[ovs-dev] [PATCH v3 1/5] ovs-rcu: fix rcu use-after-free issue
Linhaifeng
haifeng.lin at huawei.com
Tue Jun 2 09:25:25 UTC 2020
We should update rcu pointer first then use ovsrcu_postpone to free
otherwise maybe cause use-after-free.
e.g.,reader indicates momentary quiescent and access old pointer after
writer postpone free old pointer and before setting new pointer.
CC: Ben Pfaff <blp at nicira.com>
Fixes: 0f2ea84841e1 (\ovs-rcu: New library.\)
Acked-by: Yanqin Wei <Yanqin.Wei at arm.com>
Signed-off-by: Linhaifeng <haifeng.lin at huawei.com>
---
lib/ovs-rcu.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/ovs-rcu.h b/lib/ovs-rcu.h
index ecc4c9201..98c238aea 100644
--- a/lib/ovs-rcu.h
+++ b/lib/ovs-rcu.h
@@ -118,10 +118,10 @@
* void
* change_flow(struct flow *new_flow)
* {
+ * struct flow *old_flow = ovsrcu_get_protected(struct flow *, &flowp)
* ovs_mutex_lock(&mutex);
- * ovsrcu_postpone(free,
- * ovsrcu_get_protected(struct flow *, &flowp));
* ovsrcu_set(&flowp, new_flow);
+ * ovsrcu_postpone(free, old_flow);
* ovs_mutex_unlock(&mutex);
* }
*
--
2.21.0.windows.1
More information about the dev
mailing list