Before this patch, dp_netdev_flow_add() inserted newly minted flows in
the "flow_table" cmap before inserting them into the per core "dpcls"
classifier. Since dpcls_insert() initializes 'flow->cr.mask', there's
a brief window where the flow is accessible from the cmap, but has a
bogus mask value.
In my testing, under rare instances (i.e. once every 20 minutes with a
very specific flow table and traffic pattern), revalidators core dump
when they call dpif_netdev_flow_dump_next(), which accesses this bogus
mask value from dp_netdev_flow_to_dpif_flow().
By inserting into the per core classifier before the cmap, all the
values are guaranteed to be initialized during flow dumps. With this
patch, I can no longer reproduce the crash.
Signed-off-by: Ethan Jackson <ethan@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
ovs_refcount_init(&flow->ref_cnt);
ovsrcu_set(&flow->actions, dp_netdev_actions_create(actions, actions_len));
ovs_refcount_init(&flow->ref_cnt);
ovsrcu_set(&flow->actions, dp_netdev_actions_create(actions, actions_len));
- cmap_insert(&pmd->flow_table,
- CONST_CAST(struct cmap_node *, &flow->node),
- dp_netdev_flow_hash(&flow->ufid));
netdev_flow_key_init_masked(&flow->cr.flow, &match->flow, &mask);
dpcls_insert(&pmd->cls, &flow->cr, &mask);
netdev_flow_key_init_masked(&flow->cr.flow, &match->flow, &mask);
dpcls_insert(&pmd->cls, &flow->cr, &mask);
+ cmap_insert(&pmd->flow_table, CONST_CAST(struct cmap_node *, &flow->node),
+ dp_netdev_flow_hash(&flow->ufid));
+
if (OVS_UNLIKELY(VLOG_IS_DBG_ENABLED())) {
struct match match;
struct ds ds = DS_EMPTY_INITIALIZER;
if (OVS_UNLIKELY(VLOG_IS_DBG_ENABLED())) {
struct match match;
struct ds ds = DS_EMPTY_INITIALIZER;