[ovs-git] [openvswitch/ovs] a720a7: conntrack: Fix race for NAT cleanup.
Ben Pfaff
noreply at github.com
Fri Mar 15 22:54:27 UTC 2019
Branch: refs/heads/master
Home: https://github.com/openvswitch/ovs
Commit: a720a7fa80b2fdf1bb5f5b9e706191a31ae02dca
https://github.com/openvswitch/ovs/commit/a720a7fa80b2fdf1bb5f5b9e706191a31ae02dca
Author: Darrell Ball <dlu998 at gmail.com>
Date: 2019-03-15 (Fri, 15 Mar 2019)
Changed paths:
M lib/conntrack.c
Log Message:
-----------
conntrack: Fix race for NAT cleanup.
Reference lists are not fully protected during cleanup of
NAT connections where the bucket lock is transiently not held during
list traversal. This can lead to referencing freed memory during
cleaning from multiple contexts. Fix this by protecting with
the existing 'cleanup' mutex in the missed cases where 'conn_clean()'
is called. 'conntrack_flush()' is converted to expiry list traversal
to support the proper bucket level protection with the 'cleanup' mutex.
The NAT exhaustion case cleanup in 'conn_not_found()' is also modified
to avoid the same issue.
Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
Reported-by: solomon <liwei.solomon at gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-March/357056.html
Tested-by: solomon <liwei.solomon at gmail.com>
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 901a0dad38207d2ddae14cda6fe0b6d1bb126c8d
https://github.com/openvswitch/ovs/commit/901a0dad38207d2ddae14cda6fe0b6d1bb126c8d
Author: Darrell Ball <dlu998 at gmail.com>
Date: 2019-03-15 (Fri, 15 Mar 2019)
Changed paths:
M lib/conntrack.c
Log Message:
-----------
conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
When freeing 'UNNAT conns', lookup only 'UNNAT conns' to
protect against possible address overlap with 'default
conns' during a DOS attempt. This is very unlikely, but
protection is simple.
Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 82b9ac94bbbe59eabf7d01edb6845eef28d3f2ba
https://github.com/openvswitch/ovs/commit/82b9ac94bbbe59eabf7d01edb6845eef28d3f2ba
Author: Darrell Ball <dlu998 at gmail.com>
Date: 2019-03-15 (Fri, 15 Mar 2019)
Changed paths:
M lib/conntrack.c
Log Message:
-----------
conntrack: Replace structure copy by memcpy().
There are a few cases where structure copy can be replaced by
memcpy(), for possible portability benefit. This is because
the structures involved have padding and elements of the
structure are used to generate hashes.
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Compare: https://github.com/openvswitch/ovs/compare/2fc160f503e4...82b9ac94bbbe
More information about the git
mailing list