From owner-freebsd-net@freebsd.org Thu Jan 14 15:56:50 2021 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 158484E69C2 for ; Thu, 14 Jan 2021 15:56:50 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DGppT22dSz4Y0N for ; Thu, 14 Jan 2021 15:56:49 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-io1-xd35.google.com with SMTP id e22so12075121iom.5 for ; Thu, 14 Jan 2021 07:56:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=ODyFWcQAslmlOhizW7J0CVRE3igoXu3Id8YzybxqRAs=; b=jELDQM+ZLpzj0+ocIXdRJydpoLefjjx3IzVXPWgMwE7waZ+1W8KN3gmilla82zEcOR Ecgh9mP7uPWYO17I/IDRpdThgYIP3+BURHlJxy2AlBRau5WzHLL/uxzk2Vb3EeU2tHzT szuZ6GnZ01Y3LFYhoDafmOARCGN2+K+MGWndvsaI8yg5rTOMsvWav4q/RRInaM4vwPUj aq1AJQ7Knoy3cFOiYKCYHybjVYwSxkpia6mI1Deiko6pUVSd4SeocDoWIDySvnt1cr9n 9X0xa+t3DLqGmHKWQsjEFh74kW8H/xYpK+Ai0SxMvHJaye/6waoEwnTm2ImJfN0mlwAy XRtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition :content-transfer-encoding:in-reply-to; bh=ODyFWcQAslmlOhizW7J0CVRE3igoXu3Id8YzybxqRAs=; b=b2aSlYGyHhzs22oou+led0vRYuFqfjCXKJFEIhTIkWF65+TxEFw8Txz5b8iagoYvjh F/B2HyOX5P3gWHrFZSzDkpjFPMnvzpR5SjeMpNt2nrbQ1YfWIvPsAPQ/zj20X7O6Vzna Qe9QQZSf/7/qMYtTpyJ05jEtfQqAbsupKkiac9A/roQTIgSoaxTZGvIHL+OHdZv6+5h1 /JvaOF5ga/3/GwLHdmLFAZVXyKLjzZ6Kx6TkQCkTWEfeHgcBabNLksgRAusGeJztuKxa e7SCn6B4tWXK1XO5AAOCp8KYnokmXGmlKvBuP7eYbIrqo8LXnKOi3qZWidi1qnwpRwJJ IY3A== X-Gm-Message-State: AOAM530mRaBIvvagKppQG42VQnqqps6dm9k3soaGdecSeFmhQWtz87FC x6RcQVN85Su8S8gBL1cv8/M= X-Google-Smtp-Source: ABdhPJwf9WlaGj9JjnTgW2rPedCNuSujTOtBa/vhrVNSiwnu7fodhKjn7L7E/uO+gsiGRZZtJwYUcQ== X-Received: by 2002:a05:6638:d8a:: with SMTP id l10mr1296575jaj.2.1610639807785; Thu, 14 Jan 2021 07:56:47 -0800 (PST) Received: from raichu ([142.126.164.150]) by smtp.gmail.com with ESMTPSA id w4sm344549iop.28.2021.01.14.07.56.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Jan 2021 07:56:46 -0800 (PST) Sender: Mark Johnston Date: Thu, 14 Jan 2021 10:56:45 -0500 From: Mark Johnston To: Vasily Postnicov Cc: freebsd-net@freebsd.org Subject: Re: DNS using Name Service Switch module and Casper Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspamd-Queue-Id: 4DGppT22dSz4Y0N X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=jELDQM+Z; dmarc=none; spf=pass (mx1.freebsd.org: domain of markjdb@gmail.com designates 2607:f8b0:4864:20::d35 as permitted sender) smtp.mailfrom=markjdb@gmail.com X-Spamd-Result: default: False [-0.70 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FREEMAIL_TO(0.00)[gmail.com]; FORGED_SENDER(0.30)[markj@freebsd.org,markjdb@gmail.com]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[markj@freebsd.org,markjdb@gmail.com]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::d35:from]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; DMARC_NA(0.00)[freebsd.org]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::d35:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::d35:from]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-net] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2021 15:56:50 -0000 On Sun, Jan 10, 2021 at 04:32:13PM +0300, Vasily Postnicov wrote: > This is as minimal as I can get. If I knew where to find, what to fix, I > would never waste my time seeking for help on mailing lists. > > Just put FreeBSD in that damn bhyve and play with it, get your hands dirty, > you are the developer after all, not me! Your knowledge of FreeBSD is > supposedly much greater that mine. > > For me acceptable solutions are: > 1) Remove unsandboxed call to getaddrinfo() from ping. > 2) Do not compile with that casper crap which gives false sense of security > or whatsoever. > > I just wanted to help you find a bug where fork() hangs for no reason. So I > provided you with all I can get from this situation. Just 20 lines of code > to reproduce the bug. And you tell me this is not what you want. So what do > you want? A patch that fixes your problem? > > Sorry for harsh words in your address. But in such situations I question > myself should I really report anything and ask anything in FreeBSD > community. > > Btw, if you are still interested, I think I can provide you with the whole > bhyve image in which you can reproduce the bug. It contains modified > /etc/nsswitch.conf if you cannot change it yourself. Just to follow up, we got a simpler repro based on the one you provided. A few bugs were found and fixed as a result: https://cgit.freebsd.org/src/commit/?id=21f749da82e755aafab127618affeffb86cff9a5 https://cgit.freebsd.org/src/commit/?id=513320c0f1122f096468c0b01623ba7c7e77cbe2 https://cgit.freebsd.org/src/commit/?id=85d028223bc2768651f4d44881644ceb5dc2a664 https://cgit.freebsd.org/src/commit/?id=57f22c828ec01e0d92bc8858f61df06b4d81ea5c > сб, 9 янв. 2021 г., 21:47 Konstantin Belousov : > > > On Sat, Jan 09, 2021 at 08:25:46PM +0300, Vasily Postnicov wrote: > > > Brilliant! It took me almost a day to dive into ZeroMQ to reassure > > > myself that there is nothing wrong with it. When I tried to write > > > minimal test programs which call fork after pthread_create() in all > > > combinations. When I realized that NSS stub module is what I need. > > > > > > Instructions: > > > > > > 1) Compile NSS stub module: cc -shared -fPIC -pthread -o > > > nss_zerodns.so.1 test.c (Note '.1' at the end). > > > 2) Copy nss_zerodns.so.1 to /usr/local/lib > > > 3) Apply the patch src_sbin_ping_main.c to ping source code. With this > > > patch ping will not quit too early when the initial call to > > > getaddrinfo() fails. > > > 4) Add stub module to /etc/nsswitch.conf: edit 'hosts' line to be > > > 'hosts: files dns zerodns' > > > 5) Ping non-existent host, like 'ping foo.bar' > > > 6) Ping will hang. The child process which it creates cannot be killed > > > even with killall -9 ping > > > > This is exactly what I do not want. Provide a standalone binary (or > > binaries) that can be just run and demonstrate the issue. Without > > editing nsswitch.conf or patching ping. > >