Hi Eitan,
Please see below the stacktrace of the BSOD. The FilterDetach routine was
called while the requests were being processed and the gOvsSwitchContext global
pointer was set to NULL. In this case the gOvsSwitchContext was not released,
but only the gOvsSwitchContextRefCount reference count was decreased.
-Sorin
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800023e685b, Address of the instruction which caused the bugcheck
Arg3: ffffd000236adad0, Address of the context record for the exception that
caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
"KERNEL32.DLL" was not found in the image list.
Debugger will attempt to load "KERNEL32.DLL" at given base 00000000`00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000`00000000
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced
memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
OVSExt!OvsNewVportCmdHandler+27b
[c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\vport.c @ 2136]
fffff800`023e685b 488b4870 mov rcx,qword ptr [rax+70h]
CONTEXT: ffffd000236adad0 -- (.cxr 0xffffd000236adad0;r)
rax=0000000000000000 rbx=ffffe000033517a0 rcx=ffffe000039688e4
rdx=ffffd000236ae584 rsi=ffffe00002d93c90 rdi=ffffe000033517a0
rip=fffff800023e685b rsp=ffffd000236ae500 rbp=ffffd000236aeb80
r8=0000000000000000 r9=fffff800023f0a50 r10=ffffd00020b02f80
r11=ffffd00020afec30 r12=0000000000000000 r13=0000000000000001
r14=ffffe000033518b8 r15=ffffe00002e53920
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
OVSExt!OvsNewVportCmdHandler+0x27b:
fffff800`023e685b 488b4870 mov rcx,qword ptr [rax+70h]
ds:002b:00000000`00000070=????????????????
Last set context:
rax=0000000000000000 rbx=ffffe000033517a0 rcx=ffffe000039688e4
rdx=ffffd000236ae584 rsi=ffffe00002d93c90 rdi=ffffe000033517a0
rip=fffff800023e685b rsp=ffffd000236ae500 rbp=ffffd000236aeb80
r8=0000000000000000 r9=fffff800023f0a50 r10=ffffd00020b02f80
r11=ffffd00020afec30 r12=0000000000000000 r13=0000000000000001
r14=ffffe000033518b8 r15=ffffe00002e53920
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
OVSExt!OvsNewVportCmdHandler+0x27b:
fffff800`023e685b 488b4870 mov rcx,qword ptr [rax+70h]
ds:002b:00000000`00000070=????????????????
Resetting default scope
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: ovs-vswitchd.e
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
LAST_CONTROL_TRANSFER: from fffff800023d67f6 to fffff800023e685b
STACK_TEXT:
ffffd000`236ae500 fffff800`023d67f6 : ffffd000`236ae7c0 ffffd000`236ae728
ffffe000`00000000 00000000`00000010 : OVSExt!OvsNewVportCmdHandler+0x27b
[c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\vport.c @ 2136]
ffffd000`236ae630 fffff800`023f6aff : ffffd000`236ae7c0 fffff800`023f2220
ffffd000`236ae728 ffffe000`039688c0 : OVSExt!InvokeNetlinkCmdHandler+0x106
[c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\datapath.c @ 1003]
ffffd000`236ae6b0 fffff800`0073bc18 : ffffe000`02d93c90 ffffe000`033517a0
ffffe000`02e53920 ffffe000`033517a0 : OVSExt!OvsDeviceControl+0x98f
[c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\datapath.c @ 912]
ffffd000`236ae840 fffff803`8ce4f395 : ffffe000`033517a0 00000000`00000001
ffffe000`02e53920 00000000`0000000e : NDIS!ndisDummyIrpHandler+0x88
ffffd000`236ae870 fffff803`8ce4fd2a : e000032b`7f20ffbd 0000000c`001f0003
00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x845
ffffd000`236aea20 fffff803`8cbe08b3 : 00000000`00000000 00000000`00000000
00000000`00000001 fffff803`00000000 : nt!NtDeviceIoControlFile+0x56
ffffd000`236aea90 00000000`77a22772 : 00000000`77a22371 00000023`77a6b63c
00000000`00000023 00000000`000000ff : nt!KiSystemServiceCopyEnd+0x13
00000000`00f1e8b8 00000000`77a22371 : 00000023`77a6b63c 00000000`00000023
00000000`000000ff 00000000`0101ffdc : wow64cpu!CpupSyscallStub+0x2
00000000`00f1e8c0 00000000`7797323a : 00000000`00000000 00000000`77a21503
00000000`00000000 00000000`77973420 : wow64cpu!DeviceIoctlFileFault+0x31
00000000`00f1e970 00000000`7797317e : 00000000`00000000 00000000`00000000
00000000`00f1fd30 00000000`00f1f2e0 : wow64!RunCpuSimulation+0xa
00000000`00f1e9c0 00007ffc`af9caa9b : 00000000`013700f0 00000000`00000000
00000000`00000010 00000000`7ef73000 : wow64!Wow64LdrpInitialize+0x172
00000000`00f1ef00 00007ffc`af9a97aa : 00007ffc`af900000 00000000`00000000
00000000`00000000 00000000`7ef73000 : ntdll!LdrpInitializeProcess+0x157b
00000000`00f1f220 00007ffc`af916aa6 : 00000000`00f1f2e0 00000000`00000000
00000000`00000000 00000000`7ef73000 : ntdll!_LdrpInitialize+0x92cb2
00000000`00f1f290 00000000`00000000 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe
FOLLOWUP_IP:
OVSExt!OvsNewVportCmdHandler+27b
[c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\vport.c @ 2136]
fffff800`023e685b 488b4870 mov rcx,qword ptr [rax+70h]
FAULTING_SOURCE_LINE:
c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\vport.c
FAULTING_SOURCE_FILE:
c:\1.data\cloudbase\work\git\ovs\datapath-windows\ovsext\vport.c
FAULTING_SOURCE_LINE_NUMBER: 2136
FAULTING_SOURCE_CODE:
2132:
2133: /* we are expecting null terminated strings to be passed */
2134: ASSERT(portName[portNameLen - 1] == '\0');
2135:
> 2136: NdisAcquireRWLockWrite(gOvsSwitchContext->dispatchLock, &lockState,
> 0);
2137:
2138: vport = OvsFindVportByOvsName(gOvsSwitchContext, portName);
2139: if (vport) {
2140: nlError = NL_ERROR_EXIST;
2141: goto Cleanup;
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: OVSExt!OvsNewVportCmdHandler+27b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: OVSExt
IMAGE_NAME: OVSExt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 557fead2
STACK_COMMAND: .cxr 0xffffd000236adad0 ; kb
BUCKET_ID_FUNC_OFFSET: 27b
FAILURE_BUCKET_ID: 0x3B_OVSExt!OvsNewVportCmdHandler
BUCKET_ID: 0x3B_OVSExt!OvsNewVportCmdHandler
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_ovsext!ovsnewvportcmdhandler
FAILURE_ID_HASH: {ffc25ef0-a8ef-44c9-4906-c296ae6c7c4b}
Followup: MachineOwner
---------
1: kd> ??gOvsSwitchContext
struct _OVS_SWITCH_CONTEXT * 0x00000000`00000000
-----Original Message-----
From: Eitan Eliahu [mailto:[email protected]]
Sent: Monday, 15 June, 2015 18:27
To: Sorin Vinturis; [email protected]
Subject: RE: [ovs-dev] [PATCH v2] datapath-windows: BSOD when disabling the
extension
Hi Sorin,
Can you please forward stack trace?
Thanks,
Eitan
-----Original Message-----
From: dev [mailto:[email protected]] On Behalf Of Sorin Vinturis
Sent: Monday, June 15, 2015 7:49 AM
To: [email protected]
Subject: [ovs-dev] [PATCH v2] datapath-windows: BSOD when disabling the
extension
When the filter detach routine is called while there are packets still in
processing, the OvsUninitSwitchContext function call will decrement the switch
context reference count without releasing the switch context structure. This
behaviour is correct and expected, but the BSOD is caused in this case because
the gOvsSwitchContext variable is set to NULL, which is wrong.
The gOvsSwitchContext global variable must be set to NULL only when the switch
context structure is actually released.
Signed-off-by: Sorin Vinturis <[email protected]>
Reported-by: Sorin Vinturis <[email protected]>
Reported-at:
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openvswitch_ovs-2Dissues_issues_80&d=BQIGaQ&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=CWsgHUxi6ExLXY798tmo3LJ4e3geGYp56lkcH-5cLCY&m=fxSjeLfMN40XNZsRUW1pOUC4BaXKLNmvM0IzVTxe32o&s=PNqZC6M2Nbl0WZJOWoEUmJTabsU0eJulnLzdB9mcYkk&e=
Acked-by: Alin Gabriel Serdean <[email protected]>
---
datapath-windows/ovsext/Switch.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/datapath-windows/ovsext/Switch.c b/datapath-windows/ovsext/Switch.c
index f877854..99a306d 100644
--- a/datapath-windows/ovsext/Switch.c
+++ b/datapath-windows/ovsext/Switch.c
@@ -201,6 +201,7 @@ OvsCreateSwitch(NDIS_HANDLE ndisFilterHandle,
status = OvsInitSwitchContext(switchContext);
if (status != NDIS_STATUS_SUCCESS) {
OvsFreeMemoryWithTag(switchContext, OVS_SWITCH_POOL_TAG);
+ switchContext = NULL;
goto create_switch_done;
}
@@ -240,7 +241,6 @@ OvsExtDetach(NDIS_HANDLE filterModuleContext)
}
OvsDeleteSwitch(switchContext);
OvsCleanupIpHelper();
- gOvsSwitchContext = NULL;
/* This completes the cleanup, and a new attach can be handled now. */
OVS_LOG_TRACE("Exit: OvsDetach Successfully"); @@ -495,6 +495,7 @@
OvsReleaseSwitchContext(POVS_SWITCH_CONTEXT switchContext)
if (ref == 1) {
OvsDeleteSwitchContext(switchContext);
+ gOvsSwitchContext = NULL;
}
}
--
1.9.0.msysgit.0
_______________________________________________
dev mailing list
[email protected]
https://urldefense.proofpoint.com/v2/url?u=http-3A__openvswitch.org_mailman_listinfo_dev&d=BQIGaQ&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=CWsgHUxi6ExLXY798tmo3LJ4e3geGYp56lkcH-5cLCY&m=fxSjeLfMN40XNZsRUW1pOUC4BaXKLNmvM0IzVTxe32o&s=OgmOQuSMC-PwPV_FBD6LjMrxl7Ze1VPrMIRnwXiXNVI&e=
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
