[ovs-dev] [bug14616 1/5] vlog: Avoid calling worker_request() reentrantly.

Ethan Jackson ethan at nicira.com
Fri Jan 11 04:22:46 UTC 2013


LGTM, thanks for the explanation.

Ethan

On Thu, Jan 10, 2013 at 8:00 PM, Ben Pfaff <blp at nicira.com> wrote:

> On Thu, Jan 10, 2013 at 05:29:19PM -0800, Ethan Jackson wrote:
> > Out of curiosity, what happened? A crash?
> >
> > Acked-by: Ethan Jackson <ethan at nicira.com>
>
> It's kind of interesting, so I revised the commit message to give some
> details:
>
> vlog: Avoid calling worker_request() reentrantly.
>
> The following call stack was possible:
>
>     vlog
>         -> worker_request()
>             -> poll_block()
>                 -> vlog
>                      -> worker_request()
>
> which caused problems because worker_request() is not reentrant.  In a
> little more detail, the second worker_request() shoves its RPC protocol
> data into the middle of the first.  This means that, first, you get
> some binary crud in the log (the header for the second RPC).  And,
> second, text from the first RPC log message gets treated by the worker
> as the subsequent RPC's header.  That, in turn, typically causes the
> worker to try to xmalloc() a huge number of bytes (0x20000000 or more,
> since "space" has ASCII value 0x20), which causes the worker to die
> with "virtual memory exhausted".  The main process then dies because
> the worker's death closes the socket it uses to communicate with it
> ("connection reset").
>
> Bug #14616.
> Signed-off-by: Ben Pfaff <blp at nicira.com>
> Acked-by: Ethan Jackson <ethan at nicira.com>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-dev/attachments/20130110/36c77bbe/attachment-0003.html>


More information about the dev mailing list