[ovs-dev] [PATCH] dpif: Fix dp_extra_info leak by reworking the allocation scheme.

Ilya Maximets i.maximets at ovn.org
Thu Jan 23 17:52:48 UTC 2020


On Thu, Jan 23, 2020 at 6:22 PM Ilya Maximets <i.maximets at ovn.org> wrote:
>
> dpctl module leaks the 'dp_extra_info' in case the dumped flow doesn't
> fit the dump filter while executing dpctl/dump-flows and also while
> executing dpctl/get-flow.
>
> This is already a 3rd attempt to fix all the leaks and incorrect usage
> of this string that definitely indicates poor initial design of the
> feature.
>
> Flow dump/get documentation clearly states that the caller does not own
> the data provided in dpif_flow.  Datapath still owns all the data and
> promises to not free/modify it until the next quiescent period, however
> we're requesting the caller to free 'dp_extra_info' and this obviously
> breaks the rules.
>
> This patch fixes the issue by by storing 'dp_extra_info' within
> 'struct dp_netdev_flow' making datapath to own it.  'dp_netdev_flow'
> is RCU-protected, so it will be valid until the next quiescent period.
>
> CC: Emma Finn <emma.finn at intel.com>
> Fixes: 0e8f5c6a38d0 ("dpif-netdev: Modified ovs-appctl dpctl/dump-flows command")
> Signed-off-by: Ilya Maximets <i.maximets at ovn.org>

Sorry, this version is broken due to last minute change that I didn't
properly test.
Will send a v2.

Best regards, Ilya Maximets.


More information about the dev mailing list