projects / cascardo / ovs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d9175e4) | patch
ofproto-dpif: Complete all packet translations before freeing an ofproto.
authorBen Pfaff <blp@nicira.com>
Tue, 25 Feb 2014 16:01:01 +0000 (08:01 -0800)
committerBen Pfaff <blp@nicira.com>
Tue, 25 Feb 2014 16:08:04 +0000 (08:08 -0800)
commit086129e1845b5a50ad174676036e46cbcdf93216
tree5cbf82bf894cbb3c66d1762a4a8805468f0c2c4etree | snapshot
parentd9175e4626b0214d156065fbb83f9500cd2fd9ddcommit | diff
ofproto-dpif: Complete all packet translations before freeing an ofproto.

The following scenario can occur:

   1. Handler thread grabs a pointer to an ofproto in handle_upcalls().

   2. Main thread removes ofproto and destroys it in destruct().

   3. Handler thread uses pointer to ofproto and accesses freed memory.
      BOOM!

Each individual step above happens under the xlate_rwlock, but the ofproto
pointer is retained from step 1 to step 3, hence the problem.  This commit
fixes the problem by ensuring that after an ofproto is removed but before
it is destroyed, all packet translations get pushed all the way through
the upcall handler pipeline.  (No new packet translations can get a pointer
to the removed ofproto.)

Bug #1200351.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Alex Wang <alexw@nicira.com>
ofproto/ofproto-dpif-upcall.c diff | blob | history
ofproto/ofproto-dpif-upcall.h diff | blob | history
ofproto/ofproto-dpif.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.