Skip to content

dns: refactor QueryWrap lifetime management#26253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
addaleax wants to merge 1 commit into from
Closed

dns: refactor QueryWrap lifetime management #26253

addaleax wants to merge 1 commit into from

Conversation

@addaleax
Copy link
Member

@addaleaxaddaleax commented Feb 21, 2019

  • Prefer RAII-style management over manual resource management.
  • Prefer env->SetImmediate() over a separate uv_async_t.
  • Perform ares_destroy() before possibly tearing down c-ares state.
  • Verify that the number of active queries is non-negative.
  • Let pending callbacks know when their underlying QueryWrap object
    has been destroyed.

The last item has been a real bug, in that when Workers shut down
during currently running DNS queries, they may run into use-after-free
situations because:

  1. Shutting the Worker down leads to the cleanup code deleting
    the QueryWrap objects first; then
  2. deleting the ChannelWrap object (as it has been created before
    the QueryWraps), whose destructor runs ares_destroy(), which
    in turn invokes all pending query callbacks with ARES_ECANCELLED,
  3. which lead to use-after-free, as the callback tried to access the
    deleted QueryWrap object.

The added test verifies that this is no longer an issue.

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

@addaleax
dns: refactor QueryWrap lifetime management
04c40b5
- Prefer RAII-style management over manual resource management. - Prefer `env->SetImmediate()` over a separate `uv_async_t`. - Perform `ares_destroy()` before possibly tearing down c-ares state. - Verify that the number of active queries is non-negative. - Let pending callbacks know when their underlying `QueryWrap` object has been destroyed. The last item has been a real bug, in that when Workers shut down during currently running DNS queries, they may run into use-after-free situations because: 1. Shutting the `Worker` down leads to the cleanup code deleting the `QueryWrap` objects first; then 2. deleting the `ChannelWrap` object (as it has been created before the `QueryWrap`s), whose destructor runs `ares_destroy()`, which in turn invokes all pending query callbacks with `ARES_ECANCELLED`, 3. which lead to use-after-free, as the callback tried to access the deleted `QueryWrap` object. The added test verifies that this is no longer an issue.
@addaleaxaddaleax added the dns Issues and PRs related to the dns subsystem. label Feb 21, 2019
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Feb 21, 2019

@addaleax build started: https://ci.nodejs.org/blue/organizations/jenkins/node-test-pull-request-lite-pipeline/detail/node-test-pull-request-lite-pipeline/2700/pipeline

@nodejs-github-botnodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. labels Feb 21, 2019
@addaleaxaddaleax added worker Issues and PRs related to Worker support. and removed cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. labels Feb 21, 2019
@addaleax
Copy link
MemberAuthor

addaleax commented Feb 28, 2019

Maybe one of @XadillaX@gireeshpunathil@joyeecheung@cjihrig could review this?

@addaleax
Copy link
MemberAuthor

addaleax commented Mar 1, 2019

CI: https://ci.nodejs.org/job/node-test-pull-request/21085/

@addaleaxaddaleax added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Mar 1, 2019
@addaleax
Copy link
MemberAuthor

addaleax commented Mar 1, 2019

Resume CI: https://ci.nodejs.org/job/node-test-pull-request/21104/

@addaleax
Copy link
MemberAuthor

addaleax commented Mar 1, 2019

Landed in 018e95a

@addaleaxaddaleax closed this Mar 1, 2019
@addaleaxaddaleax deleted the cares-terminate branch March 1, 2019 21:20
addaleax added a commit that referenced this pull request Mar 1, 2019
@addaleax
dns: refactor QueryWrap lifetime management
018e95a
- Prefer RAII-style management over manual resource management. - Prefer `env->SetImmediate()` over a separate `uv_async_t`. - Perform `ares_destroy()` before possibly tearing down c-ares state. - Verify that the number of active queries is non-negative. - Let pending callbacks know when their underlying `QueryWrap` object has been destroyed. The last item has been a real bug, in that when Workers shut down during currently running DNS queries, they may run into use-after-free situations because: 1. Shutting the `Worker` down leads to the cleanup code deleting the `QueryWrap` objects first; then 2. deleting the `ChannelWrap` object (as it has been created before the `QueryWrap`s), whose destructor runs `ares_destroy()`, which in turn invokes all pending query callbacks with `ARES_ECANCELLED`, 3. which lead to use-after-free, as the callback tried to access the deleted `QueryWrap` object. The added test verifies that this is no longer an issue. PR-URL: #26253 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]>
addaleax added a commit that referenced this pull request Mar 1, 2019
@addaleax
dns: refactor QueryWrap lifetime management
ea26ac0
- Prefer RAII-style management over manual resource management. - Prefer `env->SetImmediate()` over a separate `uv_async_t`. - Perform `ares_destroy()` before possibly tearing down c-ares state. - Verify that the number of active queries is non-negative. - Let pending callbacks know when their underlying `QueryWrap` object has been destroyed. The last item has been a real bug, in that when Workers shut down during currently running DNS queries, they may run into use-after-free situations because: 1. Shutting the `Worker` down leads to the cleanup code deleting the `QueryWrap` objects first; then 2. deleting the `ChannelWrap` object (as it has been created before the `QueryWrap`s), whose destructor runs `ares_destroy()`, which in turn invokes all pending query callbacks with `ARES_ECANCELLED`, 3. which lead to use-after-free, as the callback tried to access the deleted `QueryWrap` object. The added test verifies that this is no longer an issue. PR-URL: #26253 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]>
@BridgeARBridgeAR mentioned this pull request Mar 4, 2019
Merged
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnelljasnelljasnell approved these changes

@cjihrigcjihrigcjihrig approved these changes

Assignees

No one assigned

Labels

author readyPRs that have at least one approval, no pending requests for changes, and a CI started.c++Issues and PRs that require attention from people who are familiar with C++.dnsIssues and PRs related to the dns subsystem.workerIssues and PRs related to Worker support.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@addaleax@nodejs-github-bot@jasnell@cjihrig