[ovs-dev] [patch v1 2/2] conntrack: Fix missed 'conn' lookup checks.

Darrell Ball dlu998 at gmail.com
Sat May 25 20:16:19 UTC 2019


Whenever a 'conn' entry is removed or added, we need to reverify it's
existence status under lock protection.  There were some cases that
were missed, so fix them.

Fixes: 967bb5c5cd90 ("conntrack: Add rcu support.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
---
 lib/conntrack.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index c57d9fd..e9d6720 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -956,7 +956,10 @@ conn_update_state(struct conntrack *ct, struct dp_packet *pkt,
             break;
         case CT_UPDATE_NEW:
             ovs_mutex_lock(&ct->ct_lock);
-            conn_clean(ct, conn);
+            uint32_t hash = conn_key_hash(&conn->key, ct->hash_basis);
+            if (conn_key_lookup(ct, &conn->key, hash, now, NULL, NULL)) {
+                conn_clean(ct, conn);
+            }
             ovs_mutex_unlock(&ct->ct_lock);
             create_new_conn = true;
             break;
@@ -1089,11 +1092,15 @@ process_one(struct conntrack *ct, struct dp_packet *pkt,
     bool create_new_conn = false;
     conn_key_lookup(ct, &ctx->key, ctx->hash, now, &ctx->conn, &ctx->reply);
     struct conn *conn = ctx->conn;
+    uint32_t hash;
 
     /* Delete found entry if in wrong direction. 'force' implies commit. */
     if (OVS_UNLIKELY(force && ctx->reply && conn)) {
         ovs_mutex_lock(&ct->ct_lock);
-        conn_clean(ct, conn);
+        hash = conn_key_hash(&conn->key, ct->hash_basis);
+        if (conn_key_lookup(ct, &conn->key, hash, now, NULL, NULL)) {
+            conn_clean(ct, conn);
+        }
         ovs_mutex_unlock(&ct->ct_lock);
         conn = NULL;
     }
@@ -1103,7 +1110,7 @@ process_one(struct conntrack *ct, struct dp_packet *pkt,
 
             ctx->reply = true;
             struct conn *rev_conn = conn;  /* Save for debugging. */
-            uint32_t hash = conn_key_hash(&conn->rev_key, ct->hash_basis);
+            hash = conn_key_hash(&conn->rev_key, ct->hash_basis);
             conn_key_lookup(ct, &ctx->key, hash, now, &conn, &ctx->reply);
 
             if (!conn) {
@@ -1158,8 +1165,11 @@ process_one(struct conntrack *ct, struct dp_packet *pkt,
         ovs_rwlock_unlock(&ct->resources_lock);
 
         ovs_mutex_lock(&ct->ct_lock);
-        conn = conn_not_found(ct, pkt, ctx, commit, now, nat_action_info,
-                              helper, alg_exp, ct_alg_ctl);
+        hash = conn_key_hash(&ctx->key, ct->hash_basis);
+        if (!conn_key_lookup(ct, &ctx->key, hash, now, NULL, NULL)) {
+            conn = conn_not_found(ct, pkt, ctx, commit, now, nat_action_info,
+                                  helper, alg_exp, ct_alg_ctl);
+        }
         ovs_mutex_unlock(&ct->ct_lock);
     }
 
-- 
1.9.1



More information about the dev mailing list