Fix shutdown races in catzs

The dns__catz_update_cb() does not expect that 'catzs->zones'
can become NULL during shutdown.

Add similar checks in the dns__catz_update_cb() and dns_catz_zone_get()
functions to protect from such a case. Also add an INSIST in the
dns_catz_zone_add() function to explicitly state that such a case
is not expected there, because that function is called only during a
reconfiguration.

(cherry picked from commit 4eb4fa288cfdfed30cd3d930874f73970f1ca5c0)

diff --git a/lib/dns/catz.c b/lib/dns/catz.c
index b18459eef91b72a1edb922b5dfc7e9edf8d2ae90..a8727014ca4323e25a73d735a67fe9db59d58f85 100644 (file)
--- a/lib/dns/catz.c
+++ b/lib/dns/catz.c
@@ -881,6 +881,13 @@ dns_catz_add_zone(dns_catz_zones_t *catzs, const dns_name_t *name,
 
        LOCK(&catzs->lock);
 
+       /*
+        * This function is called only during a (re)configuration, while
+        * 'catzs->zones' can become NULL only during shutdown.
+        */
+       INSIST(catzs->zones != NULL);
+       INSIST(!atomic_load(&catzs->shuttingdown));
+
        result = dns_catz_new_zone(catzs, &catz, name);
        if (result != ISC_R_SUCCESS) {
                goto cleanup;
@@ -919,6 +926,10 @@ dns_catz_get_zone(dns_catz_zones_t *catzs, const dns_name_t *name) {
        REQUIRE(ISC_MAGIC_VALID(name, DNS_NAME_MAGIC));
 
        LOCK(&catzs->lock);
+       if (catzs->zones == NULL) {
+               UNLOCK(&catzs->lock);
+               return (NULL);
+       }
        result = isc_ht_find(catzs->zones, name->ndata, name->length,
                             (void **)&found);
        UNLOCK(&catzs->lock);
@@ -2299,6 +2310,11 @@ dns__catz_update_cb(void *data) {
         */
        dns_name_toregion(&updb->origin, &r);
        LOCK(&catzs->lock);
+       if (catzs->zones == NULL) {
+               UNLOCK(&catzs->lock);
+               result = ISC_R_SHUTTINGDOWN;
+               goto exit;
+       }
        result = isc_ht_find(catzs->zones, r.base, r.length, (void **)&oldcatz);
        is_active = (result == ISC_R_SUCCESS && oldcatz->active);
        UNLOCK(&catzs->lock);

diff --git a/lib/dns/include/dns/catz.h b/lib/dns/include/dns/catz.h
index a2d02d6d32c0d14eebf8a4588e5c74c8466e4a8f..ab5c614e96076a3401cf081be3e7681090ad75fb 100644 (file)
--- a/lib/dns/include/dns/catz.h
+++ b/lib/dns/include/dns/catz.h
@@ -311,7 +311,8 @@ isc_result_t
 dns_catz_add_zone(dns_catz_zones_t *catzs, const dns_name_t *name,
                  dns_catz_zone_t **catzp);
 /*%<
- * Allocate a new catz named 'name' and put it in 'catzs' collection.
+ * Allocate a new catz named 'name' and put it in 'catzs' collection. This
+ * function is safe to call only during a (re)configuration.
  *
  * Requires:
  * \li 'catzs' is a valid dns_catz_zones_t.