[ovs-dev] [PATCH] lib/dpif: Fix crash in format_odp_actions, actions = 0x0
Madhu Challa
challa at noironetworks.com
Fri Oct 17 23:25:53 UTC 2014
You are correct Ben. I confused with the put that has actions in
dpif_flow_put. I guess I was not able to repro the issue then. Let me repro
it and I will resend the fix.
Thanks.
On Fri, Oct 17, 2014 at 4:17 PM, Ben Pfaff <blp at nicira.com> wrote:
> On Fri, Oct 17, 2014 at 04:07:25PM -0700, Madhu Challa wrote:
> > dpif_flow_get initializes the flow_get part of the union, down the stack
> > log_flow_message checks for actions || actions_len that could contain
> > garbage leading to the crash.
> >
> > saw the crash once when running stress tests. can be easily recreated
> > by running ovs-dpctl del-flows in a loop when traffic is going on
> >
> > Signed-off-by: Madhu Challa <challa at noironetworks.com>
>
> The actions aren't in the dpif_op so I don't see how this would help.
> Can you explain?
>
> The actions are, instead, in the caller-provided dpif_flow. I guess
> that the error is here in dpif_operate() where the code clears the
> flow only after trying to log uninitialized garbage from it:
> log_flow_get_message(dpif, get, error);
>
> if (error) {
> memset(get->flow, 0, sizeof *get->flow);
> }
>
More information about the dev
mailing list