Ubuntu
bind9 package

Merge ~paelzer/ubuntu/+source/bind9:bug-1833400-race-on-shutdown into ubuntu/+source/bind9:ubuntu/xenial-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/bind9
  3. bug-1833400-race-on-shutdown
  4. Merge into ubuntu/xenial-devel
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: 3e06372c267368be1b9d74add302d2925367c62c
Merged at revision: 3e06372c267368be1b9d74add302d2925367c62c
Proposed branch: ~paelzer/ubuntu/+source/bind9:bug-1833400-race-on-shutdown
Merge into: ubuntu/+source/bind9:ubuntu/xenial-devel
Diff against target: 166 lines (+132/-0)
5 files modified
debian/changelog (+8/-0)
debian/patches/fix-shutdown-race.diff (+41/-0)
debian/patches/series (+3/-0)
debian/patches/ubuntu/lp-1833400-master-Remove-REQUIRE-preventing-change-4592-from-wo.patch (+33/-0)
debian/patches/ubuntu/lp-1833400-master-fix-dispatch.c-shutdown-race.patch (+47/-0)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Canonical Server Pending
git-ubuntu developers Pending
Review via email: mp+370942@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~paelzer/+archive/ubuntu/bug-1833400-bind-crash

We still miss the repro steps since the upstream bug is inaccessible and the reporters didn't mention yet. So far this is therefore a low prio review, mostly meant that the changes are readily available if anyone wants to continue on this.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Never the less it can be reviewed for silly errors on my side, so why not opening it up for review ...

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I pinged upstream in the commits asking for the report to be made public

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

I found their own backports of these patches in their v9_10 branch, if you rather have those:

https://gitlab.isc.org/isc-projects/bind9/commit/dadca599daec203a24dd6beee0590c038f9301c3

and

https://gitlab.isc.org/isc-projects/bind9/commit/70590c691b410303ac44f879e0a3b2b58711a3de

I assume you didn't want to point at the upstream bug in the DEP3 headers because it's not public?

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thank you Andreas,
as you know they made the bug public now (thanks to your ping) so I can reference it now.
I changed the references to the 9_10 backport commits and added the upstream bug references.
Code-wise things stay the same on these compared to what I had (the backport I needed was for the "Changes" File not matching).

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

I'll upload this to unapproved after I added a SRU template

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Actually I'm holding back until we talked about adding a potential backport for bug 1797926 as well.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1 for including the fix for bug 1797926

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Added the fix for bug 1797926 here.
Also pushed the version with it to the PPA.

I'll open a new MP for the same towards Bionic.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

The Origin url's hash doesn't match the From one in the DEP3 headers anymore in d/p/ubuntu/*, if that's a concern.

Revision history for this message
Andreas Hasenack (ahasenack) :
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

No concern on the hash mismatch, but yes to marking as backport

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

tagged and uploaded

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 051027b..3e72fba 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
1bind9 (1:9.10.3.dfsg.P4-8ubuntu1.15) xenial; urgency=medium
2
3 * d/p/ubuntu//lp-1833400*: fix race on shutdown (LP: #1833400)
4 * d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
5 close to a query timeout (LP: #1797926)
6
7 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 05 Aug 2019 07:30:49 +0200
8
1bind9 (1:9.10.3.dfsg.P4-8ubuntu1.14) xenial-security; urgency=medium9bind9 (1:9.10.3.dfsg.P4-8ubuntu1.14) xenial-security; urgency=medium
210
3 * SECURITY UPDATE: limiting simultaneous TCP clients is ineffective11 * SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
diff --git a/debian/patches/fix-shutdown-race.diff b/debian/patches/fix-shutdown-race.diff
4new file mode 10064412new file mode 100644
index 0000000..ae72e03
--- /dev/null
+++ b/debian/patches/fix-shutdown-race.diff
@@ -0,0 +1,41 @@
1From f2ca287330110993609fa0443d3bdb17629bd979 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
3Date: Tue, 13 Nov 2018 13:50:47 +0100
4Subject: [PATCH 1/2] Fix a shutdown race in bin/dig/dighost.c
5
6If a tool using the routines defined in bin/dig/dighost.c is sent an
7interruption signal around the time a connection timeout is scheduled to
8fire, connect_timeout() may be executed after destroy_libs() detaches
9from the global task (setting 'global_task' to NULL), which results in a
10crash upon a UDP retry due to bringup_timer() attempting to create a
11timer with 'task' set to NULL. Fix by preventing connect_timeout() from
12attempting a retry when shutdown is in progress.
13
14(cherry picked from commit 462175659674a10c0d39c7c328f1a5324ce2e38b)
15
16Origin: backport, https://gitlab.isc.org/isc-projects/bind9/merge_requests/1040/diffs
17Bug: https://gitlab.isc.org/isc-projects/bind9/issues/599
18Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1797926
19Last-Update: 2018-12-06
20
21---
22 bin/dig/dighost.c | 5 +++++
23 1 file changed, 5 insertions(+)
24diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
25index 39abb9d0fd..17e0328228 100644
26--- a/bin/dig/dighost.c
27+++ b/bin/dig/dighost.c
28@@ -3240,6 +3240,11 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
29
30 INSIST(!free_now);
31
32+ if (cancel_now) {
33+ UNLOCK_LOOKUP;
34+ return;
35+ }
36+
37 if ((query != NULL) && (query->lookup->current_query != NULL) &&
38 (ISC_LIST_NEXT(query->lookup->current_query, link) != NULL)) {
39 debug("trying next server...");
40---
412.18.1
diff --git a/debian/patches/series b/debian/patches/series
index bdcff1c..ef34d45 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -31,3 +31,6 @@ CVE-2018-5745.patch
31CVE-2019-6465.patch31CVE-2019-6465.patch
32CVE-2018-5743.patch32CVE-2018-5743.patch
33CVE-2018-5743-atomic-fix.patch33CVE-2018-5743-atomic-fix.patch
34ubuntu/lp-1833400-master-fix-dispatch.c-shutdown-race.patch
35ubuntu/lp-1833400-master-Remove-REQUIRE-preventing-change-4592-from-wo.patch
36fix-shutdown-race.diff
diff --git a/debian/patches/ubuntu/lp-1833400-master-Remove-REQUIRE-preventing-change-4592-from-wo.patch b/debian/patches/ubuntu/lp-1833400-master-Remove-REQUIRE-preventing-change-4592-from-wo.patch
34new file mode 10064437new file mode 100644
index 0000000..a2f22b8
--- /dev/null
+++ b/debian/patches/ubuntu/lp-1833400-master-Remove-REQUIRE-preventing-change-4592-from-wo.patch
@@ -0,0 +1,33 @@
1From a94d68ce432b9e11c4ae91d48ee257b1675f86d7 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
3Date: Tue, 24 Oct 2017 21:02:05 +0200
4Subject: [PATCH] [master] Remove REQUIRE preventing change 4592 from working
5
6Change 4592 was supposed to replace a REQUIRE with a conditional return.
7While the latter was added, the former was not removed. Remove the
8relevant REQUIRE to fix RT #43822 for good.
9
10Origin: upstream, https://gitlab.isc.org/isc-projects/bind9/commit/dadca599daec203a24dd6beee0590c038f9301c3
11Bug-Ubuntu: https://bugs.launchpad.net/bugs/1833400
12Bug: https://bugs.isc.org/Public/Bug/Display.html?id=43822
13Last-Update: 2019-08-07
14
15---
16 lib/dns/dispatch.c | 1 -
17 1 file changed, 1 deletion(-)
18
19diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
20index 4f668a102d..607a730395 100644
21--- a/lib/dns/dispatch.c
22+++ b/lib/dns/dispatch.c
23@@ -3718,7 +3718,6 @@ dns_dispatch_importrecv(dns_dispatch_t *disp, isc_event_t *event) {
24 isc_socketevent_t *sevent, *newsevent;
25
26 REQUIRE(VALID_DISPATCH(disp));
27- REQUIRE((disp->attributes & DNS_DISPATCHATTR_NOLISTEN) != 0);
28 REQUIRE(event != NULL);
29
30 if ((disp->attributes & DNS_DISPATCHATTR_NOLISTEN) == 0)
31--
322.22.0
33
diff --git a/debian/patches/ubuntu/lp-1833400-master-fix-dispatch.c-shutdown-race.patch b/debian/patches/ubuntu/lp-1833400-master-fix-dispatch.c-shutdown-race.patch
0new file mode 10064434new file mode 100644
index 0000000..c009ca7
--- /dev/null
+++ b/debian/patches/ubuntu/lp-1833400-master-fix-dispatch.c-shutdown-race.patch
@@ -0,0 +1,47 @@
1From 019132b70c368bc9abca0034d07b324bb7cb6eb2 Mon Sep 17 00:00:00 2001
2From: Evan Hunt <each@isc.org>
3Date: Thu, 20 Apr 2017 17:41:37 -0700
4Subject: [PATCH] [master] fix dispatch.c shutdown race
5
64952. [bug] A race condition on shutdown could trigger an
7 assertion failure in dispatch.c. [RT #43822]
8
9Origin: backport, https://gitlab.isc.org/isc-projects/bind9/commit/70590c691b410303ac44f879e0a3b2b58711a3de
10Bug-Ubuntu: https://bugs.launchpad.net/bugs/1833400
11Bug: https://bugs.isc.org/Public/Bug/Display.html?id=43822
12Last-Update: 2019-08-07
13
14---
15 CHANGES | 3 +++
16 lib/dns/dispatch.c | 5 ++++-
17 lib/dns/include/dns/dispatch.h | 3 +++
18 3 files changed, 10 insertions(+), 1 deletion(-)
19
20--- a/lib/dns/dispatch.c
21+++ b/lib/dns/dispatch.c
22@@ -3691,9 +3691,12 @@ dns_dispatch_importrecv(dns_dispatch_t *
23 REQUIRE((disp->attributes & DNS_DISPATCHATTR_NOLISTEN) != 0);
24 REQUIRE(event != NULL);
25
26- sevent = (isc_socketevent_t *)event;
27+ if ((disp->attributes & DNS_DISPATCHATTR_NOLISTEN) == 0)
28+ return;
29
30+ sevent = (isc_socketevent_t *)event;
31 INSIST(sevent->n <= disp->mgr->buffersize);
32+
33 newsevent = (isc_socketevent_t *)
34 isc_event_allocate(disp->mgr->mctx, NULL,
35 DNS_EVENT_IMPORTRECVDONE, udp_shrecv,
36--- a/lib/dns/include/dns/dispatch.h
37+++ b/lib/dns/include/dns/dispatch.h
38@@ -524,6 +524,9 @@ dns_dispatch_importrecv(dns_dispatch_t *
39 * shared between dispatchers and clients. If the dispatcher fails to copy
40 * or send the event, nothing happens.
41 *
42+ * If the attribute DNS_DISPATCHATTR_NOLISTEN is not set, then
43+ * the dispatch is already handling a recv; return immediately.
44+ *
45 * Requires:
46 *\li disp is valid, and the attribute DNS_DISPATCHATTR_NOLISTEN is set.
47 * event != NULL

Subscribers

People subscribed via source and target branches