[ovs-dev] [PATCH] netdev-linux: Fix segfault in update_lag().

Tiago Lam tiago.lam at intel.com
Thu Jul 5 18:24:47 UTC 2018


A bissect shows that commit d22f892 ("netdev-linux: monitor and offload
LAG slaves to TC") introduced netdev_linux_update_lag(), which is now
triggering a crash in the "datapath - ping over bond" test in
system-userspace-testsuite:

  (gdb) bt
  #0  0x00000000009762e7 in netdev_linux_update_lag (change=0x7ffdff013750) at lib/netdev-linux.c:728
  728                 if (is_netdev_linux_class(master_netdev->netdev_class)) {

This fixes the crash by simply returning in case netdev_from_name()
returns NULL, as this should indicate the master is not attached to the
bridge.

Additionally, netdev_linux_update_lag() isn't "clearing" the netdev
reference it gets from netdev_from_name(), meaning its ref_cnt is
incremented but never decremented. Thus, also call netdev_close() before
returning.

CC: John Hurley <john.hurley at netronome.com>
Fixes: d22f8927 ("netdev-linux: monitor and offload LAG slaves to TC")
Signed-off-by: Tiago Lam <tiago.lam at intel.com>
---
 lib/netdev-linux.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/netdev-linux.c b/lib/netdev-linux.c
index 8e6c637..0c42268 100644
--- a/lib/netdev-linux.c
+++ b/lib/netdev-linux.c
@@ -724,11 +724,15 @@ netdev_linux_update_lag(struct rtnetlink_change *change)
 
             if_indextoname(change->master_ifindex, master_name);
             master_netdev = netdev_from_name(master_name);
+            if (!master_netdev) {
+                return;
+            }
 
             if (is_netdev_linux_class(master_netdev->netdev_class)) {
                 block_id = netdev_get_block_id(master_netdev);
                 if (!block_id) {
-                   return;
+                    netdev_close(master_netdev);
+                    return;
                 }
 
                 lag = xmalloc(sizeof *lag);
@@ -744,6 +748,8 @@ netdev_linux_update_lag(struct rtnetlink_change *change)
                     free(lag);
                 }
             }
+
+            netdev_close(master_netdev);
         }
     } else if (change->master_ifindex == 0) {
         /* Check if this was a lag slave that has been freed. */
-- 
2.7.4



More information about the dev mailing list