Merge pull request #1738 from safing/fix/core-deadlocks

Fix deadlocks and process username issue
2025-04-23 12:29:10 +00:00 · 2024-11-12 15:27:13 +01:00 · 2024-11-12 15:27:13 +01:00 · ee58324aee
commit ee58324aee
parent af3bb804bf f4b96e1ce7
4 changed files with 14 additions and 7 deletions
--- a/service/compat/callbacks.go
+++ b/service/compat/callbacks.go
@ -3,6 +3,7 @@ package compat
 import (
 	"net"

+	"github.com/safing/portmaster/service/mgr"
 	"github.com/safing/portmaster/service/network/packet"
 	"github.com/safing/portmaster/service/process"
 )
@ -31,10 +32,16 @@ func SubmitDNSCheckDomain(subdomain string) (respondWith net.IP) {

 // ReportSecureDNSBypassIssue reports a DNS bypassing issue for the given process.
 func ReportSecureDNSBypassIssue(p *process.Process) {
-	secureDNSBypassIssue.notify(p)
+	module.mgr.Go("report secure dns bypass issue", func(w *mgr.WorkerCtx) error {
+		secureDNSBypassIssue.notify(p)
+		return nil
+	})
 }

 // ReportMultiPeerUDPTunnelIssue reports a multi-peer UDP tunnel for the given process.
 func ReportMultiPeerUDPTunnelIssue(p *process.Process) {
-	multiPeerUDPTunnelIssue.notify(p)
+	module.mgr.Go("report multi-peer udp tunnel issue", func(w *mgr.WorkerCtx) error {
+		multiPeerUDPTunnelIssue.notify(p)
+		return nil
+	})
 }
--- a/service/firewall/dns.go
+++ b/service/firewall/dns.go
@ -302,11 +302,11 @@ func UpdateIPsAndCNAMEs(q *resolver.Query, rrCache *resolver.RRCache, conn *netw
 			Expires:           rrCache.Expires,
 		}

-		// Resolve all CNAMEs in the correct order and add the to the record.
+		// Resolve all CNAMEs in the correct order and add the to the record - up to max 50 layers.
 		domain := q.FQDN
-		for {
+		for range 50 {
 			nextDomain, isCNAME := cnames[domain]
-			if !isCNAME {
+			if !isCNAME || nextDomain == domain {
 				break
 			}

--- a/service/nameserver/nameserver.go
+++ b/service/nameserver/nameserver.go
@ -224,8 +224,8 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg)
 			}

 			// Save the request as open, as we don't know if there will be a connection or not.
-			network.SaveOpenDNSRequest(q, rrCache, conn)
 			firewall.UpdateIPsAndCNAMEs(q, rrCache, conn)
+			network.SaveOpenDNSRequest(q, rrCache, conn)

 		case network.VerdictUndeterminable:
 			fallthrough
--- a/service/process/process.go
+++ b/service/process/process.go
@ -256,7 +256,7 @@ func loadProcess(ctx context.Context, key string, pInfo *processInfo.Process) (*
 	// Username
 	process.UserName, err = pInfo.UsernameWithContext(ctx)
 	if err != nil {
-		return nil, fmt.Errorf("process: failed to get Username for p%d: %w", pInfo.Pid, err)
+		log.Tracer(ctx).Warningf("process: failed to get username (PID %d): %s", pInfo.Pid, err)
 	}

 	// TODO: User Home