[ovs-dev] [PATCH 2/2] dpif-netdev: Get rid of broken dpif pointer in dp_netdev structure.

Ben Pfaff blp at ovn.org
Tue Jan 7 19:19:11 UTC 2020


On Sun, Dec 08, 2019 at 08:33:46PM +0100, Ilya Maximets wrote:
> This pointer was introduced in July 2014 by commit
> 6b31e07347ad ("dpif-netdev: Polling threads directly call ofproto upcall functions.")
> and it was broken right from this point because dpif_netdev_open()
> updates it on each call with the pointer to a newly allocated
> 'dpif' structure that becomes invalid on the next dpif_netdev_close().
> Since dpif_open/close() always happens asynchronously from different
> threads and pointer is not protected by rcu or mutex (it's not even
> atomic) it's not possible to safely use it.  Thankfully the actual
> usage was in repository for less than 3 weeks and was removed by
> commit 623540e4617e ("dpif-netdev: Streamline miss handling.").  Until
> recently this pointer was used in order to pass it to dpif_flow_hash().
> Another luck is that dpif_flow_hash() didn't use the 'dpif' argument.
> 
> However, we tried to use it while netdev offloading by commit
> 30115809da2e ("dpif-netdev: Use netdev-offload API for port lookup while offloading.")
> and that unveiled the issue.
> 
> Now that all the code that used this pointer was cleaned up we can
> just remove it from the structure to avoid possible misuse in the
> future.
> 
> Signed-off-by: Ilya Maximets <i.maximets at ovn.org>

Good fix.  Thanks.

Acked-by: Ben Pfaff <blp at ovn.org>


More information about the dev mailing list