[ovs-git] [openvswitch/ovs] c4d8a4: ofproto-dpif: Fix using uninitialized execute hash.

Ilya Maximets noreply at github.com
Tue Jan 7 15:22:43 UTC 2020


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: c4d8a4e039991030c1298dbd1335d209cb437875
      https://github.com/openvswitch/ovs/commit/c4d8a4e039991030c1298dbd1335d209cb437875
  Author: Ilya Maximets <i.maximets at ovn.org>
  Date:   2020-01-07 (Tue, 07 Jan 2020)

  Changed paths:
    M ofproto/ofproto-dpif.c

  Log Message:
  -----------
  ofproto-dpif: Fix using uninitialized execute hash.

Most of callers doesn't initialize dpif_execute.hash leaving random
value from the stack.  And this random value used later while encoding
netlink message and might produce unwanted kernel behavior.

Fix that by fully initializing dpif_execute structure.  Using
designated initializers to avoid such issues in the future.

Fixes: 0442bfb11d6c ("ofproto-dpif-upcall: Echo HASH attribute back to datapath.")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: William Tu <u9012063 at gmail.com>
Acked-by: Ben Pfaff <blp at ovn.org>


  Commit: 924d94a695a6ca54b83d4bd42ec196ba53947c6d
      https://github.com/openvswitch/ovs/commit/924d94a695a6ca54b83d4bd42ec196ba53947c6d
  Author: Ilya Maximets <i.maximets at ovn.org>
  Date:   2020-01-07 (Tue, 07 Jan 2020)

  Changed paths:
    M ofproto/ofproto-dpif-upcall.c

  Log Message:
  -----------
  ofproto-dpif-upcall: Fix using uninitialized upcall hash.

upcalls are allocated on stack and 'hash' field must be initialized
regardless of attribute existence because it will be used later.

 Conditional jump or move depends on uninitialised value(s)
    at 0xFA74A7: dpif_netlink_encode_execute (dpif-netlink.c:1828)
    by 0xFA6DE8: dpif_netlink_operate__ (dpif-netlink.c:1906)
    by 0xFA612F: dpif_netlink_operate_chunks (dpif-netlink.c:2219)
    by 0xFA0E36: dpif_netlink_operate (dpif-netlink.c:2275)
    by 0xE5AFAC: dpif_operate (dpif.c:1376)
    by 0xDF3922: handle_upcalls (ofproto-dpif-upcall.c:1615)
    by 0xDF269B: recv_upcalls (ofproto-dpif-upcall.c:857)
    by 0xDF1C49: udpif_upcall_handler (ofproto-dpif-upcall.c:759)
    by 0xF3A3FE: ovsthread_wrapper (ovs-thread.c:383)
    by 0x565F6DA: start_thread (pthread_create.c:463)
    by 0x615988E: clone (clone.S:95)
  Uninitialised value was created by a stack allocation
    at 0xDF2258: recv_upcalls (ofproto-dpif-upcall.c:773)

Fixes: 0442bfb11d6c ("ofproto-dpif-upcall: Echo HASH attribute back to datapath.")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Acked-by: William Tu <u9012063 at gmail.com>


Compare: https://github.com/openvswitch/ovs/compare/af683565bae8...924d94a695a6


More information about the git mailing list