From e92b26123506067aa27057e167c3760fcad9f898 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Tue, 14 Jun 2022 10:42:28 +0000 Subject: [PATCH 1/3] Do not use the interface manager until it is ready The `ns_interfacemgr_create()` function, when calling `isc_nm_routeconnect()`, uses the newly created `ns_interfacemgr_t` instance before initializing its reference count and the magic value. Defer the `isc_nm_routeconnect()` call until the initializations are complete. (cherry picked from commit 1d93fe973b9129b0f97f05332c5cd910b27ce11b) --- lib/ns/interfacemgr.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/ns/interfacemgr.c b/lib/ns/interfacemgr.c index 9cacd3f02b..55cd6f6ba8 100644 --- a/lib/ns/interfacemgr.c +++ b/lib/ns/interfacemgr.c @@ -329,15 +329,6 @@ ns_interfacemgr_create(isc_mem_t *mctx, ns_server_t *sctx, UNUSED(geoip); #endif /* if defined(HAVE_GEOIP2) */ - if (scan) { - result = isc_nm_routeconnect(nm, route_connected, mgr, 0); - if (result != ISC_R_SUCCESS) { - isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_INFO, - "unable to open route socket: %s", - isc_result_totext(result)); - } - } - isc_refcount_init(&mgr->references, 1); mgr->magic = IFMGR_MAGIC; *mgrp = mgr; @@ -351,6 +342,15 @@ ns_interfacemgr_create(isc_mem_t *mctx, ns_server_t *sctx, RUNTIME_CHECK(result == ISC_R_SUCCESS); } + if (scan) { + result = isc_nm_routeconnect(nm, route_connected, mgr, 0); + if (result != ISC_R_SUCCESS) { + isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_INFO, + "unable to open route socket: %s", + isc_result_totext(result)); + } + } + return (ISC_R_SUCCESS); cleanup_listenon: From 12aefe6cedd08b340913447d787618c75e357005 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Tue, 14 Jun 2022 10:49:04 +0000 Subject: [PATCH 2/3] Fix a race condition between shutdown and route_connected() When shutting down, the interface manager can be destroyed before the `route_connected()` callback is called, which is unexpected for the latter and can cause a crash. Move the interface manager attachment code from the callback to the place before the callback is registered using `isc_nm_routeconnect()` function, which will make sure that the interface manager will live at least until the callback is called. Make sure to detach the interface manager if the `isc_nm_routeconnect()` function is not implemented, or when the callback is called with a result value which differs from `ISC_R_SUCCESS`. (cherry picked from commit f6e729635fad174fde16150fd90b9aa48712f61d) --- lib/ns/interfacemgr.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/ns/interfacemgr.c b/lib/ns/interfacemgr.c index 55cd6f6ba8..875b89f3c3 100644 --- a/lib/ns/interfacemgr.c +++ b/lib/ns/interfacemgr.c @@ -262,12 +262,12 @@ route_connected(isc_nmhandle_t *handle, isc_result_t eresult, void *arg) { "route_connected: %s", isc_result_totext(eresult)); if (eresult != ISC_R_SUCCESS) { + ns_interfacemgr_detach(&mgr); return; } INSIST(mgr->route == NULL); - ns_interfacemgr_attach(mgr, &(ns_interfacemgr_t *){ NULL }); isc_nmhandle_attach(handle, &mgr->route); isc_nm_read(handle, route_recv, mgr); } @@ -343,7 +343,14 @@ ns_interfacemgr_create(isc_mem_t *mctx, ns_server_t *sctx, } if (scan) { - result = isc_nm_routeconnect(nm, route_connected, mgr, 0); + ns_interfacemgr_t *imgr = NULL; + + ns_interfacemgr_attach(mgr, &imgr); + + result = isc_nm_routeconnect(nm, route_connected, imgr, 0); + if (result == ISC_R_NOTIMPLEMENTED) { + ns_interfacemgr_detach(&imgr); + } if (result != ISC_R_SUCCESS) { isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_INFO, "unable to open route socket: %s", From 7d5ec4b6a5b1d60da8162848704cd9178cb5b2aa Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Tue, 14 Jun 2022 10:54:24 +0000 Subject: [PATCH 3/3] Add CHANGES note for [GL #3401] (cherry picked from commit 4b0e7e41fcd260406e3078e9d7e18b062013e364) --- CHANGES | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES b/CHANGES index c138c88ee2..a66473d479 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +5908. [bug] Fix race conditions in route_connected(). [GL #3401] + 5907. [bug] Fix a crash in dig NS search mode when one of the NS server queries fail. [GL #3207]