Skip to content

Lock key files race condition can lead to deadlock

Besides the issue with in-view and key file locking that leads to a deadlock at startup (#2783 (closed)) there is another possible deadlock scenario, although it is triggered less likely.

When BIND 9 is using dnssec-policy and views, a thread needs to hold a set of locks in order to do safe key file I/O operations. named will walk all the views the zone is in and obtain a mutex lock attached to that zone.

It is possible that one thread is working on a zone in one view, and another thread is working on the same zone in a different view. To do safe key file I/O operations, a thread needs to hold all zone locks, but if both threads already holds one lock, they will wait indefinitely on each other until the other mutex becomes unlocked.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information