From: Alessio Podda Date: Mon, 6 Jul 2026 08:15:13 +0000 (+0200) Subject: Do not attach authdb X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=617deb5aabde800bb71c992fbe2ce572a7fd152d;p=thirdparty%2Fbind9.git Do not attach authdb The authdb variable is used either to check that, on restarts, we do not cross to a different zone unless recursion is enabled, and to lookup the zone version when filling the additional section. Neither use requires the pointer to be attached, and attaching the pointer causes scalability issues. This commit solves the problem by turning the pointer into an integer id. --- diff --git a/lib/ns/client.c b/lib/ns/client.c index a767c351525..4c5a701db7d 100644 --- a/lib/ns/client.c +++ b/lib/ns/client.c @@ -3166,6 +3166,17 @@ client_getdbversion(ns_client_t *client) { return dbversion; } +ns_dbversion_t * +ns_client_findversionid(ns_client_t *client, uintptr_t dbid) { + ISC_LIST_FOREACH(client->query.activeversions, dbversion, link) { + if ((uintptr_t)dbversion->db == dbid) { + return dbversion; + } + } + + return NULL; +} + ns_dbversion_t * ns_client_findversion(ns_client_t *client, dns_db_t *db) { ISC_LIST_FOREACH(client->query.activeversions, dbversion, link) { diff --git a/lib/ns/include/ns/client.h b/lib/ns/include/ns/client.h index 3cf87e90b05..c0bb2533b6e 100644 --- a/lib/ns/include/ns/client.h +++ b/lib/ns/include/ns/client.h @@ -57,6 +57,7 @@ #include #include +#include #include #include @@ -562,6 +563,13 @@ ns_client_findversion(ns_client_t *client, dns_db_t *db); * allocated by ns_client_newdbversion(). */ +ns_dbversion_t * +ns_client_findversionid(ns_client_t *client, uintptr_t dbid); +/*%< + * Find the active database version matching database identity 'dbid', + * without allocating a new database version if none is found. + */ + ISC_REFCOUNT_DECL(ns_clientmgr); void diff --git a/lib/ns/include/ns/query.h b/lib/ns/include/ns/query.h index 44d0566fbc3..c6eb341391c 100644 --- a/lib/ns/include/ns/query.h +++ b/lib/ns/include/ns/query.h @@ -16,6 +16,7 @@ /*! \file */ #include +#include #include #include @@ -127,20 +128,20 @@ struct ns_query { }; }; - unsigned int restarts; - isc_counter_t *qc; - bool timerset; - dns_name_t *qname; - dns_name_t *origqname; - dns_rdatatype_t qtype; - unsigned int dboptions; - unsigned int fetchoptions; - dns_db_t *gluedb; - dns_db_t *authdb; - dns_zone_t *authzone; - bool authdbset; - bool isreferral; - isc_mutex_t fetchlock; + unsigned int restarts; + isc_counter_t *qc; + bool timerset; + dns_name_t *qname; + dns_name_t *origqname; + dns_rdatatype_t qtype; + unsigned int dboptions; + unsigned int fetchoptions; + dns_db_t *gluedb; + uintptr_t authdb; /* Database identity; not an attached reference. */ + dns_zone_t *authzone; + bool authdbset; + bool isreferral; + isc_mutex_t fetchlock; ns_hookasync_t *hookasyncctx; dns_rpz_st_t *rpz_st; isc_bufferlist_t namebufs; diff --git a/lib/ns/query.c b/lib/ns/query.c index d2cd2347326..9e675084dc5 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -754,9 +754,6 @@ query_reset(ns_client_t *client, bool everything) { } ISC_LIST_INIT(client->query.activeversions); - if (client->query.authdb != NULL) { - dns_db_detach(&client->query.authdb); - } if (client->query.authzone != NULL) { dns_zone_detach(&client->query.authzone); } @@ -824,6 +821,7 @@ query_reset(ns_client_t *client, bool everything) { client->query.dboptions = 0; client->query.fetchoptions = 0; client->query.gluedb = NULL; + client->query.authdb = 0; client->query.authdbset = false; client->query.isreferral = false; client->query.dns64_options = 0; @@ -1012,7 +1010,7 @@ query_validatezonedb(ns_client_t *client, const dns_name_t *name, */ if (client->query.rpz_st == NULL && !(client->query.wantrecursion && client->query.recursionok) && - client->query.authdbset && db != client->query.authdb) + client->query.authdbset && (uintptr_t)db != client->query.authdb) { return DNS_R_REFUSED; } @@ -1661,16 +1659,16 @@ query_additionalauth(query_ctx_t *qctx, const dns_name_t *name, * First, look within the same zone database for authoritative * additional data. */ - if (!client->query.authdbset || client->query.authdb == NULL) { + if (!client->query.authdbset || client->query.authdb == 0) { return ISC_R_NOTFOUND; } - dbversion = ns_client_findversion(client, client->query.authdb); + dbversion = ns_client_findversionid(client, client->query.authdb); if (dbversion == NULL) { return ISC_R_NOTFOUND; } - dns_db_attach(client->query.authdb, &db); + dns_db_attach(dbversion->db, &db); version = dbversion->version; CTRACE(ISC_LOG_DEBUG(3), "query_additionalauth: same zone"); @@ -5327,7 +5325,7 @@ ns__query_start(query_ctx_t *qctx) { dns_zone_gethooktable(qctx->zone); CALL_HOOK(NS_QUERY_AUTHZONE_ATTACHED, qctx); } - dns_db_attach(qctx->db, &qctx->client->query.authdb); + qctx->client->query.authdb = (uintptr_t)qctx->db; } qctx->client->query.authdbset = true;