Juniper Openstack

Concurrency issue in BgpSession::WriteReady

Bug #1462550 reported by Nischal Sheth on 2015-06-05

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R2.20	Fix Committed	Medium	Nischal Sheth	Juniper Openstack r2.20-fcs
Trunk	Fix Committed	Medium	Nischal Sheth	Juniper Openstack r3.0-fcs

Bug Description

BgpSession::WriteReady is called from the io thread. There are
2 problems in current implementation:

1. The peer_ in the BgpSession is not cleared when the BgpPeer
clears it's reference to the BgpSession. As a result, WriteReady
can access freed memory if the peer has been deleted.

2. Even if BgpPeer::clear_session is modified to clear the back
pointer to the peer in the session, there's a concurrency issue
since BgpSession::WriteReady could be called from the io thread
while the back pointer is being cleared.

Fix is to enqueue the BgpSession to a work queue when it gets
a WriteReady notification and do the actual processing in the
context of bgp::Config task.

See original description

Tags:

Nischal Sheth (nsheth) on 2015-06-05

summary:	- BgpSession::WriteReady can access freed memory + Concurrency issue in BgpSession::WriteReady
description:	updated

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2015-06-05: [Review update] master

Review in progress for https://review.opencontrail.org/11333
Submitter: Nischal Sheth (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2015-06-05: [Review update] R2.20

Review in progress for https://review.opencontrail.org/11334
Submitter: Nischal Sheth (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2015-06-07: A change has been merged

Reviewed: https://review.opencontrail.org/11333
Committed: http://github.org/Juniper/contrail-controller/commit/f0ce42f34dfe550b36a9ee8df081c3296a4eade3
Submitter: Zuul
Branch: master

commit f0ce42f34dfe550b36a9ee8df081c3296a4eade3
Author: Nischal Sheth <email address hidden>
Date: Fri Jun 5 13:25:13 2015 -0700

Fix concurrency issue in BgpSession::WriteReady

It's possible that BgpSession::WriteReady gets called after peer
for the session has already been deleted. Prevent WriteReady from
from accessing freed memory by clearing the back pointer to the
peer in the session when the session in the peer is cleared.

The above fix is not sufficient since there's a concurrency issue
wherein BgpSession::WriteReady could try to access the peer while
the peer is trying to clear the back pointer in the session.

Fix is to enqueue sessions to a work queue in the sesison manager
when BgpSession::WriteReady is called. The work queue is processed
in the context of the bgp::Config task.

Change-Id: I6e4c72b1367914decddd0baf25589446171443bd
Closes-Bug: 1462550

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2015-06-08: [Review update] R2.20

Review in progress for https://review.opencontrail.org/11334
Submitter: Nischal Sheth (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2015-06-09: A change has been merged

Reviewed: https://review.opencontrail.org/11334
Committed: http://github.org/Juniper/contrail-controller/commit/35eb5306bad7087f3514b4a16bef686cca30f1c0
Submitter: Zuul
Branch: R2.20

commit 35eb5306bad7087f3514b4a16bef686cca30f1c0
Author: Nischal Sheth <email address hidden>
Date: Fri Jun 5 13:25:13 2015 -0700

Fix concurrency issue in BgpSession::WriteReady

The above fix is not sufficient since there's a concurrency issue
wherein BgpSession::WriteReady could try to access the peer while
the peer is trying to clear the back pointer in the session.

Fix is to enqueue sessions to a work queue in the sesison manager
when BgpSession::WriteReady is called. The work queue is processed
in the context of the bgp::Config task.

Change-Id: I6e4c72b1367914decddd0baf25589446171443bd
Closes-Bug: 1462550

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.