On Fri, Mar 15, 2019 at 03:01:18PM -0700, Darrell Ball wrote:
> Reference lists are not fully protected during cleanup of
> NAT connections where the bucket lock is transiently not held during
> list traversal. This can lead to referencing freed memory during
> cleaning from multiple contexts. Fix this by protecting with
> the existing 'cleanup' mutex in the missed cases where 'conn_clean()'
> is called. 'conntrack_flush()' is converted to expiry list traversal
> to support the proper bucket level protection with the 'cleanup' mutex.
>
> The NAT exhaustion case cleanup in 'conn_not_found()' is also modified
> to avoid the same issue.
>
> Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
> Reported-by: solomon <[email protected]>
> Reported-at:
> https://mail.openvswitch.org/pipermail/ovs-dev/2019-March/357056.html
> Tested-by: solomon <[email protected]>
> Signed-off-by: Darrell Ball <[email protected]>
> ---
>
> This patch is targeted for earlier releases as new RCU patches
> inherently don't have this race.
>
> Backport to 2.8.
Thanks. I applied this to master, branch-2.11, and branch-2.10. 2.9
and 2.8 had conflicts.
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
