From fcc7a8c6ca94630c46c3540d156dfaca7b84e98d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= Date: Wed, 13 Feb 2019 11:10:31 +0100 Subject: [PATCH 1/2] Fix a race in fctx_cancelquery. When sending an udp query (resquery_send) we first issue an asynchronous isc_socket_connect and increment query->connects, then isc_socket_sendto2 and increment query->sends. If we happen to cancel this query (fctx_cancelquery) we need to cancel all operations we might have issued on this socket. If we are under very high load the callback from isc_socket_connect (resquery_udpconnected) might have not yet been fired. In this case we only cancel the CONNECT event on socket, and ignore the SEND that's waiting there (as there is an `else if`). Then we call dns_dispatch_removeresponse which kills the dispatcher socket and calls isc_socket_close - but if system is under very high load, the send we issued earlier might still not be complete - which triggers an assertion because we're trying to close a socket that's still in use. The fix is to always check if we have incomplete sends on the socket and cancel them if we do. (cherry picked from commit 56183a39173264854dbd3abe8d6b580a0058579e) --- lib/dns/resolver.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 03b8248fdd..2a6e69c5a6 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -1323,7 +1323,8 @@ fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp, isc_socket_cancel(sock, NULL, ISC_SOCKCANCEL_CONNECT); } - } else if (RESQUERY_SENDING(query)) { + } + if (RESQUERY_SENDING(query)) { /* * Cancel the pending send. */ From ec8621ae108645b958ab805d5830118479c733d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= Date: Tue, 12 Mar 2019 18:43:38 +0100 Subject: [PATCH 2/2] CHANGES (cherry picked from commit 50f605429468620894d497b42fbabcc9dc009d69) --- CHANGES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES b/CHANGES index dc78221b36..a56059ca87 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +5182. [bug] Fix a high-load race/crash in handling of + isc_socket_close() in resolver. [GL #834] + 5180. [bug] delv now honors the operating system's preferred ephemeral port range. [GL #925]