[ovs-git] [openvswitch/ovs] a720a7: conntrack: Fix race for NAT cleanup.

Ben Pfaff noreply at github.com
Fri Mar 15 22:54:27 UTC 2019


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: a720a7fa80b2fdf1bb5f5b9e706191a31ae02dca
      https://github.com/openvswitch/ovs/commit/a720a7fa80b2fdf1bb5f5b9e706191a31ae02dca
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2019-03-15 (Fri, 15 Mar 2019)

  Changed paths:
    M lib/conntrack.c

  Log Message:
  -----------
  conntrack: Fix race for NAT cleanup.

Reference lists are not fully protected during cleanup of
NAT connections where the bucket lock is transiently not held during
list traversal.  This can lead to referencing freed memory during
cleaning from multiple contexts.  Fix this by protecting with
the existing 'cleanup' mutex in the missed cases where 'conn_clean()'
is called.  'conntrack_flush()' is converted to expiry list traversal
to support the proper bucket level protection with the 'cleanup' mutex.

The NAT exhaustion case cleanup in 'conn_not_found()' is also modified
to avoid the same issue.

Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
Reported-by: solomon <liwei.solomon at gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-March/357056.html
Tested-by: solomon <liwei.solomon at gmail.com>
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: 901a0dad38207d2ddae14cda6fe0b6d1bb126c8d
      https://github.com/openvswitch/ovs/commit/901a0dad38207d2ddae14cda6fe0b6d1bb126c8d
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2019-03-15 (Fri, 15 Mar 2019)

  Changed paths:
    M lib/conntrack.c

  Log Message:
  -----------
  conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.

When freeing 'UNNAT conns', lookup only 'UNNAT conns' to
protect against possible address overlap with 'default
conns' during a DOS attempt.  This is very unlikely, but
protection is simple.

Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: 82b9ac94bbbe59eabf7d01edb6845eef28d3f2ba
      https://github.com/openvswitch/ovs/commit/82b9ac94bbbe59eabf7d01edb6845eef28d3f2ba
  Author: Darrell Ball <dlu998 at gmail.com>
  Date:   2019-03-15 (Fri, 15 Mar 2019)

  Changed paths:
    M lib/conntrack.c

  Log Message:
  -----------
  conntrack: Replace structure copy by memcpy().

There are a few cases where structure copy can be replaced by
memcpy(), for possible portability benefit.  This is because
the structures involved have padding and elements of the
structure are used to generate hashes.

Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/2fc160f503e4...82b9ac94bbbe


More information about the git mailing list