[ovs-dev] [PATCH v1] datapath-windows: Do not send out nbls when cloned nbls are being accessed
Anand Kumar
kumaranand at vmware.com
Tue Apr 9 16:03:57 UTC 2019
As per MSDN documentation, "As soon as a filter driver calls the
NdisFSendNetBufferLists function, it relinquishes ownership of
the NET_BUFFER_LIST structures and all associated resources.
A filter driver should never try to examine the NET_BUFFER_LIST
structures or any associated data after calling NdisFSendNetBufferLists".
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/ndis/nf-ndis-ndisfsendnetbufferlists
When freeing up memory of a cloned nbl, parent's nbl and context
is being accessed, which is incorrect can cause BSOD.
With this patch, original nbl is sent out only when cloned nbl is done
with packet processing and its memory is freed.
Signed-off-by: Anand Kumar <kumaranand at vmware.com>
Change-Id: Ie662133a6fcd5a26ca3c87d31c9cee1fc56c2d27
---
datapath-windows/ovsext/BufferMgmt.c | 9 ++++++++-
datapath-windows/ovsext/BufferMgmt.h | 2 ++
datapath-windows/ovsext/PacketIO.c | 13 +++++++++++--
3 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/datapath-windows/ovsext/BufferMgmt.c b/datapath-windows/ovsext/BufferMgmt.c
index 47d872d..6627acf 100644
--- a/datapath-windows/ovsext/BufferMgmt.c
+++ b/datapath-windows/ovsext/BufferMgmt.c
@@ -81,6 +81,7 @@
#include "Flow.h"
#include "Offload.h"
#include "NetProto.h"
+#include "PacketIO.h"
#include "PacketParser.h"
#include "Switch.h"
#include "Vport.h"
@@ -267,6 +268,7 @@ OvsInitNBLContext(POVS_BUFFER_CONTEXT ctx,
ctx->srcPortNo = srcPortNo;
ctx->origDataLength = origDataLength;
ctx->mru = 0;
+ ctx->pendingSend = 0;
}
@@ -1746,8 +1748,13 @@ OvsCompleteNBL(PVOID switch_ctx,
if (parent != NULL) {
ctx = (POVS_BUFFER_CONTEXT)NET_BUFFER_LIST_CONTEXT_DATA_START(parent);
ASSERT(ctx && ctx->magic == OVS_CTX_MAGIC);
+ UINT16 pendingSend = 1, exchange = 0;
value = InterlockedDecrement((LONG volatile *)&ctx->refCount);
- if (value == 0) {
+ InterlockedCompareExchange16((SHORT volatile *)&pendingSend, exchange, (SHORT)ctx->pendingSend);
+ if (value == 1 && pendingSend == exchange) {
+ InterlockedExchange16((SHORT volatile *)&ctx->pendingSend, 0);
+ OvsSendNBLIngress(context, parent, ctx->sendFlags);
+ } else if (value == 0){
return OvsCompleteNBL(context, parent, FALSE);
}
}
diff --git a/datapath-windows/ovsext/BufferMgmt.h b/datapath-windows/ovsext/BufferMgmt.h
index 2a74988..2ae3272 100644
--- a/datapath-windows/ovsext/BufferMgmt.h
+++ b/datapath-windows/ovsext/BufferMgmt.h
@@ -55,7 +55,9 @@ typedef union _OVS_BUFFER_CONTEXT {
UINT32 origDataLength;
UINT32 dataOffsetDelta;
};
+ ULONG sendFlags;
UINT16 mru;
+ UINT16 pendingSend; /* Indicates packet can be sent or not. */
};
CHAR value[MEM_ALIGN_SIZE(sizeof(struct dummy))];
diff --git a/datapath-windows/ovsext/PacketIO.c b/datapath-windows/ovsext/PacketIO.c
index 57c583c..56876f2 100644
--- a/datapath-windows/ovsext/PacketIO.c
+++ b/datapath-windows/ovsext/PacketIO.c
@@ -161,8 +161,17 @@ OvsSendNBLIngress(POVS_SWITCH_CONTEXT switchContext,
ASSERT(switchContext->dataFlowState == OvsSwitchRunning);
- NdisFSendNetBufferLists(switchContext->NdisFilterHandle, netBufferLists,
- NDIS_DEFAULT_PORT_NUMBER, sendFlags);
+ POVS_BUFFER_CONTEXT ctx = (POVS_BUFFER_CONTEXT)NET_BUFFER_LIST_CONTEXT_DATA_START(netBufferLists);
+ LONG refCount = 1, exchange = 0;
+ InterlockedCompareExchange((LONG volatile *)&refCount, exchange, (LONG)ctx->refCount);
+ if (refCount != exchange) {
+ InterlockedExchange((LONG volatile *)&ctx->sendFlags, sendFlags);
+ InterlockedExchange16((SHORT volatile *)&ctx->pendingSend, 1);
+ } else {
+ InterlockedExchange16((SHORT volatile *)&ctx->pendingSend, 0);
+ NdisFSendNetBufferLists(switchContext->NdisFilterHandle, netBufferLists,
+ NDIS_DEFAULT_PORT_NUMBER, sendFlags);
+ }
}
static __inline VOID
--
2.9.3.windows.1
More information about the dev
mailing list