ovs-router: Fix locking in ovs_router_rule_add().

matperin · igsilya · commit 0d6f53909c32 · 2026-02-27T21:23:32.000+01:00
ovs_router_rule_add() is annotated with OVS_REQUIRES(mutex) but its external caller rule_handle_msg() in route-table.c does not hold the mutex. This could lead to data races on the rules pvector. Fix this by changing the annotation to OVS_EXCLUDED(mutex) and acquiring the mutex inside ovs_router_rule_add() around the call to the internal ovs_router_rule_add__() function. Fixes: dc14e92 ("route-table: Introduce multi-table route lookup.") Signed-off-by: Matteo Perin <matteo.perin@canonical.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
diff --git a/lib/ovs-router.c b/lib/ovs-router.c
@@ -1339,11 +1339,13 @@ void
 ovs_router_rule_add(uint32_t prio, bool invert, bool user, uint8_t src_len,
                     const struct in6_addr *from, uint32_t lookup_table,
                     bool ipv4)
-    OVS_REQUIRES(mutex)
+    OVS_EXCLUDED(mutex)
 {
     if (use_system_routing_table) {
+        ovs_mutex_lock(&mutex);
         ovs_router_rule_add__(prio, invert, user, src_len, from,
                               lookup_table, ipv4);
+        ovs_mutex_unlock(&mutex);
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1339,11 +1339,13 @@ void`
`1339`	`1339`	`ovs_router_rule_add(uint32_t prio, bool invert, bool user, uint8_t src_len,`
`1340`	`1340`	`const struct in6_addr *from, uint32_t lookup_table,`
`1341`	`1341`	`bool ipv4)`
`1342`		`- OVS_REQUIRES(mutex)`
	`1342`	`+ OVS_EXCLUDED(mutex)`
`1343`	`1343`	`{`
`1344`	`1344`	`if (use_system_routing_table) {`
	`1345`	`+ ovs_mutex_lock(&mutex);`
`1345`	`1346`	`ovs_router_rule_add__(prio, invert, user, src_len, from,`
`1346`	`1347`	`lookup_table, ipv4);`
	`1348`	`+ ovs_mutex_unlock(&mutex);`
`1347`	`1349`	`}`
`1348`	`1350`	`}`
`1349`	`1351`