on destroy flow table instance, referenced flow mask may be released
too. fuction ovs_flow_tbl_destroy(), release flow mask first and then
destroy flow table instance. this will trigger kernel panic on detroy
datapath
[ 377.647756] kernel BUG at .../datapath/linux/flow_table.c:272!
[ 377.653794] invalid opcode: 0000 [#1] SMP PTI
[ 377.666827] RIP: 0010:table_instance_flow_free.isra.7+0x148/0x150
[ 377.711465] Call Trace:
[ 377.715238] <IRQ>
[ 377.718964] table_instance_destroy+0xbe/0x160 [openvswitch]
[ 377.722793] destroy_dp_rcu+0x12/0x40 [openvswitch]
[ 377.726651] rcu_process_callbacks+0x297/0x460
[ 377.736795] __do_softirq+0xe3/0x30a
[ 377.740654] ? ktime_get+0x36/0xa0
[ 377.744490] irq_exit+0x100/0x110
[ 377.748514] smp_apic_timer_interrupt+0x74/0x140
[ 377.752817] apic_timer_interrupt+0xf/0x20
[ 377.758802] </IRQ>
Fixes: 6d1cf7f3e ("datapath: fix possible memleak on destroy
flow-table")
Signed-off-by: Wentao Jia <wentao....@easystack.cn>
Signed-off-by: Chuanjie Zeng <chuanjie.z...@easystack.cn>
---
datapath/flow_table.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/datapath/flow_table.c b/datapath/flow_table.c
index 650338fb0..b2f4b1108 100644
--- a/datapath/flow_table.c
+++ b/datapath/flow_table.c
@@ -415,8 +415,8 @@ void ovs_flow_tbl_destroy(struct flow_table *table)
struct table_instance *ufid_ti = rcu_dereference_raw(table->ufid_ti);
free_percpu(table->mask_cache);
- kfree(rcu_dereference_raw(table->mask_array));
table_instance_destroy(table, ti, ufid_ti, false);
+ kfree(rcu_dereference_raw(table->mask_array));
}
--
2.32.0
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
