[ovs-git] [openvswitch/ovs] ffada5: classifier: Prevent tries vs n_tries race leading ...
Eiichi Tsukata
noreply at github.com
Thu May 28 17:00:29 UTC 2020
Branch: refs/heads/branch-2.6
Home: https://github.com/openvswitch/ovs
Commit: ffada544d53e66b6040a77e5ae6f1e246739efb4
https://github.com/openvswitch/ovs/commit/ffada544d53e66b6040a77e5ae6f1e246739efb4
Author: Eiichi Tsukata <eiichi.tsukata at nutanix.com>
Date: 2020-05-28 (Thu, 28 May 2020)
Changed paths:
M lib/classifier.c
M lib/classifier.h
M tests/test-classifier.c
Log Message:
-----------
classifier: Prevent tries vs n_tries race leading to NULL dereference.
Currently classifier tries and n_tries can be updated not atomically,
there is a race condition which can lead to NULL dereference.
The race can happen when main thread updates a classifier tries and
n_tries in classifier_set_prefix_fields() and at the same time revalidator
or handler thread try to lookup them in classifier_lookup__(). Such race
can be triggered when user changes prefixes of flow_table.
Race(user changes flow_table prefixes: ip_dst,ip_src => none):
[main thread] [revalidator/handler thread]
===========================================================
/* cls->n_tries == 2 */
for (int i = 0; i < cls->n_tries; i++) {
trie_init(cls, i, NULL);
/* n_tries == 0 */
cls->n_tries = n_tries;
/* cls->tries[i]->feild is NULL */
trie_ctx_init(&trie_ctx[i],&cls->tries[i]);
/* trie->field is NULL */
ctx->be32ofs = trie->field->flow_be32ofs;
To prevent the race, instead of re-introducing internal mutex
implemented in the commit fccd7c092e09 ("classifier: Remove internal
mutex."), this patch makes trie field RCU protected and checks it after
read.
Fixes: fccd7c092e09 ("classifier: Remove internal mutex.")
Signed-off-by: Eiichi Tsukata <eiichi.tsukata at nutanix.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
More information about the git
mailing list