From patchwork Fri Aug 25 06:25:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: huanglili X-Patchwork-Id: 805774 X-Patchwork-Delegate: dlu998@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3xdrqS1WbPz9t1m for ; Fri, 25 Aug 2017 16:29:40 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 6C03AA91; Fri, 25 Aug 2017 06:29:10 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 4CEC7927 for ; Fri, 25 Aug 2017 06:29:09 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3A73CE2 for ; Fri, 25 Aug 2017 06:28:43 +0000 (UTC) Received: from 172.30.72.58 (EHLO DGGEMS402-HUB.china.huawei.com) ([172.30.72.58]) by dggrg04-dlp.huawei.com (MOS 4.4.6-GA FastPath queued) with ESMTP id DFV67910; Fri, 25 Aug 2017 14:28:41 +0800 (CST) Received: from localhost (10.177.250.105) by DGGEMS402-HUB.china.huawei.com (10.3.19.202) with Microsoft SMTP Server id 14.3.301.0; Fri, 25 Aug 2017 14:28:34 +0800 From: huanglili To: Date: Fri, 25 Aug 2017 14:25:23 +0800 Message-ID: <1503642323-12248-1-git-send-email-huanglili.huang@huawei.com> X-Mailer: git-send-email 2.6.4.windows.1 MIME-Version: 1.0 X-Originating-IP: [10.177.250.105] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090201.599FC399.0062, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2014-11-16 11:51:01, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: ccead26279d43c26894483197b4c25f4 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: blp@nicira.com Subject: [ovs-dev] [PATCH v2] conntrack: Fix ct-clean thread crash bug X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org From: Lili Huang Conn should be removed from the list before freed. This crash will be triggered when a established flow do ct(nat) again, like "ip,actions=ct(table=1) table=1,in_port=1,ip,actions=ct(commit,nat(dst=5.5.5.5)),2 table=1,in_port=2,ip,ct_state=+est,actions=1 table=1,in_port=1,ip,ct_state=+est,actions=2" Signed-off-by: Lili Huang --- lib/conntrack.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/conntrack.c b/lib/conntrack.c index 1c0e023..4918aaf 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -805,6 +805,7 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt, * against with firewall rules or a separate firewall. * Also using zone partitioning can limit DoS impact. */ nat_res_exhaustion: + ovs_list_remove(&nc->exp_node); delete_conn(nc); /* conn_for_un_nat_copy is a local variable in process_one; this * memset() serves to document that conn_for_un_nat_copy is from