[ovs-dev] [patch v2 1/2] conntrack: Fix nat_clean.
Zang MingJie
zealot0630 at gmail.com
Thu Aug 30 08:13:36 UTC 2018
I don't think the patch will resolve the problem. Once ctb->lock is
released, other thread may have chance to acquire the lock and modify
ctb. In general, ctb->lock can not be released in this function,
another approach is needed.
On Wed, Aug 29, 2018 at 3:31 PM Darrell Ball <dlu998 at gmail.com> wrote:
>
> nat_clean has a defunct optimization for calculating a hash outside the
> scope of a bucket lock which can lead to a race in referencing a freed
> conntrack entry. Adjust to avoid this. Needs backporting to 2.8.
>
> Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-August/351629.html
> Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
> Signed-off-by: Darrell Ball <dlu998 at gmail.com>
> ---
> lib/conntrack.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/lib/conntrack.c b/lib/conntrack.c
> index be8debb..692f2b8 100644
> --- a/lib/conntrack.c
> +++ b/lib/conntrack.c
> @@ -778,20 +778,22 @@ nat_clean(struct conntrack *ct, struct conn *conn,
> {
> ct_rwlock_wrlock(&ct->resources_lock);
> nat_conn_keys_remove(&ct->nat_conn_keys, &conn->rev_key, ct->hash_basis);
> - ct_rwlock_unlock(&ct->resources_lock);
> - ct_lock_unlock(&ctb->lock);
> unsigned bucket_rev_conn =
> hash_to_bucket(conn_key_hash(&conn->rev_key, ct->hash_basis));
> + struct conn_key rev_key = conn->rev_key;
> + ct_rwlock_unlock(&ct->resources_lock);
> + ct_lock_unlock(&ctb->lock);
> +
> ct_lock_lock(&ct->buckets[bucket_rev_conn].lock);
> ct_rwlock_wrlock(&ct->resources_lock);
> long long now = time_msec();
> - struct conn *rev_conn = conn_lookup(ct, &conn->rev_key, now);
> + struct conn *rev_conn = conn_lookup(ct, &rev_key, now);
> struct nat_conn_key_node *nat_conn_key_node =
> - nat_conn_keys_lookup(&ct->nat_conn_keys, &conn->rev_key,
> + nat_conn_keys_lookup(&ct->nat_conn_keys, &rev_key,
> ct->hash_basis);
>
> - /* In the unlikely event, rev conn was recreated, then skip
> - * rev_conn cleanup. */
> + /* In the unlikely event, 'rev_conn' was recreated, then skip
> + * 'rev_conn' cleanup. */
> if (rev_conn && (!nat_conn_key_node ||
> conn_key_cmp(&nat_conn_key_node->value,
> &rev_conn->rev_key))) {
> --
> 1.9.1
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
More information about the dev
mailing list