[ovs-dev] [PATCH 1/3] dpif-netdev: Fix cmap node use after free on flow disassociation.

Stokes, Ian ian.stokes at intel.com
Wed Oct 31 14:01:37 UTC 2018


> Data pointed by cmap node must not be freed while iterating.
> ovsrcu_postpone should be used instead.
> 

LGTM, I'll include this is this weeks pull request.

Ian

> CC: Finn Christensen <fc at napatech.com>
> Fixes: e8a2b5bf92bb ("netdev-dpdk: implement flow offload with rte flow")
> Signed-off-by: Ilya Maximets <i.maximets at samsung.com>
> ---
>  lib/dpif-netdev.c | 2 +-
>  lib/netdev-dpdk.c | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c index
> c44c417d3..3f7acb5dd 100644
> --- a/lib/dpif-netdev.c
> +++ b/lib/dpif-netdev.c
> @@ -2136,7 +2136,7 @@ megaflow_to_mark_disassociate(const ovs_u128
> *mega_ufid)
>          if (ovs_u128_equals(*mega_ufid, data->mega_ufid)) {
>              cmap_remove(&flow_mark.megaflow_to_mark,
>                          CONST_CAST(struct cmap_node *, &data->node),
> hash);
> -            free(data);
> +            ovsrcu_postpone(free, data);
>              return;
>          }
>      }
> diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c index
> 78a981d8f..d2b392f61 100644
> --- a/lib/netdev-dpdk.c
> +++ b/lib/netdev-dpdk.c
> @@ -4043,7 +4043,7 @@ ufid_to_rte_flow_disassociate(const ovs_u128 *ufid)
> {
>          if (ovs_u128_equals(*ufid, data->ufid)) {
>              cmap_remove(&ufid_to_rte_flow,
>                          CONST_CAST(struct cmap_node *, &data->node),
> hash);
> -            free(data);
> +            ovsrcu_postpone(free, data);
>              return;
>          }
>      }
> --
> 2.17.1



More information about the dev mailing list