On Fri, Mar 15, 2019 at 04:17:34PM -0700, Darrell Ball wrote: > On Fri, Mar 15, 2019 at 3:56 PM Ben Pfaff <[email protected]> wrote: > > > On Fri, Mar 15, 2019 at 03:01:18PM -0700, Darrell Ball wrote: > > > Reference lists are not fully protected during cleanup of > > > NAT connections where the bucket lock is transiently not held during > > > list traversal. This can lead to referencing freed memory during > > > cleaning from multiple contexts. Fix this by protecting with > > > the existing 'cleanup' mutex in the missed cases where 'conn_clean()' > > > is called. 'conntrack_flush()' is converted to expiry list traversal > > > to support the proper bucket level protection with the 'cleanup' mutex. > > > > > > The NAT exhaustion case cleanup in 'conn_not_found()' is also modified > > > to avoid the same issue. > > > > > > Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.") > > > Reported-by: solomon <[email protected]> > > > Reported-at: > > https://mail.openvswitch.org/pipermail/ovs-dev/2019-March/357056.html > > > Tested-by: solomon <[email protected]> > > > Signed-off-by: Darrell Ball <[email protected]> > > > --- > > > > > > This patch is targeted for earlier releases as new RCU patches > > > inherently don't have this race. > > > > > > Backport to 2.8. > > > > Thanks. I applied this to master, branch-2.11, and branch-2.10. 2.9 > > and 2.8 had conflicts. > > > > I will create the backport patches for 2.9 and 2.8. > > Regarding branch 2.8 - it has diverged quite a bit in general from branch > >=2.9. > This is because of some small features/cosmetic changes that went into 2.9. > One option would be to bring 2.8 into sync with 2.9 in one patch. > Alternatively, > backport all dependencies and fixes separately. Thoughts ?
Usually it's better to backport them separately, because it makes it clear at a glance what happened in a list of patches. But that can sometimes be a lot of trouble, and in that case a single patch can make sense. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
