[ovs-dev] [patch v6 1/3] conntrack: Fix race for NAT cleanup.

[Darrell Ball]

On Fri, Mar 15, 2019 at 3:56 PM Ben Pfaff <blp at ovn.org> wrote:

> On Fri, Mar 15, 2019 at 03:01:18PM -0700, Darrell Ball wrote:
> > Reference lists are not fully protected during cleanup of
> > NAT connections where the bucket lock is transiently not held during
> > list traversal.  This can lead to referencing freed memory during
> > cleaning from multiple contexts.  Fix this by protecting with
> > the existing 'cleanup' mutex in the missed cases where 'conn_clean()'
> > is called.  'conntrack_flush()' is converted to expiry list traversal
> > to support the proper bucket level protection with the 'cleanup' mutex.
> >
> > The NAT exhaustion case cleanup in 'conn_not_found()' is also modified
> > to avoid the same issue.
> >
> > Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
> > Reported-by: solomon <liwei.solomon at gmail.com>
> > Reported-at:
> https://mail.openvswitch.org/pipermail/ovs-dev/2019-March/357056.html
> > Tested-by: solomon <liwei.solomon at gmail.com>
> > Signed-off-by: Darrell Ball <dlu998 at gmail.com>
> > ---
> >
> > This patch is targeted for earlier releases as new RCU patches
> > inherently don't have this race.
> >
> > Backport to 2.8.
>
> Thanks.  I applied this to master, branch-2.11, and branch-2.10.  2.9
> and 2.8 had conflicts.
>

I will create the backport patches for 2.9 and 2.8.

Regarding branch 2.8 - it has diverged quite a bit in general from branch
>=2.9.
This is because of some small features/cosmetic changes that went into 2.9.
One option would be to bring 2.8 into sync with 2.9 in one patch.
Alternatively,
backport all dependencies  and fixes separately. Thoughts ?