The xmlGetGlobalState allocates per-thread memory that is not properly
cleaned up when the libxml2 is used from offloaded threads. Add the
function the the LeakSanitizer suppression list.
Since we don't have a specialized function for "atomic" allocations,
it's better to just use xmlMemSetup() instead of xmlGcMemSetup()
according to this:
Ondřej Surý [Fri, 3 Mar 2023 15:59:21 +0000 (16:59 +0100)]
Offload the isc_http response processing to worker thread
Prepare the statistics channel data in the offloaded worker thread, so
the networking thread is not blocked by the process gathering data from
various data structures. Only the netmgr send is then run on the
networkin thread when all the data is already there.
Use atomic operations to access the trust byte in ncache data
Protect the access to the trust byte in the ncache data with relaxed
atomic operation to mimick the current behaviour. This will teach
TSAN that the concurrent access is fine.
Mark Andrews [Mon, 15 Jan 2024 00:47:13 +0000 (11:47 +1100)]
Only copy the name data after we know its actual length
This prevents TSAN errors with the ncache code where the trust byte
access needs to be protected by a lock. The old code copied the
entire region before determining where the name ended. We now
determine where the name ends then copy just that data and in doing
so avoid reading the trust byte.
Artem Boldariev [Thu, 28 Mar 2024 14:22:11 +0000 (16:22 +0200)]
dispatch_test: use the NM tests timeouts
This commit makes the dispatch_test use the same timeouts that network
manager tests. We do that because the old values appear to be too
small for our heavy loaded CI machines, leading to spurious failures
on them. The network manager tests are much more stable in this
situation and they use somewhat larger timeout values.
We use a smaller connection timeouts for the tests which are expected
to timeout to not wait for too long.
Mark Andrews [Wed, 3 Apr 2024 23:35:23 +0000 (10:35 +1100)]
Wrong source address used for IPv6 notify messages
The source address field of 'newnotify' was not updated from the
default (0.0.0.0) when the destination address was an IPv6 address.
This resulted in the messages failing to be sent. Set the source
address to :: when the destination address is an IPv6 address.
Aram Sargsyan [Mon, 25 Mar 2024 14:35:20 +0000 (14:35 +0000)]
Rename and fix dns_validator_destroy() to dns_validator_shutdown()
Since the dns_validator_destroy() function doesn't guarantee that
it destroys the validator, rename it to dns_validator_shutdown()
and require explicit dns_validator_detach() to follow.
Enforce the documented function requirement that the validator must
be completed when the function is called.
Make sure to set val->name to NULL when the function is called,
so that the owner of the validator may destroy the name, even if
the validator is not destroyed immediately. This should be safe,
because the name can be used further only for logging by the
offloaded work callbacks when they detect that the validator is
already canceled/complete, and the logging function has a condition
to use the name only when it is non-NULL.
Evan Hunt [Tue, 26 Mar 2024 09:13:53 +0000 (02:13 -0700)]
complete removal of isc_loop_current()
isc_loop() can now take its place.
This also requires changes to the test harness - instead of running the
setup and teardown outside of th main loop, we now schedule the setup
and teardown to run on the loop (via isc_loop_setup() and
isc_loop_teardown()) - this is needed because the new the isc_loop()
call has to be run on the active event loop, but previously the
isc_loop_current() (and the variants like isc_loop_main()) would work
even outside of the loop because it needed just isc_tid() to work, but
not the full loop (which was mainly true for the main thread).
Evan Hunt [Tue, 26 Mar 2024 07:13:45 +0000 (00:13 -0700)]
use a thread-local variable to get the current running loop
if we had a method to get the running loop, similar to how
isc_tid() gets the current thread ID, we can simplify loop
and loopmgr initialization.
remove most uses of isc_loop_current() in favor of isc_loop().
in some places where that was the only reason to pass loopmgr,
remove loopmgr from the function parameters.
update foundname when detecting a zonecut above qname
an assertion could be triggered in the QPDB cache if a DNAME
was found above a queried NS, because the 'foundname' value was
not correctly updated to point to the zone cut.
the same mistake existed in qpzone and has been fixed there as well.
Michał Kępień [Fri, 29 Mar 2024 07:27:49 +0000 (08:27 +0100)]
Restore consistency in YAML anchor names
Commit a4e9ce500a42d596e64c477df66c9bcdd692b06b added "pipelines" to CI
job trigger lists without updating the names of the YAML anchors
containing those lists accordingly. Update YAML anchor names so that
they are consistent with their own contents.
Michał Kępień [Fri, 29 Mar 2024 07:27:49 +0000 (08:27 +0100)]
Do not check CHANGES in pre-release pipelines
Since pre-release testing is usually carried out for branches in which
CHANGES entries are intentionally malformed to prevent entry numbering
conflicts down the road, do not run the "changes" GitLab CI job in
pipelines that are triggered by a parent pipeline (which can currently
only be a pre-release testing pipeline) to prevent triggering job
failures that would be meaningless anyway.
Michał Kępień [Fri, 29 Mar 2024 07:27:49 +0000 (08:27 +0100)]
Extract CHANGES checks to a separate GitLab CI job
Checking the contents of the CHANGES file currently requires invoking
multiple shell scripts. These invocations are conflated with those for
other test scripts in the "misc" GitLab CI job. Extract the commands
checking the contents of the CHANGES file to a separate GitLab CI job,
"changes", to improve readability. Remove similar checks for the
CHANGES.SE file altogether as they are only relevant for BIND -S and
therefore should not be present in an open source branch.
Mark Andrews [Mon, 9 Oct 2023 23:54:16 +0000 (10:54 +1100)]
Checking nxdomain-redirect against built-in RFC-1918 zone
Check that RFC 1918 leak detection does not trigger an assertion
when nxdomain redirection is enabled in the server but not for the
RFC 1918 reverse namespace.
Matthijs Mekking [Tue, 19 Mar 2024 07:48:56 +0000 (08:48 +0100)]
Fix fix_iterator hang
If there are no more previous leaves, it means the queried name
precedes the entire range of names in the database, so we should just
move the iterator one step back and return, instead of continuing our
search for the predecessor.
This is similar to an earlier bug fixed in an earlier commit:
Matthijs Mekking [Tue, 19 Mar 2024 08:45:59 +0000 (09:45 +0100)]
Add a test case for fix_iterator hang
When fixing the iterator, when every leaf on this branch is greater
than the one we wanted we go back to the parent branch and iterate back
to the predecessor from that point.
But if there are no more previous leafs, it means the queried name
precedes the entire range of names in the database, so we would just
move the iterator one step back and continue from there.
This could end in a loop because the queried name precedes the entire
range of names and so none of those names are the predecessor of the
queried name.
Tom Krizek [Mon, 26 Feb 2024 17:08:23 +0000 (18:08 +0100)]
Re-enable enginepkcs11 system test
The condition in prereq.sh which attempts to match two string uses
integer equality operation. This results in an error, causing the
enginepkcs11 test to always be skipped. Use = operator for the string
comparison instead.
Tom Krizek [Thu, 14 Mar 2024 15:18:02 +0000 (16:18 +0100)]
Mark the autosign system test as flaky
The autosign test uses sleep in many cases to wait for something to
happen. This inevitably leads to an instability that manifests in our
CI. Allow an automatic rerun of the test to improve its stability.
Tom Krizek [Fri, 12 Jan 2024 14:03:53 +0000 (15:03 +0100)]
Export variable in resolver system test
Variable assignment when calling subroutines might not be portable.
Notably, it doesn't work with FreeBSD shell, where the value of HOME
would be ignored in this case.
Since the commands are already executed in a subshell, export the HOME
variable to ensure it is properly handled in all shells.
Michał Kępień [Thu, 21 Mar 2024 11:29:21 +0000 (12:29 +0100)]
Add "pipelines" to CI job trigger lists
To enable GitLab CI jobs in other projects to trigger pipelines in the
BIND 9 project using their CI_JOB_TOKEN, add "pipelines" to the relevant
GitLab CI job trigger lists.
Michał Kępień [Thu, 21 Mar 2024 05:47:29 +0000 (06:47 +0100)]
Work around a TSAN issue with newer kernels
The ThreadSanitizer version currently available from Fedora 39
repositories is unable to cope with very high ASLR entropy, which is the
default in some recent Linux distributions [1]. This causes all
TSAN-enabled builds to fail on the affected systems with an error like:
Tom Krizek [Wed, 13 Mar 2024 17:18:42 +0000 (18:18 +0100)]
Move conftest log initialization to conftest.py
Initializing the conftest logging upon importing the isctest package
isn't practical when there are standalone pieces which can be used
outside of the testing framework, such as the asyncdnsserver module.
Michał Kępień [Wed, 20 Mar 2024 08:22:36 +0000 (09:22 +0100)]
Add an async DNS server for use in system tests
Implement a new Python class, AsyncDnsServer, which can be used by
ans.py scripts placed in ansX/ system test subdirectories. This enables
conveniently starting a feature-limited, non-standards-compliant, custom
DNS server instance. It can read and serve zone files, but it is also
able to evaluate any user-provided query-processing logic, allowing
query responses to be changed, delayed, or dropped altogether. These
are all actions commonly taken by custom DNS servers written in Python
that are used in BIND 9 system tests. Having a single "base"
implementation of such a custom DNS server reduces code duplication,
improving test maintainability.
projects / thirdparty / bind9.git / log
