Witold Kręcicki [Mon, 10 Feb 2020 13:00:36 +0000 (14:00 +0100)]
Don't limit the size of uvreq/nmhandle pool artificially.
There was a hard limit set on number of uvreq and nmhandles
that can be allocated by a pool, but we don't handle a situation
where we can't get an uvreq. Don't limit the number at all,
let the OS deal with it.
Ondřej Surý [Sat, 1 Feb 2020 09:48:20 +0000 (10:48 +0100)]
Convert all atomic operations in isc_rwlock to release-acquire memory ordering
The memory ordering in the rwlock was all wrong, I am copying excerpts
from the https://en.cppreference.com/w/c/atomic/memory_order#Relaxed_ordering
for the convenience of the reader:
Relaxed ordering
Atomic operations tagged memory_order_relaxed are not synchronization
operations; they do not impose an order among concurrent memory
accesses. They only guarantee atomicity and modification order
consistency.
Release-Acquire ordering
If an atomic store in thread A is tagged memory_order_release and an
atomic load in thread B from the same variable is tagged
memory_order_acquire, all memory writes (non-atomic and relaxed atomic)
that happened-before the atomic store from the point of view of thread
A, become visible side-effects in thread B. That is, once the atomic
load is completed, thread B is guaranteed to see everything thread A
wrote to memory.
The synchronization is established only between the threads releasing
and acquiring the same atomic variable. Other threads can see different
order of memory accesses than either or both of the synchronized
threads.
Which basically means that we had no or weak synchronization between
threads using the same variables in the rwlock structure. There should
not be a significant performance drop because the critical sections were
already protected by:
while(1) {
if (relaxed_atomic_operation) {
break;
}
LOCK(lock);
if (!relaxed_atomic_operation) {
WAIT(sem, lock);
}
UNLOCK(lock)l
}
I would add one more thing to "Don't do your own crypto, folks.":
Ondřej Surý [Wed, 22 Jan 2020 09:16:22 +0000 (10:16 +0100)]
Cleanup support for specifying PKCS#11 engine as part of the label
The code for specifying OpenSSL PKCS#11 engine as part of the label
(e.g. -l "pkcs11:token=..." instead of -E pkcs11 -l "token=...")
was non-functional. This commit just cleans the related code.
Ondřej Surý [Sat, 8 Feb 2020 12:37:54 +0000 (04:37 -0800)]
Clear the pointer to destroyed object early using the semantic patch
Also disable the semantic patch as the code needs tweaks here and there because
some destroy functions might not destroy the object and return early if the
object is still in use.
Ondřej Surý [Sat, 8 Feb 2020 12:31:51 +0000 (04:31 -0800)]
Add semantic patch to NULL the destroyed pointer early
Our destroy functions usually look like this:
void
foo_destroy(foo_t **foop) {
foo_t foo = *foop;
...destroy the contents of foo...
*foop = NULL;
}
nulling the pointer should be done as soon as possible which is
not always the case. This commit adds simple semantic patch that
changes the example function to:
void
foo_destroy(foo_t **foop) {
foo_t foo = *foop;
*foop = NULL;
...destroy the contents of foo...
}
Michał Kępień [Thu, 6 Feb 2020 12:36:32 +0000 (13:36 +0100)]
Fix the "pipelined" system test on OpenBSD
On OpenBSD, the bin/tests/system/pipelined/ans5/ans.py script does not
shut down when it is sent the SIGTERM signal. What seems to be
happening is that starting the UDP listening thread somehow makes the
accept() calls in the script's main thread uninterruptible and thus the
SIGTERM signal sent to the main thread does not get processed until a
TCP connection is established with the script's TCP socket. Work around
the issue by setting a timeout for operations performed on the script's
TCP socket, so that each accept() call in the main thread's infinite
loop returns after at most 1 second, allowing termination signals sent
to the script to be processed.
The key-directory keyword actually does nothing right now but may
be useful in the future if we want to differentiate between key
directories or HSM keys, or if we want to speficy different
directories for different keys or policies. Make it optional for
the time being.
Witold Kręcicki [Tue, 28 Jan 2020 07:46:52 +0000 (08:46 +0100)]
Disable OpenSSL siphash.
Creation of EVP_MD_CTX and EVP_PKEY is quite expensive, until
we fix the code to reuse the context and key we'll use our own
implementation of siphash.
CID 1452691 (#1 of 1): Unchecked return value (CHECKED_RETURN)
5. check_return: Calling dns_db_find without checking return
value (as is done elsewhere 39 out of 45 times).
Add checks to the kasp system test to verify CDNSKEY publication.
This test is not entirely complete, because when there is a CDNSKEY
available but there should not be one for KEY N, it is hard to tell
whether the existing CDNSKEY actually belongs to KEY N or another
key.
The check works if we expect a CDNSKEY although we cannot guarantee
that the CDNSKEY is correct: The test verifies existence, not
correctness of the record.
When you do a restart or reconfig of named, or rndc loadkeys, this
triggers the key manager to run. The key manager will check if new
keys need to be created. If there is an active key, and key rollover
is scheduled far enough away, no new key needs to be created.
However, there was a bug that when you just start to sign your zone,
it takes a while before the KSK becomes an active key. An active KSK
has its DS submitted or published, but before the key manager allows
that, the DNSKEY needs to be omnipresent. If you restart named
or rndc loadkeys in quick succession when you just started to sign
your zone, new keys will be created because the KSK is not yet
considered active.
Fix is to check for introducing as well as active keys. These keys
all have in common that their goal is to become omnipresent.
Michal Nowak [Wed, 5 Feb 2020 10:03:09 +0000 (10:03 +0000)]
Windows: Prevent tools from clashing with named in system tests
In system tests on Windows tool's local port can sometimes clash with
'named'. On Unix the system is poked for the minimal local port,
otherwise is set to 32768 as a sane minimum. For Windows we don't
poke but set a hardcoded limit; this change aligns the limit with
Unix and changes it to 32768.
Mark Andrews [Wed, 5 Feb 2020 05:53:43 +0000 (16:53 +1100)]
'dispatch' must be non NULL, remove test.
10067 cleanup:
CID 1452683 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking dispatch suggests that it
may be null, but it has already been dereferenced on all
paths leading to the check.
10068 if (dispatch != NULL)
10069 isc_mem_put(server->mctx, dispatch, sizeof(*dispatch));
Mark Andrews [Wed, 5 Feb 2020 05:51:01 +0000 (16:51 +1100)]
'dctx' must be non NULL, remove test.
1549 cleanup:
1550 if (dctx->dbiter != NULL)
1551 dns_dbiterator_destroy(&dctx->dbiter);
1552 if (dctx->db != NULL)
1553 dns_db_detach(&dctx->db);
CID 1452686 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking dctx suggests that it may
be null, but it has already been dereferenced on all paths
leading to the check.
1554 if (dctx != NULL)
1555 isc_mem_put(mctx, dctx, sizeof(*dctx));
Mark Andrews [Wed, 5 Feb 2020 05:49:09 +0000 (16:49 +1100)]
'dir_list' must be non NULL, remove test.
707 complete_allnds:
CID 1452689 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking dir_list suggests that it
may be null, but it has already been dereferenced on all
paths leading to the check.
708 if (dir_list != NULL) {
709 /* clean up entries from list. */
Mark Andrews [Wed, 5 Feb 2020 05:45:59 +0000 (16:45 +1100)]
'lcfg' must be non NULL, remove test.
389 else
CID 1452695 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking lcfg suggests that it may
be null, but it has already been dereferenced on all paths
leading to the check.
390 if (lcfg != NULL)
391 isc_logconfig_destroy(&lcfg);
Mark Andrews [Wed, 5 Feb 2020 05:43:12 +0000 (16:43 +1100)]
's' must be non NULL, remove test.
122 cleanup:
CID 1452696 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking s suggests that it may be
null, but it has already been dereferenced on all paths
leading to the check.
Mark Andrews [Wed, 5 Feb 2020 05:41:03 +0000 (16:41 +1100)]
'tql' must be non NULL, remove test.
255 flag_fail:
256 /* get rid of what was build of the query list */
CID 1452697 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking tql suggests that it may
be null, but it has already been dereferenced on all paths
leading to the check.
257 if (tql != NULL)
258 destroy_querylist(mctx, &tql);
CID 1452700 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking closest suggests that it
may be null, but it has already been dereferenced on all
paths leading to the check.
6415 if (closest != NULL)
6416 free_noqname(mctx, &closest);
CID 1452701 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking tmpPath suggests that it
may be null, but it has already been dereferenced on all
paths leading to the check.
Mark Andrews [Wed, 5 Feb 2020 05:28:56 +0000 (16:28 +1100)]
'stub' cannot be non NULL, remove test.
13429 cleanup:
13430 cancel_refresh(zone);
CID 1452702 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking stub suggests that it may
be null, but it has already been dereferenced on all paths
leading to the check.
CID 1452704 (#1 of 1): Dereference before null check
(REVERSE_INULL) check_after_deref: Null-checking noqname
suggests that it may be null, but it has already been
dereferenced on all paths leading to the check.
6370 if (noqname != NULL)
6371 free_noqname(mctx, &noqname);
Mark Andrews [Wed, 5 Feb 2020 05:15:35 +0000 (16:15 +1100)]
'dctx' must be non NULL, remove test.
11030 cleanup:
CID 1452705 (#1 of 1): Dereference before null check
(REVERSE_INULL) check_after_deref: Null-checking dctx
suggests that it may be null, but it has already been
dereferenced on all paths leading to the check.
11031 if (dctx != NULL)
11032 dumpcontext_destroy(dctx);
11033 return (result);
Mark Andrews [Wed, 5 Feb 2020 05:11:11 +0000 (16:11 +1100)]
'event' must be non NULL, remove test.
1401 }
CID 1453455 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking event suggests that it may be null,
but it has already been dereferenced on all paths leading to the check.
1402 if (event != NULL)
1403 isc_event_free(ISC_EVENT_PTR(&event));
Mark Andrews [Wed, 5 Feb 2020 04:41:26 +0000 (15:41 +1100)]
'buffer' must be non-NULL as isc_buffer_allocate can no longer fail.
1636 cleanup:
CID 1458130 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking buffer suggests that it may be
null, but it has already been dereferenced on all paths leading to
the check.
1637 if (buffer != NULL)
1638 isc_buffer_free(&buffer);
Ondřej Surý [Sat, 1 Feb 2020 16:13:45 +0000 (17:13 +0100)]
Fix comparison between type uint16_t and wider type size_t in a loop
Found by LGTM.com (see below for description), and while it should not
happen as EDNS OPT RDLEN is uint16_t, the fix is easy. A little bit
of cleanup is included too.
> In a loop condition, comparison of a value of a narrow type with a value
> of a wide type may result in unexpected behavior if the wider value is
> sufficiently large (or small). This is because the narrower value may
> overflow. This can lead to an infinite loop.
Matthijs Mekking [Thu, 23 Jan 2020 13:34:43 +0000 (14:34 +0100)]
Increase TTL in serve-stale test
Increase the short lived record TTL and negative SOA TTL to make
this test less vulnerable to timing issues. The drawback is that we
also have to sleep longer in this test.
projects / thirdparty / bind9.git / log
