[ovs-git] [openvswitch/ovs] 1fe446: monitor: Fix crash when monitor condition adds new...

Han Zhou noreply at github.com
Thu Feb 14 19:29:13 UTC 2019


  Branch: refs/heads/branch-2.7
  Home:   https://github.com/openvswitch/ovs
  Commit: 1fe446e85e00004b0147dab77eb951d27bad4ffc
      https://github.com/openvswitch/ovs/commit/1fe446e85e00004b0147dab77eb951d27bad4ffc
  Author: Han Zhou <hzhou8 at ebay.com>
  Date:   2019-02-14 (Thu, 14 Feb 2019)

  Changed paths:
    M ovsdb/monitor.c
    M tests/ovsdb-monitor.at

  Log Message:
  -----------
  monitor: Fix crash when monitor condition adds new columns.

The OVSDB conditional monitor implementation allows many clients
to share same copy of monitored data if the clients are sharing
same tables and columns being monitored, while they can have
different monitor conditions. In monitor conditions they can
have different columns which can be different from the columns
being monitored. So the struct ovsdb_monitor_table maintains the
union of the all the columns being used in any conditions.

The problem of the current implementation is that for each change
set generated, it doesn't maintain any metadata for the number of
columns for the data that has already populated in it. Instead, it
always rely on the n_columns field of the struct ovsdb_monitor_table
to manipulate the data. However, the n_columns in struct
ovsdb_monitor_table can increase (e.g. when a client changes its
condition which involves more columns). So it can result in that
the existing rows in a change set with N columns being later processed
as if it had more than N columns, typically, when the row is freed.
This causes the ovsdb-server crashing (see an example of the
backtrace).

The patch fixes the problem by maintaining n_columns for each
change set, and added a test case which fails without the fix.

(gdb) bt
at lib/ovsdb-data.c:1031
out>, mt=<optimized out>) at ovsdb/monitor.c:320
mt=0x1e7b940) at ovsdb/monitor.c:333
out>, transaction=<optimized out>) at ovsdb/monitor.c:527
initial=<optimized out>, cond_updated=cond_updated at entry=false,
unflushed_=unflushed_ at entry=0x20dae70,
    condition=<optimized out>, version=<optimized out>) at ovsdb/monitor.c:1156
(m=m at entry=0x20dae40, initial=initial at entry=false) at
ovsdb/jsonrpc-server.c:1655
at ovsdb/jsonrpc-server.c:1729
ovsdb/jsonrpc-server.c:551
ovsdb/jsonrpc-server.c:586
ovsdb/jsonrpc-server.c:401
exiting=0x7ffdb947f76f, run_process=0x0, remotes=0x7ffdb947f7c0,
unixctl=0x1e7a560, all_dbs=0x7ffdb947f800,
    jsonrpc=<optimized out>, config=0x7ffdb947f820) at ovsdb/ovsdb-server.c:209

Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>




More information about the git mailing list