yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1696874] Re: unsafe set reference in neutron iptables code

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1696874@xxxxxxxxxxxxxxxxxx>
Date: Sat, 10 Jun 2017 00:13:05 -0000
Reply-to: Bug 1696874 <1696874@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Reviewed:  https://review.openstack.org/472473
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=e51ae07aecd14b8270f5e14175f943a5abc8caa6
Submitter: Jenkins
Branch:    master

commit e51ae07aecd14b8270f5e14175f943a5abc8caa6
Author: Kevin Benton <kevin@xxxxxxxxxx>
Date:   Thu Jun 8 16:10:45 2017 -0700

    Don't iterate updated_rule_sg_ids or updated_sg_members
    
    updated_rule_sg_ids and updated_sg_members can be updated
    concurrently by an RPC security_group_updated cast from the
    server which will result in a RuntimeError due to set
    size changing during iteration.
    
    This adjusts the logic to just iterate over a copy of the set.
    
    Change-Id: I0a7cf13157de256403cfd6196f64fafdfa65f180
    Closes-Bug: #1696874


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1696874

Title:
  unsafe set reference in neutron iptables code

Status in neutron:
  Fix Released

Bug description:
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-21b216b4-9e00-4f16-aa90-fc05f875e23f - - - - -] Error while processing VIF ports
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent Traceback (most recent call last):
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/dist-packages/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py", line 1825, in rpc_loop
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent     ovs_restarted)
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/dist-packages/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py", line 1574, in process_network_ports
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent     port_info.get('updated', set()))
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/dist-packages/neutron/agent/securitygroups_rpc.py", line 303, in setup_port_filters
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent     self.refresh_firewall(updated_devices)
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/dist-packages/neutron/agent/securitygroups_rpc.py", line 142, in decorated_function
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent     *args, **kwargs)
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/dist-packages/neutron/agent/securitygroups_rpc.py", line 257, in refresh_firewall
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent     self.firewall.update_port_filter(device)
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/contextlib.py", line 24, in __exit__
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent     self.gen.next()
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/dist-packages/neutron/agent/firewall.py", line 110, in defer_apply
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent     self.filter_defer_apply_off()
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_firewall.py", line 844, in filter_defer_apply_off
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent     self._remove_conntrack_entries_from_sg_updates()
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_firewall.py", line 829, in _remove_conntrack_entries_from_sg_updates
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent     self._clean_deleted_sg_rule_conntrack_entries()
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_firewall.py", line 779, in _clean_deleted_sg_rule_conntrack_entries
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent     for sg_id in self.updated_rule_sg_ids:
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent RuntimeError: Set changed size during iteration
  :2017-06-01 14:26:28.528 13973 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1696874/+subscriptions
References

[Bug 1696874] [NEW] unsafe set reference in neutron iptables code
From: Kevin Benton, 2017-06-08