[ovs-dev] [PATCH 2/2] dpif-netdev: Get rid of broken dpif pointer in dp_netdev structure.

Ilya Maximets i.maximets at ovn.org
Wed Jan 8 15:28:08 UTC 2020


On 07.01.2020 20:19, Ben Pfaff wrote:
> On Sun, Dec 08, 2019 at 08:33:46PM +0100, Ilya Maximets wrote:
>> This pointer was introduced in July 2014 by commit
>> 6b31e07347ad ("dpif-netdev: Polling threads directly call ofproto upcall functions.")
>> and it was broken right from this point because dpif_netdev_open()
>> updates it on each call with the pointer to a newly allocated
>> 'dpif' structure that becomes invalid on the next dpif_netdev_close().
>> Since dpif_open/close() always happens asynchronously from different
>> threads and pointer is not protected by rcu or mutex (it's not even
>> atomic) it's not possible to safely use it.  Thankfully the actual
>> usage was in repository for less than 3 weeks and was removed by
>> commit 623540e4617e ("dpif-netdev: Streamline miss handling.").  Until
>> recently this pointer was used in order to pass it to dpif_flow_hash().
>> Another luck is that dpif_flow_hash() didn't use the 'dpif' argument.
>>
>> However, we tried to use it while netdev offloading by commit
>> 30115809da2e ("dpif-netdev: Use netdev-offload API for port lookup while offloading.")
>> and that unveiled the issue.
>>
>> Now that all the code that used this pointer was cleaned up we can
>> just remove it from the structure to avoid possible misuse in the
>> future.
>>
>> Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
> 
> Good fix.  Thanks.
> 
> Acked-by: Ben Pfaff <blp at ovn.org>
> 

Thanks!  I applied both patches to master.

Best regards, Ilya Maximets.


More information about the dev mailing list