From: Ondřej Surý <ondrej@isc.org>
Date: Wed, 2 Apr 2025 14:31:54 +0000 (+0200)
Subject: Add static ede context into each validator layer
X-Git-Tag: v9.21.7~3^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d7593196a19497814efbe5d19dcb82adc243bd18;p=thirdparty%2Fbind9.git

Add static ede context into each validator layer

Instead of passing the edectx from the fetchctx into all subvalidators,
make the ede context ownership explict for dns_resolver_createfetch()
callers, and copy the ede result codes from the children validators to
the parent when finishing the validation process.
---

diff --git a/lib/dns/include/dns/validator.h b/lib/dns/include/dns/validator.h
index 51440b3caba..00d56d68666 100644
--- a/lib/dns/include/dns/validator.h
+++ b/lib/dns/include/dns/validator.h
@@ -156,7 +156,9 @@ struct dns_validator {
 	isc_counter_t *qc;
 	isc_counter_t *gqc;
 
-	dns_edectx_t *edectx;
+	dns_edectx_t edectx;
+
+	dns_edectx_t *cb_edectx;
 };
 
 /*%
diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index f103d8368be..1d1b69cccfb 100644
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -243,6 +243,8 @@ validator_done(dns_validator_t *val, isc_result_t result) {
 	val->attributes |= VALATTR_COMPLETE;
 	val->result = result;
 
+	dns_ede_copy(val->cb_edectx, &val->edectx);
+
 	isc_async_run(val->loop, val->cb, val);
 }
 
@@ -951,7 +953,7 @@ create_fetch(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
 	result = dns_resolver_createfetch(
 		val->view->resolver, name, type, NULL, NULL, NULL, NULL, 0,
 		fopts, 0, val->qc, val->gqc, val->loop, callback, val,
-		val->edectx, &val->frdataset, &val->fsigrdataset, &val->fetch);
+		&val->edectx, &val->frdataset, &val->fsigrdataset, &val->fetch);
 	if (result != ISC_R_SUCCESS) {
 		dns_validator_detach(&val);
 	}
@@ -988,7 +990,7 @@ create_validator(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
 	result = dns_validator_create(
 		val->view, name, type, rdataset, sig, NULL, vopts, val->loop,
 		cb, val, val->nvalidations, val->nfails, val->qc, val->gqc,
-		val->edectx, &val->subvalidator);
+		&val->edectx, &val->subvalidator);
 	if (result == ISC_R_SUCCESS) {
 		dns_validator_attach(val, &val->subvalidator->parent);
 		val->subvalidator->depth = val->depth + 1;
@@ -3391,6 +3393,7 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
 	REQUIRE(rdataset != NULL ||
 		(rdataset == NULL && sigrdataset == NULL && message != NULL));
 	REQUIRE(validatorp != NULL && *validatorp == NULL);
+	REQUIRE(edectx != NULL);
 
 	result = dns_view_getsecroots(view, &kt);
 	if (result != ISC_R_SUCCESS) {
@@ -3412,9 +3415,11 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
 		.cb = cb,
 		.arg = arg,
 		.rdata = DNS_RDATA_INIT,
-		.edectx = edectx,
+		.cb_edectx = edectx,
 	};
 
+	dns_ede_init(view->mctx, &val->edectx);
+
 	isc_refcount_init(&val->references, 1);
 	dns_view_attach(view, &val->view);
 	if (message != NULL) {
@@ -3534,6 +3539,8 @@ destroy_validator(dns_validator_t *val) {
 		isc_counter_detach(&val->gqc);
 	}
 
+	dns_ede_invalidate(&val->edectx);
+
 	dns_view_detach(&val->view);
 	isc_loop_detach(&val->loop);
 
@@ -3654,7 +3661,7 @@ validator_addede(dns_validator_t *val, uint16_t code, const char *extra) {
 	dns_rdatatype_totext(val->type, &b);
 	isc_buffer_putuint8(&b, '\0');
 
-	dns_ede_add(val->edectx, code, bdata);
+	dns_ede_add(&val->edectx, code, bdata);
 }
 
 static void