[ovs-git] [openvswitch/ovs] da3828: dpif: Fix dp_extra_info leak by reworking the allo...
Ilya Maximets
noreply at github.com
Tue Jan 28 14:11:32 UTC 2020
Branch: refs/heads/branch-2.13
Home: https://github.com/openvswitch/ovs
Commit: da3828f03b657131bf29cc185832e0556615b041
https://github.com/openvswitch/ovs/commit/da3828f03b657131bf29cc185832e0556615b041
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-01-27 (Mon, 27 Jan 2020)
Changed paths:
M lib/dpctl.c
M lib/dpif-netdev.c
M lib/dpif.c
M lib/dpif.h
M ofproto/ofproto-dpif-upcall.c
M ofproto/ofproto-dpif.c
Log Message:
-----------
dpif: Fix dp_extra_info leak by reworking the allocation scheme.
dpctl module leaks the 'dp_extra_info' in case the dumped flow doesn't
fit the dump filter while executing dpctl/dump-flows and also while
executing dpctl/get-flow.
This is already a 3rd attempt to fix all the leaks and incorrect usage
of this string that definitely indicates poor initial design of the
feature.
Flow dump/get documentation clearly states that the caller does not own
the data provided in dpif_flow. Datapath still owns all the data and
promises to not free/modify it until the next quiescent period, however
we're requesting the caller to free 'dp_extra_info' and this obviously
breaks the rules.
This patch fixes the issue by by storing 'dp_extra_info' within
'struct dp_netdev_flow' making datapath to own it. 'dp_netdev_flow'
is RCU-protected, so it will be valid until the next quiescent period.
Fixes: 0e8f5c6a38d0 ("dpif-netdev: Modified ovs-appctl dpctl/dump-flows command")
Tested-by: Emma Finn <emma.finn at intel.com>
Acked-by: Emma Finn <emma.finn at intel.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
More information about the git
mailing list