
without any check.
|
|
---
|
|
lib/isc/hp.c | 3 +++
|
|
lib/isc/managers.c | 5 +++--
|
|
2 files changed, 6 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/lib/isc/hp.c b/lib/isc/hp.c
|
|
index 92d160b..5f9bbf7 100644
|
|
--- a/lib/isc/hp.c
|
|
+++ b/lib/isc/hp.c
|
|
@@ -138,6 +138,7 @@ isc_hp_destroy(isc_hp_t *hp) {
|
|
|
|
void
|
|
isc_hp_clear(isc_hp_t *hp) {
|
|
+ INSIST(tid() < isc__hp_max_threads);
|
|
for (int i = 0; i < hp->max_hps; i++) {
|
|
atomic_store_release(&hp->hp[tid()][i], 0);
|
|
}
|
|
@@ -152,6 +153,7 @@ uintptr_t
|
|
isc_hp_protect(isc_hp_t *hp, int ihp, atomic_uintptr_t *atom) {
|
|
uintptr_t n = 0;
|
|
uintptr_t ret;
|
|
+ INSIST(tid() < isc__hp_max_threads);
|
|
while ((ret = atomic_load(atom)) != n) {
|
|
atomic_store(&hp->hp[tid()][ihp], ret);
|
|
n = ret;
|
|
@@ -173,6 +175,7 @@ isc_hp_protect_release(isc_hp_t *hp, int ihp, atomic_uintptr_t ptr) {
|
|
|
|
void
|
|
isc_hp_retire(isc_hp_t *hp, uintptr_t ptr) {
|
|
+ INSIST(tid() < isc__hp_max_threads);
|
|
hp->rl[tid()]->list[hp->rl[tid()]->size++] = ptr;
|
|
INSIST(hp->rl[tid()]->size < isc__hp_max_retired);
|
|
|
|
diff --git a/lib/isc/managers.c b/lib/isc/managers.c
|
|
index c39a650..3bdca99 100644
|
|
--- a/lib/isc/managers.c
|
|
+++ b/lib/isc/managers.c
|
|
@@ -25,9 +25,10 @@ isc_managers_create(isc_mem_t *mctx, size_t workers, size_t quantum,
|
|
|
|
/*
|
|
* We have ncpus network threads, ncpus old network threads - make
|
|
- * it 4x just to be on the safe side.
|
|
+ * it 4x just to be on the safe side. One additional for slow netmgr
|
|
+ * thread.
|
|
*/
|
|
- isc_hp_init(4 * workers);
|
|
+ isc_hp_init(5 * workers);
|
|
|
|
REQUIRE(netmgrp != NULL && *netmgrp == NULL);
|
|
isc__netmgr_create(mctx, workers, &netmgr);
|
|
--
|
|
2.43.2
|
|
|