From a701b0d9ee0eacf60f385e3f96cdca711da3552e Mon Sep 17 00:00:00 2001 From: Anand H Krishnan Date: Wed, 19 Nov 2014 22:57:43 -0800 Subject: [PATCH] Remove the vhost tap if the physical interface corresponsing to a vhost interface changes If before a vrouter soft reset the physical interface was different and post reset agent adds a different physical interface (corresponding to a particular vhost), then a system crash is possible subsequently when somebody tries to remove the module. (This situation can happen because interfaces mentioned in agent_param and contrail-vrouter-agent.conf are different. Unlikely, but possible). The system crash is because during reset we install a handler on the physical interface that directly shunts the packet to vhost interface in the kernel. Post reset, if the interface changes, we don't remove this tap. If we then remove the vrouter module, the tap points to the module function and hence an invalid memory. Change-Id: I28d4a7691d7caea81f849110edf7c7f7170b0bc5 Closes-BUG: #1394473 --- linux/vhost_dev.c | 9 +++++++++ linux/vr_host_interface.c | 3 +++ 2 files changed, 12 insertions(+) diff --git a/linux/vhost_dev.c b/linux/vhost_dev.c index 65ab3cf70..78a9763c2 100644 --- a/linux/vhost_dev.c +++ b/linux/vhost_dev.c @@ -226,6 +226,15 @@ vhost_if_add(struct vr_interface *vif) vp->vp_vifp = vif; if (vif->vif_type == VIF_TYPE_HOST) { if (vif->vif_bridge) { + /* + * if there already was an association, need to remove that + */ + if ((vp->vp_phys_dev) && + (vp->vp_phys_dev != + ((struct net_device *)vif->vif_bridge->vif_os))) { + vhost_del_tap_phys(vp->vp_phys_dev); + } + vp->vp_phys_dev = (struct net_device *)vif->vif_bridge->vif_os; strncpy(vp->vp_phys_name, vp->vp_phys_dev->name, diff --git a/linux/vr_host_interface.c b/linux/vr_host_interface.c index d4d443a2d..a21b85d6b 100644 --- a/linux/vr_host_interface.c +++ b/linux/vr_host_interface.c @@ -1323,6 +1323,9 @@ vr_interface_common_hook(struct sk_buff *skb) vif = vr_get_vif_ptr(skb->dev); } + if (!vif) + goto error; + #if 0 if(vrouter_dbg) { __skb_dump_info("vr_intf_br_hk:", skb, vif);