[ovs-dev] [PATCH v2] ovs rcu: update rcu pointer first
haifeng.lin at huawei.com
Wed Jun 3 01:22:52 UTC 2020
From: Ben Pfaff [mailto:blp at ovn.org]
Sent: Wednesday, June 3, 2020 1:28 AM
To: Linhaifeng <haifeng.lin at huawei.com>
Cc: Yanqin Wei <Yanqin.Wei at arm.com>; dev at openvswitch.org; nd <nd at arm.com>; Lilijun (Jerry) <jerry.lilijun at huawei.com>; chenchanghu <chenchanghu at huawei.com>; Lichunhe <lichunhe at huawei.com>
Subject: Re: [ovs-dev] [PATCH v2] ovs rcu: update rcu pointer first
On Tue, Jun 02, 2020 at 07:27:59AM +0000, Linhaifeng wrote:
> We should update rcu pointer first then use ovsrcu_postpone to free
> otherwise maybe cause use-after-free.
> e.g.,reader indicates momentary quiescent and access old pointer after
> writer postpone free old pointer and before setting new pointer.
> Signed-off-by: Linhaifeng <haifeng.lin at huawei.com>
I don't see how that's possible, since the writer hasn't quiesced.
I think the logic is as follow, Could you help me find out where is incorrect?
1.1 -> 1.2 -> 3.1 -> 3.2 -> 2.1 -> 2.2 -> 2.3 -> 2.1 -> 1.3 -> 1.4 -> 3.3 -> 2.2(use after free)
1.1 use postone to free old pointer
1.2 flush cbsets to flushed_cbsets
1.3 update new pointer
2.1. read pointer
2.2. use pointer
3.1 pop flushed_cbsets
3.3 call all cb to free
More information about the dev