forked from openvswitch/ovs
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
conntrack: Fix race for NAT cleanup.
Reference lists are not fully protected during cleanup of NAT connections where the bucket lock is transiently not held during list traversal. This can lead to referencing freed memory during cleaning from multiple contexts. Fix this by protecting with the existing 'cleanup' mutex in the missed cases where 'conn_clean()' is called. 'conntrack_flush()' is converted to expiry list traversal to support the proper bucket level protection with the 'cleanup' mutex. Fixes: 286de27 ("dpdk: Userspace Datapath: Introduce NAT Support.") Reported-by: solomon <liwei.solomon@gmail.com> Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-March/357056.html Tested-by: solomon <liwei.solomon@gmail.com> Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: 0-day Robot <robot@bytheb.org>
- Loading branch information
Showing
1 changed file
with
70 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters