[ovs-dev] [PATCH v2] dynamic-string: fix a crash in ds_clone()
Ilya Maximets
i.maximets at ovn.org
Mon Aug 16 20:04:14 UTC 2021
On 8/13/21 4:39 AM, Sriharsha Basavapatna via dev wrote:
> On Fri, Aug 13, 2021 at 4:07 AM Ilya Maximets <i.maximets at ovn.org> wrote:
>>
>> On 8/12/21 8:33 AM, Sriharsha Basavapatna via dev wrote:
>>> In netdev_offload_dpdk_flow_create() when an offload request fails,
>>> dump_flow() is called to log a warning message. The 's_tnl' string
>>> in flow_patterns gets initialized in vport_to_rte_tunnel() conditionally
>>> via ds_put_format(). If it is not initialized, it crashes later in
>>> dump_flow_attr()->ds_clone()->memcpy() while dereferencing this string.
>>>
>>> To fix this, check if memory for the src string has been allocated,
>>> before copying it to the dst string.
>>>
>>> Fixes: fa44a4a3ff7b ("ovn-controller: Persist desired conntrack groups.")
>>> Signed-off-by: Sriharsha Basavapatna <sriharsha.basavapatna at broadcom.com>
>>>
>>> ---
>>>
>>> v1->v2: fix ds_clone(); ds_cstr() not needed in callers.
>>
>> Thanks! This version looks good to me. I'd add a few more generic
>> words to the commit message, so it will be easier to understand the
>> change on older branches, but I can do that before applying the patch.
>
> Yes, please feel free to update the commit message, thanks !
Thanks! Applied to master and backported down to 2.12.
Best regards, Ilya Maximets.
More information about the dev
mailing list