Commit graph

13246 commits

Author SHA1 Message Date
Mark Andrews
d68b009cfe Remove priority from attribute constructor/destructor
On some platforms, the __attribute__ constructor and destructor won't
take priorities and the compilation failed.  On such platform would be
macOS.  For this reason, the constructor/destructor in the libisc was
reworked to not use priorities, but have a single constructor and
destructor that calls the appropriate routines in correct order.

This commit removes the extra priority because it's now not needed and
it also breaks a compilation on macOS with GCC 10.
2021-05-27 08:02:21 +02:00
Mark Andrews
715a2c7fc1 Add missing initialisations
configuring with --enable-mutex-atomics flagged these incorrectly
initialised variables on systems where pthread_mutex_init doesn't
just zero out the structure.
2021-05-26 08:15:08 +00:00
Ondřej Surý
2db5290579 Fix the sizeof() for array holding the pointers to clientmgr
The size of the array holding the pointers to clientmgr was created so
big it could hold the actual clientmgr objects, not just the pointer.
This commit fixes the size to be just the ncpus * sizeof(pointer).
2021-05-26 10:03:52 +02:00
Ondřej Surý
a227562f13 Cleanup the struct isc_nmiface
In previous MR, I forgot to remove the `struct isc_nmiface`, this commit
rectifies that.
2021-05-26 09:55:10 +02:00
Ondřej Surý
50270de8a0 Refactor the interface handling in the netmgr
The isc_nmiface_t type was holding just a single isc_sockaddr_t,
so we got rid of the datatype and use plain isc_sockaddr_t in place
where isc_nmiface_t was used before.  This means less type-casting and
shorter path to access isc_sockaddr_t members.

At the same time, instead of keeping the reference to the isc_sockaddr_t
that was passed to us when we start listening, we will keep a local
copy. This prevents the data race on destruction of the ns_interface_t
objects where pending nmsockets could reference the sockaddr of already
destroyed ns_interface_t object.
2021-05-26 09:43:12 +02:00
Mark Andrews
0a45af2e2f Consolidate xhdr fixups 2021-05-26 08:16:35 +10:00
Mark Andrews
00609f5094 Correct size calculation in dns_journal_iter_init()
* dns_journal_next() leaves the read point in the journal after the
transaction header so journal_seek() should be inside the loop.
* we need to recover from transaction header inconsistencies

Additionally when correcting for <size, serial0, serial1, 0> the
correct consistency check is isc_serial_gt() rather than
isc_serial_ge().  All instances updated.
2021-05-25 22:27:54 +10:00
Ondřej Surý
d0d37aa6d1 Don't set memory context name in resolver.c
We now attach to existing memory context instead of creating a new
memory context, so we should not set its name.
2021-05-25 07:25:44 +02:00
Ondřej Surý
a1c6fd5ede Adjust the fillcount and freemax for dns_message mempools
According to the measurements (recorded on GL!5085), the fillcount of 2
for namepool and fillcount of 4 for rdspool can fit 99.99% of request
for tested scenarios.

This was discovered by perf recording the single second recursive test
using flamethrower where the initial malloc lit up like a flare.
2021-05-24 20:44:58 +02:00
Ondřej Surý
28b65d8256 Reduce the number of clientmgr objects created
Previously, as a way of reducing the contention between threads a
clientmgr object would be created for each interface/IP address.

We tasks being more strictly bound to netmgr workers, this is no longer
needed and we can just create clientmgr object per worker queue (ncpus).

Each clientmgr object than would have a single task and single memory
context.
2021-05-24 20:44:54 +02:00
Ondřej Surý
aad7856b8e Don't create per bucket memory contexts in resolver
Similarly, the resolver code would create hundreds of memory contexts
just on the resolver setup.  The contention will be reduced directly in
the allocator, so for now just attach to the view memory instead of
creating separate memory context for each bucket.
2021-05-24 20:02:20 +02:00
Ondřej Surý
4db5e30177 Run shutdown events with the task's existing threadid
Previously, task->threadid was reassigned to 0 while shutting
down, which caused an assertion.
2021-05-24 20:02:20 +02:00
Ondřej Surý
0be7ea78be Reduce the number of client tasks and bind them to netmgr queues
Since a client object is bound to a netmgr handle, each client
will always be processed by the same netmgr worker, so we can
simplify the code by binding client->task to the same thread as
the client. Since ns__client_request() now runs in the same event
loop as client->task events, is no longer necessary to pause the
task manager before launching them.

Also removed some functions in isc_task that were not used.
2021-05-24 20:02:20 +02:00
Ondřej Surý
c07f8c5a43 Reduce the number of tasks in the clientmgr
We now use one task per CPU per dispatchmgr (that's still a lot).
2021-05-24 20:02:20 +02:00
Ondřej Surý
0719f032e1 Reduce the number of mctx created in clientmgr
The number of memory contexts created in the clientmgr was enormous.  It
could easily create thousands of memory contexts because the formula was:

    nprotocols * ncpus * ninterfaces * CLIENT_NMCTXS_PERCPU (8)

The original goal was to reduce the contention when allocating the
memory, but after a while nobody noticed that the amount of memory
context allocated would not reduce contention at all.

This commit removes the whole mctxpool and just uses the mctx from
clientmgr as the contention will be reduced directly in the allocator.
2021-05-24 20:02:20 +02:00
Evan Hunt
b0aadaac8e rename dns_name_copynf() to dns_name_copy()
dns_name_copy() is now the standard name-copying function.
2021-05-22 00:37:27 -07:00
Evan Hunt
ea7b28f101 remove dns_name_copy() implementation
Remove dns_name_copy() and refactor the underlying code since
it will only be called by dns_name_copynf() now, and can't fail.
2021-05-22 00:22:32 -07:00
Evan Hunt
b1fe1b8ae3 remove the remaining uses of dns_name_copy()
dns_name_copy() has been replaced nearly everywhere with
dns_name_copynf().  this commit changes the last two uses of
the original function.  afterward, we can remove the old
dns_name_copy() implementation, and replace it with _copynf().
2021-05-22 00:22:32 -07:00
Ondřej Surý
ce3e1abc1d Use dns_name_copynf() with dns_message_gettempname() when needed
dns_message_gettempname() returns an initialized name with a dedicated
buffer, associated with a dns_fixedname object.  Using dns_name_copynf()
to write a name into this object will actually copy the name data
from a source name. dns_name_clone() merely points target->ndata to
source->ndata, so it is faster, but it can lead to a use-after-free if
the source is freed before the target object is released via
dns_message_puttempname().

In a few places, clone was being used where copynf should have been;
this is now fixed.

As a side note, no memory was lost, because the ndata buffer used in
the dns_fixedname_t is internal to the structure, and is freed when
the dns_fixedname_t is freed regardless of the .ndata contents.
2021-05-21 21:28:10 -07:00
Ondřej Surý
5ee9edc4ce Optimize rdataset_getownercase not to use bitshifts
The last rdataset_getownercase() left it in a state where the code was
mix of microoptimizations (manual loop unrolling, complicated bitshifts)
with a code that would always rewrite the character even if it stayed
the same after transformation.

This commit makes sure that we modify only the characters that actually
need to change, removes the manual loop unrolling, and replaces the
weird bit arithmetics with a simple shift and bit-and.
2021-05-20 20:41:29 +02:00
Evan Hunt
e31cc1eeb4 use a fixedname buffer in dns_message_gettempname()
dns_message_gettempname() now returns a pointer to an initialized
name associated with a dns_fixedname_t object. it is no longer
necessary to allocate a buffer for temporary names associated with
the message object.
2021-05-20 20:41:29 +02:00
Matthijs Mekking
252a1ae0a1 Lock kasp when looking for zone keys
We should also lock kasp when reading key files, because at the same
time the zone in another view may be updating the key file.
2021-05-20 09:15:43 +02:00
Artem Boldariev
67c50abe5a Add DoH quota tests
This commit adds unit tests which ensure that DoH code is compatible
with quota functionality.
2021-05-19 10:28:47 +03:00
Matthijs Mekking
19395fd168 Fix coverity issue 331478
Move the "cannot start rollover" warning into code block that checks
if 'active_key' is not NULL.
2021-05-19 00:45:54 +00:00
Mark Andrews
314b5362a8 Remove dns_zone_setflag()
This function has never been used since it was added to the source tree
by commit 686b27bfd3 back in 1999.  As
the dns_zoneflg_t type is only defined in lib/dns/zone.c, no function
external to that file would be able to use dns_zone_setflag() properly
anyway - the DNS_ZONE_SETFLAG() and DNS_ZONE_CLRFLAG() macros should be
used instead. Zone options that can be set from outside zone.c are set
using dns_zone_setoption().
2021-05-18 16:02:18 -07:00
Matthijs Mekking
494e8b2cbd Check key-directory duplicates for kasp zones
Don't allow the same zone with different dnssec-policies in separate
views have the same key-directory.

Track zones plus key-directory in a symtab and if there is a match,
check the offending zone's dnssec-policy name. If the name is "none"
(there is no kasp for the offending zone), or if the name is the same
(the zone shares keys), it is fine, otherwise it is an error (zones
in views using different policies cannot share the same key-directory).
2021-05-18 15:47:02 +02:00
Mark Andrews
5d21042ed8 Adjust returned method from dns_updatemethod_date
if dns_updatemethod_date is used do that the returned method is only
set to dns_updatemethod_increment if the new serial does not encode
the current day (YYYYMMDDXX).
2021-05-18 12:30:22 +00:00
Mark Andrews
7e83c6df94 initialise worker->cond_prio 2021-05-18 07:47:42 +00:00
Mark Andrews
29f1c1e677 Silence gcc-10-fanalyzer false positive
If 'state == ft_ordinary' then 'label' can't be NULL. Add
INSIST to reflect this.
2021-05-18 15:51:51 +10:00
Mark Andrews
683ad6e4bd Silence gcc-10-fanalyzer false positive
Add REQUIRE(type == dns_rdatatype_nsec3 || firstp != NULL); so
that dereferences of *firstp is not flagged as a NULL pointer
dereference.
2021-05-18 15:19:28 +10:00
Mark Andrews
8eed392add Address potential resource leak in dst_key_fromnamedfile 2021-05-18 10:33:43 +10:00
Ondřej Surý
9e3cb396b2 Replace netmgr quantum with loop-preventing barrier
Instead of using fixed quantum, this commit adds atomic counter for
number of items on each queue and uses the number of netievents
scheduled to run as the limit of maximum number of netievents for a
single process_queue() run.

This prevents the endless loops when the netievent would schedule more
netievents onto the same loop, but we don't have to pick "magic" number
for the quantum.
2021-05-17 11:59:19 +02:00
Ondřej Surý
4509089419 Add configuration option to set send/recv buffers on the nm sockets
This commit adds a new configuration option to set the receive and send
buffer sizes on the TCP and UDP netmgr sockets.  The default is `0`
which doesn't set any value and just uses the value set by the operating
system.

There's no magic value here - set it too small and the performance will
drop, set it too large, the buffers can fill-up with queries that have
already timeouted on the client side and nobody is interested for the
answer and this would just make the server clog up even more by making
it produce useless work.

The `netstat -su` can be used on POSIX systems to monitor the receive
and send buffer errors.
2021-05-17 08:47:09 +02:00
Michal Nowak
c628f2c71b
Make masterXX.data.in reachable by out-of-tree builds
Unit test run for out-of-tree builds used to fail to find
masterXX.data.in files:

    /usr/bin/perl -w /builds/mnowak/bind9/lib/dns/tests/mkraw.pl < testdata/master/master12.data.in > testdata/master/master12.data
    /bin/bash: testdata/master/master12.data.in: No such file or directory
    make[4]: *** [Makefile:1910: testdata/master/master12.data] Error 1
2021-05-14 13:22:09 +02:00
Ondřej Surý
cd413234f7 Fix the outgoing UDP socket selection on Windows
The outgoing UDP socket selection would pick unintialized children
socket on Windows, because we have more netmgr workers than we have
listening sockets.  This commit fixes the selection by keeping the
outgoing socket the same, so it's always run on existing socket.
2021-05-13 15:04:48 +02:00
Artem Boldariev
bab9309231 Fix DoH unit tests logic
This commit fixes logic bugs in DoH test suite revealed by making DoH
not to call nghttp2_session_terminate_session() in server-side code.
2021-05-13 10:42:25 +03:00
Artem Boldariev
6816a741ca Fix crash in TLS caused by improper handling of shutdown messages
The problem was found when flamethrower was accidentally run in DoT
mode against DoH port.
2021-05-13 10:42:25 +03:00
Artem Boldariev
1947f6372d Limit the number of active concurrent HTTP/2 streams
The initial intent was to limit the number of concurrent streams by
the value of 100 but due to the error when reading the documentation
it was set to the maximum possible number of streams per session.

This could lead to security issues, e.g. a remote attacker could have
taken down the BIND instance by creating lots of sessions via low
number of transport connections. This commit fixes that.
2021-05-13 10:42:25 +03:00
Artem Boldariev
d80d1b0dd9 Do not allow empty DoH endpoints to be added
It was possible to specify empty DoH endpoint in BIND's configuration
file: that was an error, we should not allow doing so.
2021-05-13 10:42:25 +03:00
Artem Boldariev
9155a87528 Do not call nghttp2_session_terminate_session() in server-side code
We should not call nghttp2_session_terminate_session() in server-side
code after all of the active HTTP/2 streams are processed. The
underlying transport connection is expected to remain opened at least
for some time in this case for new HTTP/2 requests to arrive. That is
what flamethrower was expecting and it makes perfect sense from the
HTTP/2 perspective.
2021-05-13 10:42:25 +03:00
Mark Andrews
e86508708d Check that the first and last SOA of an AXFR are consistent 2021-05-13 03:36:50 +00:00
Mark Andrews
0f6ae9000a initalise sock->cond 2021-05-11 14:06:26 +02:00
Ondřej Surý
3713a38689 Bump the netmgr quantum to 1024
During the stress testing, it was discovered that the default netmgr
quantum of 128 is not enough and there was a performance drop for TCP on
FreeBSD.  Bumping the default quantum to 1024 solves the performance
issue and is still enough to prevent the endless loops.
2021-05-10 21:32:31 +02:00
Ondřej Surý
e623c12757 Destroy reference to taskmgr after all tasks are done
We were clearing the pointer to taskmgr as soon as isc_taskmgr_destroy()
would be called and before all tasks were finished.  Unfortunately, some
tasks would use global named_g_taskmgr objects from inside the events
and this would cause either a data race or NULL pointer dereference.

This commit fixes the data race by moving the destruction of the
referenced pointer to the time after all tasks are finished.
2021-05-10 12:13:27 -07:00
Ondřej Surý
6c57a6cc3d Add isc_taskmgr_detach when task is created while shutting down
When taskmgr is shutting down, the creating the task would attach
to the taskmgr, but don't detach on error condition.
2021-05-10 11:39:51 +02:00
Ondřej Surý
0133096c88 improvements to socket_test
- be more strict, but patient, waiting for event completion.
- use an atomic pointer for the socket to silence TSAN warnings.
2021-05-07 14:28:33 -07:00
Ondřej Surý
365c6a9851 ensure interlocked netmgr events run on worker[0]
Network manager events that require interlock (pause, resume, listen)
are now always executed in the same worker thread, mgr->workers[0],
to prevent races.

"stoplistening" events no longer require interlock.
2021-05-07 14:28:32 -07:00
Evan Hunt
c44423127d fix shutdown deadlocks
- ensure isc_nm_pause() and isc_nm_resume() work the same whether
  run from inside or outside of the netmgr.
- promote 'stop' events to the priority event level so they can
  run while the netmgr is pausing or paused.
- when pausing, drain the priority queue before acquiring an
  interlock; this prevents a deadlock when another thread is waiting
  for us to complete a task.
- release interlock after pausing, reacquire it when resuming, so
  that stop events can happen.

some incidental changes:
- use a function to enqueue pause and resume events (this was part of a
  different change attempt that didn't work out; I kept it because I
  thought was more readable).
- make mgr->nworkers a signed int to remove some annoying integer casts.
2021-05-07 14:28:32 -07:00
Ondřej Surý
4c8f6ebeb1 Use barriers for netmgr synchronization
The netmgr listening, stoplistening, pausing and resuming functions
now use barriers for synchronization, which makes the code much simpler.

isc/barrier.h defines isc_barrier macros as a front-end for uv_barrier
on platforms where that works, and pthread_barrier where it doesn't
(including TSAN builds).
2021-05-07 14:28:32 -07:00
Ondřej Surý
2eae7813b6 Run isc__nm_http_stoplistening() synchronously in netmgr
When isc__nm_http_stoplistening() is run from inside the netmgr, we need
to make sure it's run synchronously.  This commit is just a band-aid
though, as the desired behvaior for isc_nm_stoplistening() is not always
the same:

  1. When run from outside user of the interface, the call must be
     synchronous, e.g. the calling code expects the call to really stop
     listening on the interfaces.

  2. But if there's a call from listen<proto> when listening fails,
     that needs to be scheduled to run asynchronously, because
     isc_nm_listen<proto> is being run in a paused (interlocked)
     netmgr thread and we could get stuck.

The proper solution would be to make isc_nm_stoplistening()
behave like uv_close(), i.e., to have a proper callback.
2021-05-07 14:28:32 -07:00