[ovs-dev] [PATCH] datapath-windows: Fix BSOD when uninstalling driver

Alin Serdean aserdean at cloudbasesolutions.com
Tue Nov 25 17:09:29 UTC 2014


Add an additional check to see if the flowTable is not NULL.

kd> k
Child-SP          RetAddr           Call Site
ffffd000`26166af8 fffff802`dde5e7c6 nt!DbgBreakPointWithStatus
ffffd000`26166b00 fffff802`dde5e0d7 nt!KiBugCheckDebugBreak+0x12
ffffd000`26166b60 fffff802`dddd51a4 nt!KeBugCheck2+0x8ab
ffffd000`26167270 fffff802`ddde0be9 nt!KeBugCheckEx+0x104
ffffd000`261672b0 fffff802`ddddf43a nt!KiBugCheckDispatch+0x69
ffffd000`261673f0 fffff800`024cb4d4 nt!KiPageFault+0x23a
ffffd000`26167580 fffff800`024cc3ef OVSExt!OvsDoDumpFlows+0xa0 [c:\work\ovs\datapath-windows\ovsext\flow.c @ 2015]
ffffd000`261675e0 fffff800`024d134c OVSExt!_FlowNlDumpCmdHandler+0x197 [c:\work\ovs\datapath-windows\ovsext\flow.c @ 590]
ffffd000`26167740 fffff800`024e128f OVSExt!InvokeNetlinkCmdHandler+0x6c [c:\work\ovs\datapath-windows\ovsext\datapath.c @ 952]
ffffd000`26167770 fffff800`0053bc18 OVSExt!OvsDeviceControl+0x263 [c:\work\ovs\datapath-windows\ovsext\datapath.c @ 862]
ffffd000`26167840 fffff802`de04f395 NDIS!ndisDummyIrpHandler+0x88
ffffd000`26167870 fffff802`de04fd2a nt!IopXxxControlFile+0x845
ffffd000`26167a20 fffff802`ddde08b3 nt!NtDeviceIoControlFile+0x56
ffffd000`26167a90 00000000`775a2772 nt!KiSystemServiceCopyEnd+0x13
00000000`009eee88 00000000`775a2371 wow64cpu!CpupSyscallStub+0x2
00000000`009eee90 00000000`775c323a wow64cpu!DeviceIoctlFileFault+0x31
00000000`009eef40 00000000`775c317e wow64!RunCpuSimulation+0xa
00000000`009eef90 00007ffb`c1ca6bd0 wow64!Wow64LdrpInitialize+0x172
00000000`009ef4d0 00007ffb`c1ca6aa6 ntdll!_LdrpInitialize+0xd8
00000000`009ef540 00000000`00000000 ntdll!LdrInitializeThunk+0xe
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff800024cb4d4, address which referenced memory

Debugging Details:
------------------


"KERNEL32.DLL" was not found in the image list.
Debugger will attempt to load "KERNEL32.DLL" at given base 00000000`00000000.

Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000`00000000

READ_ADDRESS:  0000000000000000

CURRENT_IRQL:  2

FAULTING_IP:
OVSExt!OvsDoDumpFlows+a0 [c:\work\ovs\datapath-windows\ovsext\flow.c @ 2015]
fffff800`024cb4d4 488b18          mov     rbx,qword ptr [rax]

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  AV

PROCESS_NAME:  ovs-vswitchd.e

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre

TRAP_FRAME:  ffffd000261673f0 -- (.trap 0xffffd000261673f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=ffffd000261675e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800024cb4d4 rsp=ffffd00026167580 rbp=0000000000000000
 r8=ffffd00026167601  r9=0000000000000000 r10=00000000c000000d
r11=ffffd000261677b0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
OVSExt!OvsDoDumpFlows+0xa0:
fffff800`024cb4d4 488b18          mov     rbx,qword ptr [rax] ds:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff802dde5e7c6 to fffff802ddddbc90

STACK_TEXT:
ffffd000`26166af8 fffff802`dde5e7c6 : 00000000`00000000 00000000`00000000 ffffd000`26166c60 fffff802`ddd83654 : nt!DbgBreakPointWithStatus
ffffd000`26166b00 fffff802`dde5e0d7 : 00000000`00000003 ffffd000`26166c60 fffff802`ddde3070 00000000`000000d1 : nt!KiBugCheckDebugBreak+0x12
ffffd000`26166b60 fffff802`dddd51a4 : 00000000`00000000 00000000`00000001 fffff6fb`00000000 ffffd000`26e00000 : nt!KeBugCheck2+0x8ab
ffffd000`26167270 fffff802`ddde0be9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx+0x104
ffffd000`261672b0 fffff802`ddddf43a : 00000000`00000000 00000000`00000000 ffffe000`03cdbf00 ffffd000`261673f0 : nt!KiBugCheckDispatch+0x69
ffffd000`261673f0 fffff800`024cb4d4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x23a
ffffd000`26167580 fffff800`024cc3ef : 00000000`00010300 00000000`00000000 00000000`00000002 ffffe000`03e35e90 : OVSExt!OvsDoDumpFlows+0xa0 [c:\work\ovs\datapath-windows\ovsext\flow.c @ 2015]
ffffd000`261675e0 fffff800`024d134c : ffffe000`00000001 ffffd000`261677a0 00000000`00000004 fffff680`00000010 : OVSExt!_FlowNlDumpCmdHandler+0x197 [c:\work\ovs\datapath-windows\ovsext\flow.c @ 590]
ffffd000`26167740 fffff800`024e128f : fffff800`024de2c0 00000000`00010000 00000000`00000000 fffff802`ddce5d64 : OVSExt!InvokeNetlinkCmdHandler+0x6c [c:\work\ovs\datapath-windows\ovsext\datapath.c @ 952]
ffffd000`26167770 fffff800`0053bc18 : ffffe000`020fa010 00000000`afc84402 ffffe000`020f43b0 ffffe000`020fa010 : OVSExt!OvsDeviceControl+0x263 [c:\work\ovs\datapath-windows\ovsext\datapath.c @ 862]
ffffd000`26167840 fffff802`de04f395 : ffffe000`020fa010 00000000`00000001 ffffe000`01851ac0 00000000`0000000e : NDIS!ndisDummyIrpHandler+0x88
ffffd000`26167870 fffff802`de04fd2a : ffffd000`26167a38 00000000`775a1f30 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x845
ffffd000`26167a20 fffff802`ddde08b3 : ffffe000`03c9c080 ffffd000`001f0003 00000000`009ee588 fffff802`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd000`26167a90 00000000`775a2772 : 00000000`775a2371 00000023`7763b66c 00000000`00000023 00000000`000000ff : nt!KiSystemServiceCopyEnd+0x13
00000000`009eee88 00000000`775a2371 : 00000023`7763b66c 00000000`00000023 00000000`000000ff 00000000`0112fd78 : wow64cpu!CpupSyscallStub+0x2
00000000`009eee90 00000000`775c323a : 00000000`00000000 00000000`775a1503 00000000`00000000 00000000`775c3420 : wow64cpu!DeviceIoctlFileFault+0x31
00000000`009eef40 00000000`775c317e : 00000000`00000000 00000000`00000000 00000000`009efd30 00000000`009ef590 : wow64!RunCpuSimulation+0xa
00000000`009eef90 00007ffb`c1ca6bd0 : 00000000`00000000 00000000`00000000 00000000`7e2d4000 00000000`00000000 : wow64!Wow64LdrpInitialize+0x172
00000000`009ef4d0 00007ffb`c1ca6aa6 : 00000000`009ef590 00000000`00000000 00000000`00000000 00000000`7e2d4000 : ntdll!_LdrpInitialize+0xd8
00000000`009ef540 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe


STACK_COMMAND:  kb

FOLLOWUP_IP:
OVSExt!OvsDoDumpFlows+a0 [c:\work\ovs\datapath-windows\ovsext\flow.c @ 2015]
fffff800`024cb4d4 488b18          mov     rbx,qword ptr [rax]

FAULTING_SOURCE_LINE:  c:\work\ovs\datapath-windows\ovsext\flow.c

FAULTING_SOURCE_FILE:  c:\work\ovs\datapath-windows\ovsext\flow.c

FAULTING_SOURCE_LINE_NUMBER:  2015

FAULTING_SOURCE_CODE:
  2011:     ASSERT(KeGetCurrentIrql() == DISPATCH_LEVEL);
  2012:     OvsAcquireDatapathRead(datapath, &dpLockState, TRUE);
  2013:
  2014:     head = &datapath->flowTable[rowIndex];
> 2015:     node = head->Flink;
  2016:
  2017:     while (column < columnIndex) {
  2018:         if (node == head) {
  2019:             break;
  2020:         }


SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  OVSExt!OvsDoDumpFlows+a0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: OVSExt

IMAGE_NAME:  OVSExt.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  54738f8a

BUCKET_ID_FUNC_OFFSET:  a0

FAILURE_BUCKET_ID:  AV_OVSExt!OvsDoDumpFlows

BUCKET_ID:  AV_OVSExt!OvsDoDumpFlows

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:av_ovsext!ovsdodumpflows

FAILURE_ID_HASH:  {c54c24d9-99fe-6cd5-9aec-e9bf0723059e}

Followup: MachineOwner
---------

kd> ??&gOvsSwitchContext->datapath
struct _OVS_DATAPATH * 0xffffe000`03e35f08
   +0x000 flowTable        : (null)
   +0x008 nFlows           : 0
   +0x010 hits             : 0x19bb3
   +0x018 misses           : 0xdb05
   +0x020 lost             : 0
   +0x028 lock             : 0xffffe000`018246d0 _NDIS_RW_LOCK_EX
---
 datapath-windows/ovsext/Flow.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/datapath-windows/ovsext/Flow.c b/datapath-windows/ovsext/Flow.c
index 1257377..5b1b183 100644
--- a/datapath-windows/ovsext/Flow.c
+++ b/datapath-windows/ovsext/Flow.c
@@ -2002,6 +2002,11 @@ OvsDoDumpFlows(OvsFlowDumpInput *dumpInput,
     ASSERT(KeGetCurrentIrql() == DISPATCH_LEVEL);
     OvsAcquireDatapathRead(datapath, &dpLockState, TRUE);
 
+    if (datapath->flowTable == NULL) {
+        status = STATUS_INVALID_PARAMETER;
+        goto dp_unlock;
+    }
+
     head = &datapath->flowTable[rowIndex];
     node = head->Flink;
 
-- 
1.9.4.msysgit.1



More information about the dev mailing list