[ovs-dev] [PATCH v2] datapath-windows: BSOD when disabling the extension
Sorin Vinturis
svinturis at cloudbasesolutions.com
Tue Jun 16 09:36:03 UTC 2015
Hi Eitan,
Please see below the stacktrace of the BSOD. The FilterDetach routine was called while the requests were being processed and the gOvsSwitchContext global pointer was set to NULL. In this case the gOvsSwitchContext was not released, but only the gOvsSwitchContextRefCount reference count was decreased.
-Sorin
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800023e685b, Address of the instruction which caused the bugcheck
Arg3: ffffd000236adad0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
"KERNEL32.DLL" was not found in the image list.
Debugger will attempt to load "KERNEL32.DLL" at given base 00000000`00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000`00000000
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
OVSExt!OvsNewVportCmdHandler+27b [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\vport.c @ 2136]
fffff800`023e685b 488b4870 mov rcx,qword ptr [rax+70h]
CONTEXT: ffffd000236adad0 -- (.cxr 0xffffd000236adad0;r)
rax=0000000000000000 rbx=ffffe000033517a0 rcx=ffffe000039688e4
rdx=ffffd000236ae584 rsi=ffffe00002d93c90 rdi=ffffe000033517a0
rip=fffff800023e685b rsp=ffffd000236ae500 rbp=ffffd000236aeb80
r8=0000000000000000 r9=fffff800023f0a50 r10=ffffd00020b02f80
r11=ffffd00020afec30 r12=0000000000000000 r13=0000000000000001
r14=ffffe000033518b8 r15=ffffe00002e53920
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
OVSExt!OvsNewVportCmdHandler+0x27b:
fffff800`023e685b 488b4870 mov rcx,qword ptr [rax+70h] ds:002b:00000000`00000070=????????????????
Last set context:
rax=0000000000000000 rbx=ffffe000033517a0 rcx=ffffe000039688e4
rdx=ffffd000236ae584 rsi=ffffe00002d93c90 rdi=ffffe000033517a0
rip=fffff800023e685b rsp=ffffd000236ae500 rbp=ffffd000236aeb80
r8=0000000000000000 r9=fffff800023f0a50 r10=ffffd00020b02f80
r11=ffffd00020afec30 r12=0000000000000000 r13=0000000000000001
r14=ffffe000033518b8 r15=ffffe00002e53920
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
OVSExt!OvsNewVportCmdHandler+0x27b:
fffff800`023e685b 488b4870 mov rcx,qword ptr [rax+70h] ds:002b:00000000`00000070=????????????????
Resetting default scope
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: ovs-vswitchd.e
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
LAST_CONTROL_TRANSFER: from fffff800023d67f6 to fffff800023e685b
STACK_TEXT:
ffffd000`236ae500 fffff800`023d67f6 : ffffd000`236ae7c0 ffffd000`236ae728 ffffe000`00000000 00000000`00000010 : OVSExt!OvsNewVportCmdHandler+0x27b [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\vport.c @ 2136]
ffffd000`236ae630 fffff800`023f6aff : ffffd000`236ae7c0 fffff800`023f2220 ffffd000`236ae728 ffffe000`039688c0 : OVSExt!InvokeNetlinkCmdHandler+0x106 [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\datapath.c @ 1003]
ffffd000`236ae6b0 fffff800`0073bc18 : ffffe000`02d93c90 ffffe000`033517a0 ffffe000`02e53920 ffffe000`033517a0 : OVSExt!OvsDeviceControl+0x98f [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\datapath.c @ 912]
ffffd000`236ae840 fffff803`8ce4f395 : ffffe000`033517a0 00000000`00000001 ffffe000`02e53920 00000000`0000000e : NDIS!ndisDummyIrpHandler+0x88
ffffd000`236ae870 fffff803`8ce4fd2a : e000032b`7f20ffbd 0000000c`001f0003 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x845
ffffd000`236aea20 fffff803`8cbe08b3 : 00000000`00000000 00000000`00000000 00000000`00000001 fffff803`00000000 : nt!NtDeviceIoControlFile+0x56
ffffd000`236aea90 00000000`77a22772 : 00000000`77a22371 00000023`77a6b63c 00000000`00000023 00000000`000000ff : nt!KiSystemServiceCopyEnd+0x13
00000000`00f1e8b8 00000000`77a22371 : 00000023`77a6b63c 00000000`00000023 00000000`000000ff 00000000`0101ffdc : wow64cpu!CpupSyscallStub+0x2
00000000`00f1e8c0 00000000`7797323a : 00000000`00000000 00000000`77a21503 00000000`00000000 00000000`77973420 : wow64cpu!DeviceIoctlFileFault+0x31
00000000`00f1e970 00000000`7797317e : 00000000`00000000 00000000`00000000 00000000`00f1fd30 00000000`00f1f2e0 : wow64!RunCpuSimulation+0xa
00000000`00f1e9c0 00007ffc`af9caa9b : 00000000`013700f0 00000000`00000000 00000000`00000010 00000000`7ef73000 : wow64!Wow64LdrpInitialize+0x172
00000000`00f1ef00 00007ffc`af9a97aa : 00007ffc`af900000 00000000`00000000 00000000`00000000 00000000`7ef73000 : ntdll!LdrpInitializeProcess+0x157b
00000000`00f1f220 00007ffc`af916aa6 : 00000000`00f1f2e0 00000000`00000000 00000000`00000000 00000000`7ef73000 : ntdll!_LdrpInitialize+0x92cb2
00000000`00f1f290 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe
FOLLOWUP_IP:
OVSExt!OvsNewVportCmdHandler+27b [c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\vport.c @ 2136]
fffff800`023e685b 488b4870 mov rcx,qword ptr [rax+70h]
FAULTING_SOURCE_LINE: c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\vport.c
FAULTING_SOURCE_FILE: c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\vport.c
FAULTING_SOURCE_LINE_NUMBER: 2136
FAULTING_SOURCE_CODE:
2132:
2133: /* we are expecting null terminated strings to be passed */
2134: ASSERT(portName[portNameLen - 1] == '\0');
2135:
> 2136: NdisAcquireRWLockWrite(gOvsSwitchContext->dispatchLock, &lockState, 0);
2137:
2138: vport = OvsFindVportByOvsName(gOvsSwitchContext, portName);
2139: if (vport) {
2140: nlError = NL_ERROR_EXIST;
2141: goto Cleanup;
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: OVSExt!OvsNewVportCmdHandler+27b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: OVSExt
IMAGE_NAME: OVSExt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 557fead2
STACK_COMMAND: .cxr 0xffffd000236adad0 ; kb
BUCKET_ID_FUNC_OFFSET: 27b
FAILURE_BUCKET_ID: 0x3B_OVSExt!OvsNewVportCmdHandler
BUCKET_ID: 0x3B_OVSExt!OvsNewVportCmdHandler
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_ovsext!ovsnewvportcmdhandler
FAILURE_ID_HASH: {ffc25ef0-a8ef-44c9-4906-c296ae6c7c4b}
Followup: MachineOwner
---------
1: kd> ??gOvsSwitchContext
struct _OVS_SWITCH_CONTEXT * 0x00000000`00000000
-----Original Message-----
From: Eitan Eliahu [mailto:eliahue at vmware.com]
Sent: Monday, 15 June, 2015 18:27
To: Sorin Vinturis; dev at openvswitch.org
Subject: RE: [ovs-dev] [PATCH v2] datapath-windows: BSOD when disabling the extension
Hi Sorin,
Can you please forward stack trace?
Thanks,
Eitan
-----Original Message-----
From: dev [mailto:dev-bounces at openvswitch.org] On Behalf Of Sorin Vinturis
Sent: Monday, June 15, 2015 7:49 AM
To: dev at openvswitch.org
Subject: [ovs-dev] [PATCH v2] datapath-windows: BSOD when disabling the extension
When the filter detach routine is called while there are packets still in processing, the OvsUninitSwitchContext function call will decrement the switch context reference count without releasing the switch context structure. This behaviour is correct and expected, but the BSOD is caused in this case because the gOvsSwitchContext variable is set to NULL, which is wrong.
The gOvsSwitchContext global variable must be set to NULL only when the switch context structure is actually released.
Signed-off-by: Sorin Vinturis <svinturis at cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis at cloudbasesolutions.com>
Reported-at: https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openvswitch_ovs-2Dissues_issues_80&d=BQIGaQ&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=CWsgHUxi6ExLXY798tmo3LJ4e3geGYp56lkcH-5cLCY&m=fxSjeLfMN40XNZsRUW1pOUC4BaXKLNmvM0IzVTxe32o&s=PNqZC6M2Nbl0WZJOWoEUmJTabsU0eJulnLzdB9mcYkk&e=
Acked-by: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
---
datapath-windows/ovsext/Switch.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/datapath-windows/ovsext/Switch.c b/datapath-windows/ovsext/Switch.c
index f877854..99a306d 100644
--- a/datapath-windows/ovsext/Switch.c
+++ b/datapath-windows/ovsext/Switch.c
@@ -201,6 +201,7 @@ OvsCreateSwitch(NDIS_HANDLE ndisFilterHandle,
status = OvsInitSwitchContext(switchContext);
if (status != NDIS_STATUS_SUCCESS) {
OvsFreeMemoryWithTag(switchContext, OVS_SWITCH_POOL_TAG);
+ switchContext = NULL;
goto create_switch_done;
}
@@ -240,7 +241,6 @@ OvsExtDetach(NDIS_HANDLE filterModuleContext)
}
OvsDeleteSwitch(switchContext);
OvsCleanupIpHelper();
- gOvsSwitchContext = NULL;
/* This completes the cleanup, and a new attach can be handled now. */
OVS_LOG_TRACE("Exit: OvsDetach Successfully"); @@ -495,6 +495,7 @@ OvsReleaseSwitchContext(POVS_SWITCH_CONTEXT switchContext)
if (ref == 1) {
OvsDeleteSwitchContext(switchContext);
+ gOvsSwitchContext = NULL;
}
}
--
1.9.0.msysgit.0
_______________________________________________
dev mailing list
dev at openvswitch.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__openvswitch.org_mailman_listinfo_dev&d=BQIGaQ&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=CWsgHUxi6ExLXY798tmo3LJ4e3geGYp56lkcH-5cLCY&m=fxSjeLfMN40XNZsRUW1pOUC4BaXKLNmvM0IzVTxe32o&s=OgmOQuSMC-PwPV_FBD6LjMrxl7Ze1VPrMIRnwXiXNVI&e=
More information about the dev
mailing list