From 3368e5f231432c9354795f35c6962f64ed74a1b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ondr=CC=8Cej=20Sury=CC=81?= Date: Fri, 3 Feb 2023 15:47:28 +0100 Subject: [PATCH 1/3] Avoid libuv 1.35 and 1.36 that have broken recvmmsg implementation The implementation of UDP recvmmsg in libuv 1.35 and 1.36 is incomplete and could cause assertion failure under certain circumstances. Modify the configure and runtime checks to report a fatal error when trying to compile or run with the affected versions. (cherry picked from commit 251f411fc322a9915219725820478d1359b937dd) --- configure.ac | 6 +++--- doc/arm/build.inc.rst | 10 ++++++---- lib/isc/netmgr/netmgr.c | 2 -- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index 84d85c1132..fefe0c4707 100644 --- a/configure.ac +++ b/configure.ac @@ -541,9 +541,9 @@ AC_CHECK_FUNCS([pthread_setname_np pthread_set_name_np]) AC_CHECK_HEADERS([pthread_np.h], [], [], [#include ]) # libuv -AC_MSG_CHECKING([for libuv]) -PKG_CHECK_MODULES([LIBUV], [libuv >= 1.0.0], [], - [AC_MSG_ERROR([libuv not found])]) +PKG_CHECK_MODULES([LIBUV], [libuv >= 1.37.0], [], + [PKG_CHECK_MODULES([LIBUV], [libuv >= 1.0.0 libuv < 1.35.0], [], + [AC_MSG_ERROR([libuv >= 1.0.0 (except 1.35.0 and 1.36.0) not found])])]) AX_SAVE_FLAGS([libuv]) CFLAGS="$CFLAGS $LIBUV_CFLAGS" diff --git a/doc/arm/build.inc.rst b/doc/arm/build.inc.rst index 5bad09e2af..ccd0d32bf1 100644 --- a/doc/arm/build.inc.rst +++ b/doc/arm/build.inc.rst @@ -60,10 +60,12 @@ To build BIND 9, the following packages must be installed: - ``perl`` - ``pkg-config`` / ``pkgconfig`` / ``pkgconf`` -BIND 9.18 requires ``libuv`` 1.x or higher. On older systems, an updated -``libuv`` package needs to be installed from sources such as EPEL, PPA, -or other native sources. The other option is to build and install -``libuv`` from source. +BIND 9.18 requires ``libuv`` 1.0.0 or higher, using ``libuv`` >= 1.40.0 +is recommended. Compiling or running with ``libuv`` 1.35.0 or 1.36.0 is +not supported, as this could lead to an assertion failure in the UDP +receive code. On older systems, an updated ``libuv`` package needs to be +installed from sources such as EPEL, PPA, or other native sources. The +other option is to build and install ``libuv`` from source. OpenSSL 1.0.2e or newer is required. If the OpenSSL library is installed in a nonstandard location, specify the prefix using diff --git a/lib/isc/netmgr/netmgr.c b/lib/isc/netmgr/netmgr.c index 01d5f168a8..816e185de0 100644 --- a/lib/isc/netmgr/netmgr.c +++ b/lib/isc/netmgr/netmgr.c @@ -205,8 +205,6 @@ isc__nm_threadpool_initialize(uint32_t workers) { #define MINIMAL_UV_VERSION UV_VERSION(1, 40, 0) #elif HAVE_DECL_UV_UDP_RECVMMSG #define MINIMAL_UV_VERSION UV_VERSION(1, 37, 0) -#elif HAVE_DECL_UV_UDP_MMSG_CHUNK -#define MINIMAL_UV_VERSION UV_VERSION(1, 35, 0) #else #define MINIMAL_UV_VERSION UV_VERSION(1, 0, 0) #endif From 8d103f7bbce0cd0b41523a5ab894ad6b0547c357 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ondr=CC=8Cej=20Sury=CC=81?= Date: Wed, 8 Feb 2023 09:29:54 +0100 Subject: [PATCH 2/3] Enforce version drift limits for libuv libuv support for receiving multiple UDP messages in a single system call (recvmmsg()) has been tweaked several times between libuv versions 1.35.0 and 1.40.0. Mixing and matching libuv versions within that span may lead to assertion failures and is therefore considered harmful, so try to limit potential damage be preventing users from mixing libuv versions with distinct sets of recvmmsg()-related flags. (cherry picked from commit 735d09bffed7febe636542c07f3269b407e6113c) --- lib/isc/netmgr/netmgr.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/isc/netmgr/netmgr.c b/lib/isc/netmgr/netmgr.c index 816e185de0..ee96138721 100644 --- a/lib/isc/netmgr/netmgr.c +++ b/lib/isc/netmgr/netmgr.c @@ -204,8 +204,10 @@ isc__nm_threadpool_initialize(uint32_t workers) { #elif HAVE_DECL_UV_UDP_MMSG_FREE #define MINIMAL_UV_VERSION UV_VERSION(1, 40, 0) #elif HAVE_DECL_UV_UDP_RECVMMSG +#define MAXIMAL_UV_VERSION UV_VERSION(1, 39, 99) #define MINIMAL_UV_VERSION UV_VERSION(1, 37, 0) #else +#define MAXIMAL_UV_VERSION UV_VERSION(1, 34, 99) #define MINIMAL_UV_VERSION UV_VERSION(1, 0, 0) #endif @@ -216,10 +218,19 @@ isc__netmgr_create(isc_mem_t *mctx, uint32_t workers, isc_nm_t **netmgrp) { REQUIRE(workers > 0); +#ifdef MAXIMAL_UV_VERSION + if (uv_version() > MAXIMAL_UV_VERSION) { + FATAL_ERROR("libuv version too new: running with libuv %s " + "when compiled with libuv %s will lead to " + "libuv failures", + uv_version_string(), UV_VERSION_STRING); + } +#endif /* MAXIMAL_UV_VERSION */ + if (uv_version() < MINIMAL_UV_VERSION) { FATAL_ERROR("libuv version too old: running with libuv %s " "when compiled with libuv %s will lead to " - "libuv failures because of unknown flags", + "libuv failures", uv_version_string(), UV_VERSION_STRING); } From ac7d1958591eebb8aa831bd4f74316ed4729d226 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ondr=CC=8Cej=20Sury=CC=81?= Date: Fri, 3 Feb 2023 09:40:13 +0100 Subject: [PATCH 3/3] Add CHANGES and release note for [GL #3840] (cherry picked from commit 6fa48c963e81e17f878edfd1c13f53b9f6f540c7) --- CHANGES | 6 ++++++ doc/notes/notes-current.rst | 21 ++++++++++++++++++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index a10543e7c5..56cd52c92c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,9 @@ +6094. [bug] Building against (or running with) libuv versions + 1.35.0 and 1.36.0 is now a fatal error. The rules for + mixing and matching compile-time and run-time libuv + versions have been tightened for libuv versions between + 1.35.0 and 1.40.0. [GL #3840] + 6092. [bug] dnssec-cds failed to cleanup properly. [GL #3831] 6089. [bug] Source ports configured for query-source, diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index f9614f0c9c..ee329b24cf 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -30,7 +30,26 @@ Removed Features Feature Changes ~~~~~~~~~~~~~~~ -- None. +- libuv support for receiving multiple UDP messages in a single system + call (``recvmmsg()``) has been tweaked several times between libuv + versions 1.35.0 and 1.40.0; the recommended libuv version is 1.40.0 or + higher. New rules are now in effect for running with a different + version of libuv than the one used at compilation time. These rules + may trigger a fatal error at startup: + + - Building against or running with libuv versions 1.35.0 and 1.36.0 is + now a fatal error. + + - Running with libuv version higher than 1.34.2 is now a fatal error + when :iscman:`named` is built against libuv version 1.34.2 or lower. + + - Running with libuv version higher than 1.39.0 is now a fatal error + when :iscman:`named` is built against libuv version 1.37.0, 1.38.0, + 1.38.1, or 1.39.0. + + This prevents the use of libuv versions that may trigger an assertion + failure when receiving multiple UDP messages in a single system call. + :gl:`#3840` Bug Fixes ~~~~~~~~~