[ovs-dev] [patch v6 1/3] conntrack: Fix race for NAT cleanup.

Ben Pfaff blp at ovn.org
Fri Mar 15 22:56:41 UTC 2019


On Fri, Mar 15, 2019 at 03:01:18PM -0700, Darrell Ball wrote:
> Reference lists are not fully protected during cleanup of
> NAT connections where the bucket lock is transiently not held during
> list traversal.  This can lead to referencing freed memory during
> cleaning from multiple contexts.  Fix this by protecting with
> the existing 'cleanup' mutex in the missed cases where 'conn_clean()'
> is called.  'conntrack_flush()' is converted to expiry list traversal
> to support the proper bucket level protection with the 'cleanup' mutex.
> 
> The NAT exhaustion case cleanup in 'conn_not_found()' is also modified
> to avoid the same issue.
> 
> Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
> Reported-by: solomon <liwei.solomon at gmail.com>
> Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-March/357056.html
> Tested-by: solomon <liwei.solomon at gmail.com>
> Signed-off-by: Darrell Ball <dlu998 at gmail.com>
> ---
> 
> This patch is targeted for earlier releases as new RCU patches
> inherently don't have this race.
> 
> Backport to 2.8.

Thanks.  I applied this to master, branch-2.11, and branch-2.10.  2.9
and 2.8 had conflicts.


More information about the dev mailing list