neutron

Race condition exists for mac uniqueness

Bug #1194565 reported by Maru Newby
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Low
Cedric Brandily
neutron 2015.1.0 "kilo"

Bug Description

The mac uniqueness check is being done in code (https://github.com/openstack/quantum/blob/master/quantum/db/db_base_plugin_v2.py#L289) without explicit locking, which opens the door to a race condition if multiple requests try to secure the same mac.

It probably makes sense to move the check into a uniqueness constraint on the model.

Revision history for this message
yong sheng gong (gongysh) wrote :

I have registered a BP: https://blueprints.launchpad.net/quantum/+spec/distributed-lock-resource-allocation for such kind of bugs.

Changed in quantum:
status: New → Confirmed
importance: Undecided → High
Revision history for this message
yong sheng gong (gongysh) wrote :

https://review.openstack.org/#/c/34695/

Changed in neutron:
assignee: Mark McClain (markmcclain) → yong sheng gong (gongysh)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/34823

yong sheng gong (gongysh)
Changed in neutron:
milestone: none → havana-2
Mark McClain (markmcclain)
tags: added: neutron-core
removed: quantum-core
Mark McClain (markmcclain)
Changed in neutron:
assignee: yong sheng gong (gongysh) → Mark McClain (markmcclain)
milestone: havana-2 → havana-3
status: In Progress → Triaged
Mark McClain (markmcclain)
Changed in neutron:
milestone: havana-3 → havana-rc1
Mark McClain (markmcclain)
tags: added: havana-rc-potential
Changed in neutron:
milestone: havana-rc1 → none
Thierry Carrez (ttx)
tags: added: havana-backport-potential
removed: havana-rc-potential
Revision history for this message
Eugene Nikanorov (enikanorov) wrote :

The code of _generate_mac was fixed in order to account for possible duplication.
 Meanwhile it's still not 100% race-condition safe.

Changed in neutron:
importance: High → Low
Cedric Brandily (cbrandily)
Changed in neutron:
assignee: Mark McClain (markmcclain) → Cedric Brandily (cbrandily)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/146404

Changed in neutron:
status: Triaged → In Progress
Kyle Mestery (mestery)
Changed in neutron:
milestone: none → kilo-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/146404
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=09fe057cd475fe9068339f9805fa855476e248bf
Submitter: Jenkins
Branch: master

commit 09fe057cd475fe9068339f9805fa855476e248bf
Author: Cedric Brandily <email address hidden>
Date: Sat Jan 10 14:25:04 2015 +0000

    Use db constraint to ensure mac address uniqueness

    Currently port mac address uniqueness per network is checked before Port
    db object create but without locking. It implies 2 port create requests
    can allocate the same mac address on a network if each request performs
    mac address uniqueness check before the other creates the Port db object.

    This change replaces the check by a db unique constraint on Port
    (network_id, mac_address).

    Change-Id: Iad7460356ceb74d963cddf5ec33268d77792f1fe
    Closes-Bug: #1194565

Changed in neutron:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in neutron:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in neutron:
milestone: kilo-2 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.