From 0c62c0bdb760695d41b6a8b77656332cc423ffb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Sun, 13 Nov 2022 10:28:17 +0100 Subject: [PATCH 1/3] Mark setting operating system limits from named.conf as ancient After deprecating the operating system limits settings (coresize, datasize, files and stacksize), mark them as ancient and remove the code that sets the values from config. --- bin/named/config.c | 11 ++---- bin/named/include/named/globals.h | 3 -- bin/named/main.c | 9 ----- bin/named/server.c | 51 ---------------------------- conftools/perllib/dnsconf/DNSConf.i | 4 --- doc/arm/reference.rst | 52 ----------------------------- doc/man/named.conf.5in | 4 --- doc/misc/options | 4 --- fuzz/isc_lex_gettoken.in/named.conf | 4 --- lib/isccfg/namedconf.c | 8 ++--- 10 files changed, 7 insertions(+), 143 deletions(-) diff --git a/bin/named/config.c b/bin/named/config.c index 17b01ec9e1..1824f7da95 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -50,16 +50,12 @@ options {\n\ answer-cookie true;\n\ automatic-interface-scan yes;\n\ bindkeys-file \"" NAMED_SYSCONFDIR "/bind.keys\";\n\ -# blackhole {none;};\n" - " cookie-algorithm siphash24;\n" - " coresize default;\n\ - datasize default;\n" - "\ +# blackhole {none;};\n\ + cookie-algorithm siphash24;\n\ # directory \n\ dnssec-policy \"none\";\n\ dump-file \"named_dump.db\";\n\ - edns-udp-size 1232;\n\ - files unlimited;\n" + edns-udp-size 1232;\n" #if defined(HAVE_GEOIP2) "\ geoip-directory \"" MAXMINDDB_PREFIX "/share/GeoIP\";\n" @@ -115,7 +111,6 @@ options {\n\ session-keyalg hmac-sha256;\n\ # session-keyfile \"" NAMED_LOCALSTATEDIR "/run/named/session.key\";\n\ session-keyname local-ddns;\n\ - stacksize default;\n\ startup-notify-rate 20;\n\ statistics-file \"named.stats\";\n\ tcp-advertised-timeout 300;\n\ diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h index ebacca1524..de22349678 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h @@ -109,9 +109,6 @@ EXTERN cfg_aclconfctx_t *named_g_aclconfctx INIT(NULL); /* * Initial resource limits. */ -EXTERN isc_resourcevalue_t named_g_initstacksize INIT(0); -EXTERN isc_resourcevalue_t named_g_initdatasize INIT(0); -EXTERN isc_resourcevalue_t named_g_initcoresize INIT(0); EXTERN isc_resourcevalue_t named_g_initopenfiles INIT(0); /* diff --git a/bin/named/main.c b/bin/named/main.c index 9d0207a3b8..59706f1f24 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -1219,15 +1219,6 @@ setup(void) { /* * Get the initial resource limits. */ - RUNTIME_CHECK(isc_resource_getlimit(isc_resource_stacksize, - &named_g_initstacksize) == - ISC_R_SUCCESS); - RUNTIME_CHECK(isc_resource_getlimit(isc_resource_datasize, - &named_g_initdatasize) == - ISC_R_SUCCESS); - RUNTIME_CHECK(isc_resource_getlimit(isc_resource_coresize, - &named_g_initcoresize) == - ISC_R_SUCCESS); RUNTIME_CHECK(isc_resource_getlimit(isc_resource_openfiles, &named_g_initopenfiles) == ISC_R_SUCCESS); diff --git a/bin/named/server.c b/bin/named/server.c index 0962230718..63535328a0 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -52,7 +52,6 @@ #include #include #include -#include #include #include #include @@ -7438,51 +7437,6 @@ setoptstring(named_server_t *server, char **field, const cfg_obj_t *obj) { } } -static void -set_limit(const cfg_obj_t **maps, const char *configname, - const char *description, isc_resource_t resourceid, - isc_resourcevalue_t defaultvalue) { - const cfg_obj_t *obj = NULL; - const char *resource; - isc_resourcevalue_t value; - isc_result_t result; - - if (named_config_get(maps, configname, &obj) != ISC_R_SUCCESS) { - return; - } - - if (cfg_obj_isstring(obj)) { - resource = cfg_obj_asstring(obj); - if (strcasecmp(resource, "unlimited") == 0) { - value = ISC_RESOURCE_UNLIMITED; - } else { - INSIST(strcasecmp(resource, "default") == 0); - value = defaultvalue; - } - } else { - value = cfg_obj_asuint64(obj); - } - - result = isc_resource_setlimit(resourceid, value); - isc_log_write( - named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, - result == ISC_R_SUCCESS ? ISC_LOG_DEBUG(3) : ISC_LOG_WARNING, - "set maximum %s to %" PRIu64 ": %s", description, value, - isc_result_totext(result)); -} - -#define SETLIMIT(cfgvar, resource, description) \ - set_limit(maps, cfgvar, description, isc_resource_##resource, \ - named_g_init##resource) - -static void -set_limits(const cfg_obj_t **maps) { - SETLIMIT("stacksize", stacksize, "stack size"); - SETLIMIT("datasize", datasize, "data size"); - SETLIMIT("coresize", coresize, "core size"); - SETLIMIT("files", openfiles, "open files"); -} - static void portset_fromconf(isc_portset_t *portset, const cfg_obj_t *ports, bool positive) { @@ -8575,11 +8529,6 @@ load_configuration(const char *filename, named_server_t *server, server->bindkeysfile); } - /* - * Set process limits, which (usually) needs to be done as root. - */ - set_limits(maps); - /* * Check the process lockfile. */ diff --git a/conftools/perllib/dnsconf/DNSConf.i b/conftools/perllib/dnsconf/DNSConf.i index 7e2cf0e0e2..db548bc499 100644 --- a/conftools/perllib/dnsconf/DNSConf.i +++ b/conftools/perllib/dnsconf/DNSConf.i @@ -283,10 +283,6 @@ INT_FIELD_DEFS(recursiveclients) INT_FIELD_DEFS(minroots) INT_FIELD_DEFS(serialqueries) INT_FIELD_DEFS(sigvalidityinterval) -INT_FIELD_DEFS(datasize) -INT_FIELD_DEFS(stacksize) -INT_FIELD_DEFS(coresize) -INT_FIELD_DEFS(files) INT_FIELD_DEFS(maxcachesize) INT_FIELD_DEFS(maxncachettl) INT_FIELD_DEFS(maxcachettl) diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index cb2bd6b71b..de69a4c0b6 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -3626,58 +3626,6 @@ options apply to zone transfers. This option acts like :any:`notify-source`, but applies to ``NOTIFY`` messages sent to IPv6 addresses. -.. _resource_limits: - -Operating System Resource Limits -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The server's usage of many system resources can be limited. Scaled -values are allowed when specifying resource limits. For example, ``1G`` -can be used instead of ``1073741824`` to specify a limit of one -gigabyte. ``unlimited`` requests unlimited use, or the maximum available -amount. ``default`` uses the limit that was in force when the server was -started. See the description of :term:`size`. - -The following options are deprecated in favor of setting the operating system -resource limits from the operating system and/or process supervisor, should not -be used, and will be rendered non-operational in a future release. - - -.. namedconf:statement:: coresize - :tags: deprecated - :short: Sets the maximum size of a core dump. - - This sets the maximum size of a core dump. The default is ``default``. - -.. namedconf:statement:: datasize - :tags: deprecated - :short: Sets the maximum amount of data memory that can be used by the server. - - This sets the maximum amount of data memory the server may use. The default is - ``default``. This is a hard limit on server memory usage; if the - server attempts to allocate memory in excess of this limit, the - allocation will fail, which may in turn leave the server unable to - perform DNS service. Therefore, this option is rarely useful as a way - to limit the amount of memory used by the server, but it can be - used to raise an operating system data size limit that is too small - by default. To limit the amount of memory used by the - server, use the :any:`max-cache-size` and :any:`recursive-clients` options - instead. - -.. namedconf:statement:: files - :tags: deprecated - :short: Sets the maximum number of files the server may have open concurrently. - - This sets the maximum number of files the server may have open concurrently. - The default is ``unlimited``. - -.. namedconf:statement:: stacksize - :tags: deprecated - :short: Sets the maximum amount of stack memory that can be used by the server. - - This sets the maximum amount of stack memory the server may use. The default is - ``default``. - .. _server_resource_limits: Server Resource Limits diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index dbd6e9d901..b03ef74839 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -152,8 +152,6 @@ options { clients\-per\-query ; cookie\-algorithm ( aes | siphash24 ); cookie\-secret ; // may occur multiple times - coresize ( default | unlimited | ); // deprecated - datasize ( default | unlimited | ); // deprecated deny\-answer\-addresses { ; ... } [ except\-from { ; ... } ]; deny\-answer\-aliases { ; ... } [ except\-from { ; ... } ]; dialup ( notify | notify\-passive | passive | refresh | ); @@ -196,7 +194,6 @@ options { fetch\-quota\-params ; fetches\-per\-server [ ( drop | fail ) ]; fetches\-per\-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); // deprecated flush\-zones\-on\-shutdown ; forward ( first | only ); forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; @@ -331,7 +328,6 @@ options { sig\-signing\-type ; sig\-validity\-interval [ ]; sortlist { ; ... }; - stacksize ( default | unlimited | ); // deprecated stale\-answer\-client\-timeout ( disabled | off | ); stale\-answer\-enable ; stale\-answer\-ttl ; diff --git a/doc/misc/options b/doc/misc/options index 97462e7a2d..ce8f20a917 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -95,8 +95,6 @@ options { clients-per-query ; cookie-algorithm ( aes | siphash24 ); cookie-secret ; // may occur multiple times - coresize ( default | unlimited | ); // deprecated - datasize ( default | unlimited | ); // deprecated deny-answer-addresses { ; ... } [ except-from { ; ... } ]; deny-answer-aliases { ; ... } [ except-from { ; ... } ]; dialup ( notify | notify-passive | passive | refresh | ); @@ -139,7 +137,6 @@ options { fetch-quota-params ; fetches-per-server [ ( drop | fail ) ]; fetches-per-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); // deprecated flush-zones-on-shutdown ; forward ( first | only ); forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; @@ -274,7 +271,6 @@ options { sig-signing-type ; sig-validity-interval [ ]; sortlist { ; ... }; - stacksize ( default | unlimited | ); // deprecated stale-answer-client-timeout ( disabled | off | ); stale-answer-enable ; stale-answer-ttl ; diff --git a/fuzz/isc_lex_gettoken.in/named.conf b/fuzz/isc_lex_gettoken.in/named.conf index dd46100b6b..d00c2c526d 100644 --- a/fuzz/isc_lex_gettoken.in/named.conf +++ b/fuzz/isc_lex_gettoken.in/named.conf @@ -165,11 +165,7 @@ options { #maintain - ixfr - base no; // If yes, keep transaction log file for IXFR max - ixfr - log - size 20m; - coresize 100; - datasize 101; - files 230; max - cache - size 1m; - stacksize 231; heartbeat - interval 1001; interface - interval 1002; statistics - interval 1003; diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 8336b1a58f..9543c1a02e 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1219,8 +1219,8 @@ static cfg_clausedef_t options_clauses[] = { { "blackhole", &cfg_type_bracketed_aml, 0 }, { "cookie-algorithm", &cfg_type_cookiealg, 0 }, { "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI }, - { "coresize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED }, - { "datasize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED }, + { "coresize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT }, + { "datasize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT }, { "deallocate-on-exit", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK }, #ifdef HAVE_DNSTAP @@ -1237,7 +1237,7 @@ static cfg_clausedef_t options_clauses[] = { { "dscp", &cfg_type_uint32, 0 }, { "dump-file", &cfg_type_qstring, 0 }, { "fake-iquery", NULL, CFG_CLAUSEFLAG_ANCIENT }, - { "files", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED }, + { "files", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT }, { "flush-zones-on-shutdown", &cfg_type_boolean, 0 }, #ifdef HAVE_DNSTAP { "fstrm-set-buffer-hint", &cfg_type_uint32, 0 }, @@ -1319,7 +1319,7 @@ static cfg_clausedef_t options_clauses[] = { { "session-keyfile", &cfg_type_qstringornone, 0 }, { "session-keyname", &cfg_type_astring, 0 }, { "sit-secret", NULL, CFG_CLAUSEFLAG_ANCIENT }, - { "stacksize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED }, + { "stacksize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT }, { "startup-notify-rate", &cfg_type_uint32, 0 }, { "statistics-file", &cfg_type_qstring, 0 }, { "statistics-interval", NULL, CFG_CLAUSEFLAG_ANCIENT }, From e2262c2112dd59b9dd756911d49ac9ccb05bba36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Sun, 13 Nov 2022 11:04:30 +0100 Subject: [PATCH 2/3] Remove isc_resource API and set limits directly in named_os unit The only function left in the isc_resource API was setting the file limit. Replace the whole unit with a simple getrlimit to check the maximum value of RLIMIT_NOFILE and set the maximum back to rlimit_cur. This is more compatible than trying to set RLIMIT_UNLIMITED on the RLIMIT_NOFILE as it doesn't work on Linux (see man 5 proc on /proc/sys/fs/nr_open), neither it does on Darwin kernel (see man 2 getrlimit). The only place where the maximum value could be raised under privileged user would be BSDs, but the `named_os_adjustnofile()` were not called there before. We would apply the increased limits only on Linux and Sun platforms. --- bin/named/include/named/globals.h | 5 - bin/named/main.c | 21 --- bin/named/os.c | 57 +++++--- bin/named/server.c | 3 +- bin/named/zoneconf.c | 6 +- lib/isc/Makefile.am | 2 - lib/isc/include/isc/resource.h | 87 ------------- lib/isc/include/isc/types.h | 28 +--- lib/isc/resource.c | 208 ------------------------------ lib/isccfg/namedconf.c | 2 +- tests/libtest/ns.c | 1 - 11 files changed, 52 insertions(+), 368 deletions(-) delete mode 100644 lib/isc/include/isc/resource.h delete mode 100644 lib/isc/resource.c diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h index de22349678..6d46f12589 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h @@ -106,11 +106,6 @@ EXTERN dns_name_t named_g_sessionkeyname; EXTERN bool named_g_conffileset INIT(false); EXTERN cfg_aclconfctx_t *named_g_aclconfctx INIT(NULL); -/* - * Initial resource limits. - */ -EXTERN isc_resourcevalue_t named_g_initopenfiles INIT(0); - /* * Misc. */ diff --git a/bin/named/main.c b/bin/named/main.c index 59706f1f24..a75bbdb6e5 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -35,7 +35,6 @@ #include #include #include -#include #include #include #include @@ -1043,7 +1042,6 @@ create_managers(void) { static void setup(void) { isc_result_t result; - isc_resourcevalue_t old_openfiles; ns_server_t *sctx; #ifdef HAVE_LIBSCF char *instance = NULL; @@ -1216,30 +1214,11 @@ setup(void) { NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE, "----------------------------------------------------"); - /* - * Get the initial resource limits. - */ - RUNTIME_CHECK(isc_resource_getlimit(isc_resource_openfiles, - &named_g_initopenfiles) == - ISC_R_SUCCESS); - /* * System resources cannot effectively be tuned on some systems. * Raise the limit in such cases for safety. */ - old_openfiles = named_g_initopenfiles; named_os_adjustnofile(); - RUNTIME_CHECK(isc_resource_getlimit(isc_resource_openfiles, - &named_g_initopenfiles) == - ISC_R_SUCCESS); - if (old_openfiles != named_g_initopenfiles) { - isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, - NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE, - "adjusted limit on open files from " - "%" PRIu64 " to " - "%" PRIu64, - old_openfiles, named_g_initopenfiles); - } /* * If the named configuration filename is relative, prepend the current diff --git a/bin/named/os.c b/bin/named/os.c index 3506a5e605..699ca2f256 100644 --- a/bin/named/os.c +++ b/bin/named/os.c @@ -14,6 +14,7 @@ /*! \file */ #include #include +#include #include #include /* dev_t FreeBSD 2.1 */ #ifdef HAVE_UNAME @@ -37,13 +38,13 @@ #include #include #include -#include #include #include #include #include #include +#include #include #include #ifdef HAVE_LIBSCF @@ -615,23 +616,47 @@ ns_os_uid(void) { void named_os_adjustnofile(void) { -#if defined(__linux__) || defined(__sun) - isc_result_t result; - isc_resourcevalue_t newvalue; + int r; + struct rlimit rl; + rlim_t rlim_old; + char strbuf[ISC_STRERRORSIZE]; - /* - * Linux: max number of open files specified by one thread doesn't seem - * to apply to other threads on Linux. - * Sun: restriction needs to be removed sooner when hundreds of CPUs - * are available. - */ - newvalue = ISC_RESOURCE_UNLIMITED; - - result = isc_resource_setlimit(isc_resource_openfiles, newvalue); - if (result != ISC_R_SUCCESS) { - named_main_earlywarning("couldn't adjust limit on open files"); + r = getrlimit(RLIMIT_NOFILE, &rl); + if (r != 0) { + goto fail; } -#endif /* if defined(__linux__) || defined(__sun) */ + + rlim_old = rl.rlim_cur; + + if (rl.rlim_cur == rl.rlim_max) { + isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, + NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE, + "the limit on open files is already at the " + "maximum allowed value: " + "%" PRIu64, + (uint64_t)rl.rlim_max); + return; + } + + rl.rlim_cur = rl.rlim_max; + r = setrlimit(RLIMIT_NOFILE, &rl); + if (r != 0) { + goto fail; + } + + isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, + NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE, + "adjusted limit on open files from " + "%" PRIu64 " to " + "%" PRIu64, + (uint64_t)rlim_old, (uint64_t)rl.rlim_cur); + return; + +fail: + strerror_r(errno, strbuf, sizeof(strbuf)); + named_main_earlywarning("adjusting limit on open files failed: %s", + strbuf); + return; } void diff --git a/bin/named/server.c b/bin/named/server.c index 63535328a0..09eb53e2ed 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -4354,8 +4354,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config, max_cache_size = SIZE_AS_PERCENT; max_cache_size_percent = cfg_obj_aspercentage(obj); } else { - isc_resourcevalue_t value; - value = cfg_obj_asuint64(obj); + uint64_t value = cfg_obj_asuint64(obj); if (value > SIZE_MAX) { cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING, "'max-cache-size " diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index f7e5914fbd..795db7bf6e 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -1362,8 +1362,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, journal_size = -1; } } else { - isc_resourcevalue_t value; - value = cfg_obj_asuint64(obj); + uint64_t value = cfg_obj_asuint64(obj); if (value > DNS_JOURNAL_SIZE_MAX) { cfg_obj_log(obj, named_g_lctx, ISC_LOG_ERROR, "'max-journal-size " @@ -1508,8 +1507,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, journal_size = -1; } } else { - isc_resourcevalue_t value; - value = cfg_obj_asuint64(obj); + uint64_t value = cfg_obj_asuint64(obj); if (value > DNS_JOURNAL_SIZE_MAX) { cfg_obj_log(obj, named_g_lctx, ISC_LOG_ERROR, "'max-journal-size " diff --git a/lib/isc/Makefile.am b/lib/isc/Makefile.am index 2d8976a363..f44a5a00dd 100644 --- a/lib/isc/Makefile.am +++ b/lib/isc/Makefile.am @@ -77,7 +77,6 @@ libisc_la_HEADERS = \ include/isc/refcount.h \ include/isc/regex.h \ include/isc/region.h \ - include/isc/resource.h \ include/isc/result.h \ include/isc/rwlock.h \ include/isc/safe.h \ @@ -189,7 +188,6 @@ libisc_la_SOURCES = \ ratelimiter.c \ regex.c \ region.c \ - resource.c \ result.c \ safe.c \ serial.c \ diff --git a/lib/isc/include/isc/resource.h b/lib/isc/include/isc/resource.h deleted file mode 100644 index dc4b2b19dc..0000000000 --- a/lib/isc/include/isc/resource.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * SPDX-License-Identifier: MPL-2.0 - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -#pragma once - -/*! \file isc/resource.h */ - -#include -#include - -#define ISC_RESOURCE_UNLIMITED ((isc_resourcevalue_t)UINT64_MAX) - -ISC_LANG_BEGINDECLS - -isc_result_t -isc_resource_setlimit(isc_resource_t resource, isc_resourcevalue_t value); -/*%< - * Set the maximum limit for a system resource. - * - * Notes: - *\li If 'value' exceeds the maximum possible on the operating system, - * it is silently limited to that maximum -- or to "infinity", if - * the operating system has that concept. #ISC_RESOURCE_UNLIMITED - * can be used to explicitly ask for the maximum. - * - * Requires: - *\li 'resource' is a valid member of the isc_resource_t enumeration. - * - * Returns: - *\li #ISC_R_SUCCESS Success. - *\li #ISC_R_NOTIMPLEMENTED 'resource' is not a type known by the OS. - *\li #ISC_R_NOPERM The calling process did not have adequate permission - * to change the resource limit. - */ - -isc_result_t -isc_resource_getlimit(isc_resource_t resource, isc_resourcevalue_t *value); -/*%< - * Get the maximum limit for a system resource. - * - * Notes: - *\li 'value' is set to the maximum limit. - * - *\li #ISC_RESOURCE_UNLIMITED is the maximum value of isc_resourcevalue_t. - * - *\li On many (all?) Unix systems, RLIM_INFINITY is a valid value that is - * significantly less than #ISC_RESOURCE_UNLIMITED, but which in practice - * behaves the same. - * - *\li The current ISC libdns configuration file parser assigns a value - * of UINT32_MAX for a size_spec of "unlimited" and ISC_UNIT32_MAX - 1 - * for "default", the latter of which is supposed to represent "the - * limit that was in force when the server started". Since these are - * valid values in the middle of the range of isc_resourcevalue_t, - * there is the possibility for confusion over what exactly those - * particular values are supposed to represent in a particular context -- - * discrete integral values or generalized concepts. - * - * Requires: - *\li 'resource' is a valid member of the isc_resource_t enumeration. - * - * Returns: - *\li #ISC_R_SUCCESS Success. - *\li #ISC_R_NOTIMPLEMENTED 'resource' is not a type known by the OS. - */ - -isc_result_t -isc_resource_getcurlimit(isc_resource_t resource, isc_resourcevalue_t *value); -/*%< - * Same as isc_resource_getlimit(), but returns the current (soft) limit. - * - * Returns: - *\li #ISC_R_SUCCESS Success. - *\li #ISC_R_NOTIMPLEMENTED 'resource' is not a type known by the OS. - */ - -ISC_LANG_ENDDECLS diff --git a/lib/isc/include/isc/types.h b/lib/isc/include/isc/types.h index ecbbf48976..51a246dfab 100644 --- a/lib/isc/include/isc/types.h +++ b/lib/isc/include/isc/types.h @@ -71,14 +71,13 @@ typedef struct isc_nmsocket isc_nmsocket_t; /*%< Network manager socket */ typedef struct isc_nmhandle isc_nmhandle_t; /*%< Network manager handle */ typedef struct isc_portset isc_portset_t; /*%< Port Set */ typedef struct isc_quota isc_quota_t; /*%< Quota */ -typedef struct isc_ratelimiter isc_ratelimiter_t; /*%< Rate Limiter */ -typedef struct isc_region isc_region_t; /*%< Region */ -typedef uint64_t isc_resourcevalue_t; /*%< Resource Value */ -typedef struct isc_signal isc_signal_t; /*%< Signal handler */ -typedef struct isc_sockaddr isc_sockaddr_t; /*%< Socket Address */ -typedef ISC_LIST(isc_sockaddr_t) isc_sockaddrlist_t; /*%< Socket Address List - * */ -typedef struct isc_stats isc_stats_t; /*%< Statistics */ +typedef struct isc_ratelimiter isc_ratelimiter_t; /*%< Rate Limiter */ +typedef struct isc_region isc_region_t; /*%< Region */ +typedef struct isc_signal isc_signal_t; /*%< Signal handler */ +typedef struct isc_sockaddr isc_sockaddr_t; /*%< Socket Address */ +typedef ISC_LIST(isc_sockaddr_t) isc_sockaddrlist_t; /*%< Socket Address List + * */ +typedef struct isc_stats isc_stats_t; /*%< Statistics */ typedef int_fast64_t isc_statscounter_t; typedef struct isc_symtab isc_symtab_t; /*%< Symbol Table */ typedef struct isc_task isc_task_t; /*%< Task */ @@ -96,19 +95,6 @@ typedef struct isc_nm_http_endpoints isc_nm_http_endpoints_t; typedef void (*isc_taskaction_t)(isc_task_t *, isc_event_t *); -/*% Resource */ -typedef enum { - isc_resource_coresize = 1, - isc_resource_cputime, - isc_resource_datasize, - isc_resource_filesize, - isc_resource_lockedmemory, - isc_resource_openfiles, - isc_resource_processes, - isc_resource_residentsize, - isc_resource_stacksize -} isc_resource_t; - /*% Statistics formats (text file or XML) */ typedef enum { isc_statsformat_file, diff --git a/lib/isc/resource.c b/lib/isc/resource.c deleted file mode 100644 index f6965755db..0000000000 --- a/lib/isc/resource.c +++ /dev/null @@ -1,208 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * SPDX-License-Identifier: MPL-2.0 - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -#include -#include -#include -#include /* Required on some systems for . */ -#include - -#include -#include -#include - -#ifdef __linux__ -#include /* To get the large NR_OPEN. */ -#endif /* ifdef __linux__ */ - -#include "errno2result.h" - -static isc_result_t -resource2rlim(isc_resource_t resource, int *rlim_resource) { - isc_result_t result = ISC_R_SUCCESS; - - switch (resource) { - case isc_resource_coresize: - *rlim_resource = RLIMIT_CORE; - break; - case isc_resource_cputime: - *rlim_resource = RLIMIT_CPU; - break; - case isc_resource_datasize: - *rlim_resource = RLIMIT_DATA; - break; - case isc_resource_filesize: - *rlim_resource = RLIMIT_FSIZE; - break; - case isc_resource_lockedmemory: -#ifdef RLIMIT_MEMLOCK - *rlim_resource = RLIMIT_MEMLOCK; -#else /* ifdef RLIMIT_MEMLOCK */ - result = ISC_R_NOTIMPLEMENTED; -#endif /* ifdef RLIMIT_MEMLOCK */ - break; - case isc_resource_openfiles: -#ifdef RLIMIT_NOFILE - *rlim_resource = RLIMIT_NOFILE; -#else /* ifdef RLIMIT_NOFILE */ - result = ISC_R_NOTIMPLEMENTED; -#endif /* ifdef RLIMIT_NOFILE */ - break; - case isc_resource_processes: -#ifdef RLIMIT_NPROC - *rlim_resource = RLIMIT_NPROC; -#else /* ifdef RLIMIT_NPROC */ - result = ISC_R_NOTIMPLEMENTED; -#endif /* ifdef RLIMIT_NPROC */ - break; - case isc_resource_residentsize: -#ifdef RLIMIT_RSS - *rlim_resource = RLIMIT_RSS; -#else /* ifdef RLIMIT_RSS */ - result = ISC_R_NOTIMPLEMENTED; -#endif /* ifdef RLIMIT_RSS */ - break; - case isc_resource_stacksize: - *rlim_resource = RLIMIT_STACK; - break; - default: - /* - * This test is not very robust if isc_resource_t - * changes, but generates a clear assertion message. - */ - REQUIRE(resource >= isc_resource_coresize && - resource <= isc_resource_stacksize); - - result = ISC_R_RANGE; - break; - } - - return (result); -} - -isc_result_t -isc_resource_setlimit(isc_resource_t resource, isc_resourcevalue_t value) { - struct rlimit rl; - rlim_t rlim_value; - int unixresult; - int unixresource; - isc_result_t result; - - result = resource2rlim(resource, &unixresource); - if (result != ISC_R_SUCCESS) { - return (result); - } - - if (value == ISC_RESOURCE_UNLIMITED) { - rlim_value = RLIM_INFINITY; - } else { - /* - * Carefully ensure the range of rlim_t is not overflowed, by - * calculating how many bytes wider is isc_resourcevalue_t than - * rlim_t, and whether rlim_t has a sign bit. - */ - isc_resourcevalue_t rlim_max = UINT64_MAX; - size_t wider = sizeof(rlim_max) - sizeof(rlim_t); - size_t sign_bit = (size_t)(0.0 > (double)(rlim_t)-1); - - rlim_max >>= CHAR_BIT * wider + sign_bit; - rlim_value = ISC_MIN(value, rlim_max); - } - - rl.rlim_cur = rl.rlim_max = rlim_value; - unixresult = setrlimit(unixresource, &rl); - - if (unixresult == 0) { - return (ISC_R_SUCCESS); - } - -#if defined(OPEN_MAX) && defined(__APPLE__) - /* - * The Darwin kernel doesn't accept RLIM_INFINITY for rlim_cur; the - * maximum possible value is OPEN_MAX. BIND8 used to use - * sysconf(_SC_OPEN_MAX) for such a case, but this value is much - * smaller than OPEN_MAX and is not really effective. - */ - if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) { - rl.rlim_cur = OPEN_MAX; - unixresult = setrlimit(unixresource, &rl); - if (unixresult == 0) { - return (ISC_R_SUCCESS); - } - } -#elif defined(__linux__) -#ifndef NR_OPEN -#define NR_OPEN (1024 * 1024) -#endif /* ifndef NR_OPEN */ - - /* - * Some Linux kernels don't accept RLIM_INFINIT; the maximum - * possible value is the NR_OPEN defined in linux/fs.h. - */ - if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) { - rl.rlim_cur = rl.rlim_max = NR_OPEN; - unixresult = setrlimit(unixresource, &rl); - if (unixresult == 0) { - return (ISC_R_SUCCESS); - } - } -#endif /* if defined(OPEN_MAX) && defined(__APPLE__) */ - if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) { - if (getrlimit(unixresource, &rl) == 0) { - rl.rlim_cur = rl.rlim_max; - unixresult = setrlimit(unixresource, &rl); - if (unixresult == 0) { - return (ISC_R_SUCCESS); - } - } - } - return (isc__errno2result(errno)); -} - -isc_result_t -isc_resource_getlimit(isc_resource_t resource, isc_resourcevalue_t *value) { - int unixresource; - struct rlimit rl; - isc_result_t result; - - result = resource2rlim(resource, &unixresource); - if (result != ISC_R_SUCCESS) { - return (result); - } - - if (getrlimit(unixresource, &rl) != 0) { - return (isc__errno2result(errno)); - } - - *value = rl.rlim_max; - return (ISC_R_SUCCESS); -} - -isc_result_t -isc_resource_getcurlimit(isc_resource_t resource, isc_resourcevalue_t *value) { - int unixresource; - struct rlimit rl; - isc_result_t result; - - result = resource2rlim(resource, &unixresource); - if (result != ISC_R_SUCCESS) { - return (result); - } - - if (getrlimit(unixresource, &rl) != 0) { - return (isc__errno2result(errno)); - } - - *value = rl.rlim_cur; - return (ISC_R_SUCCESS); -} diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 9543c1a02e..0ea0cf151f 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -2651,7 +2651,7 @@ cfg_type_t cfg_type_addzoneconf = { "addzoneconf", cfg_parse_mapbody, &cfg_rep_map, addzoneconf_clausesets }; static isc_result_t -parse_unitstring(char *str, isc_resourcevalue_t *valuep) { +parse_unitstring(char *str, uint64_t *valuep) { char *endp; unsigned int len; uint64_t value; diff --git a/tests/libtest/ns.c b/tests/libtest/ns.c index 3c813fc6ba..079d80b8d7 100644 --- a/tests/libtest/ns.c +++ b/tests/libtest/ns.c @@ -30,7 +30,6 @@ #include #include #include -#include #include #include #include From 01c58e6d4065f33af8dc3045d095479f1c59ef9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Sun, 13 Nov 2022 11:21:45 +0100 Subject: [PATCH 3/3] Add CHANGES and release note for [GL #3676] --- CHANGES | 4 ++++ doc/notes/notes-current.rst | 9 +++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 4b76081077..0517c46551 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +6041. [func] Set the RLIMIT_NOFILE to rlim_max returned from + getrlimit() instead of trying to guess the maximum + allowed value. [GL #3676] + 6040. [bug] Speed up the named shutdown time by explicitly canceling all recursing ns_client objects for each ns_clientmgr. [GL #3183] diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index e122ba5ff1..8081eb498b 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -40,14 +40,15 @@ Feature Changes - The option :any:`auto-dnssec` is deprecated and will be removed in 9.19. Please migrate to :any:`dnssec-policy`. :gl:`#3667` -- Deprecate setting the operating system limit (``coresize``, ``datasize``, +- Remove setting the operating system limit (``coresize``, ``datasize``, ``files`` and ``stacksize``) from ``named.conf``. These options should be set from the operating system (``ulimit``) or from the process supervisor (e.g. ``systemd``). :gl:`#3676` -- Deprecate setting alternate local addresses for inbound zone transfers - (:any:`alt-transfer-source`, :any:`alt-transfer-source-v6`, - :any:`use-alt-transfer-source`). :gl:`#3694` +- On startup, ``named`` will set the current number of open files to maximum + allowed by the operating system instead of trying to set it to unlimited + which worked only very briefly on Linux 2.6.28 (and was causing performance + problems and thus the change was reverted in the kernel). :gl:`#3676` Bug Fixes ~~~~~~~~~