[ovs-git] [openvswitch/ovs] 3e29c9: dynamic-string: Fix a crash in ds_clone().

Vlad Buslov noreply at github.com
Mon Aug 16 20:02:30 UTC 2021 

  Branch: refs/heads/branch-2.16
  Home:   https://github.com/openvswitch/ovs
  Commit: 3e29c98d84a9d99c253af497a374124041b3d545
      https://github.com/openvswitch/ovs/commit/3e29c98d84a9d99c253af497a374124041b3d545
  Author: Sriharsha Basavapatna <sriharsha.basavapatna at broadcom.com>
  Date:   2021-08-16 (Mon, 16 Aug 2021)

  Changed paths:
    M lib/dynamic-string.c

  Log Message:
  -----------
  dynamic-string: Fix a crash in ds_clone().

ds_clone() crashes while trying to clone an empty dynamic string.
It happens because it doesn't check if memory was allocated and
tries to read from the NULL pointer.  ds_init() doesn't allocate
any memory.

For example:
In netdev_offload_dpdk_flow_create() when an offload request fails,
dump_flow() is called to log a warning message. The 's_tnl' string
in flow_patterns gets initialized in vport_to_rte_tunnel() conditionally
via ds_put_format(). If it is not initialized, it crashes later in
dump_flow_attr()->ds_clone()->memcpy() while dereferencing this string.

To fix this, check if memory for the src string has been allocated,
before copying it to the dst string.

Fixes: fa44a4a3ff7b ("ovn-controller: Persist desired conntrack groups.")
Signed-off-by: Sriharsha Basavapatna <sriharsha.basavapatna at broadcom.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: a7f5e856b946333e246868bce9f8f90f9d0517f6
      https://github.com/openvswitch/ovs/commit/a7f5e856b946333e246868bce9f8f90f9d0517f6
  Author: Sriharsha Basavapatna <sriharsha.basavapatna at broadcom.com>
  Date:   2021-08-16 (Mon, 16 Aug 2021)

  Changed paths:
    M lib/netdev-offload-dpdk.c

  Log Message:
  -----------
  netdev-offload-dpdk: Initialize s_tnl dynamic string.

The 's_tnl' member in flow_patterns and flow_actions should be
to set to DS_EMPTY_INITIALIZER, to be consistent with dynamic string
initializations.

Also, there's a potential memory leak of flow_patterns->s_tnl.
Fix this by destroying s_tnl in free_flow_patterns().

Fixes: 507d20e77bfe ("netdev-offload-dpdk: Support vports flows offload.")
Fixes: be56e063d028 ("netdev-offload-dpdk: Support tunnel pop action.")
Signed-off-by: Sriharsha Basavapatna <sriharsha.basavapatna at broadcom.com>
Acked-by: Gaetan Rivet <grive at u256.net>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: 972cdd5bc90dcd53e070ef178bef18a6487a2394
      https://github.com/openvswitch/ovs/commit/972cdd5bc90dcd53e070ef178bef18a6487a2394
  Author: Paolo Valerio <pvalerio at redhat.com>
  Date:   2021-08-16 (Mon, 16 Aug 2021)

  Changed paths:
    M lib/netlink-socket.c

  Log Message:
  -----------
  netlink-socket: Replace error with txn->error when logging nacked transactions.

in case nl_msg_nlmsgerr returns true which basically means that the
nlmsg_type == NLMSG_ERROR, we need to log the error code, besides the
descriptive representation, stored by nl_msg_nlmsgerr instead of
"error".

Fixes: 72d32ac0b3a1 ("netlink-socket: Make caller provide message receive buffers.")
Suggested-by: Marcelo Ricardo Leitner <mleitner at redhat.com>
Reviewed-by: Marcelo Ricardo Leitner <mleitner at redhat.com>
Signed-off-by: Paolo Valerio <pvalerio at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: 343585ff639c2fa0c4595832c0f7d7dff844557f
      https://github.com/openvswitch/ovs/commit/343585ff639c2fa0c4595832c0f7d7dff844557f
  Author: Vlad Buslov <vladbu at nvidia.com>
  Date:   2021-08-16 (Mon, 16 Aug 2021)

  Changed paths:
    M lib/tc.c

  Log Message:
  -----------
  tc: Set action flags for tunnel_key release.

The commit that enabled 'no_percpu' flag for compatible actions missed the
tunnel_key release action code. Add missing call to nl_msg_put_act_flags().

Fixes: 292d5bd9bb34 ("tc: Set 'no_percpu' flag for compatible actions")
Reported-by: Marcelo Ricardo Leitner <mleitner at redhat.com>
Signed-off-by: Vlad Buslov <vladbu at nvidia.com>
Reviewed-by: Roi Dayan <roid at nvidia.com>
Tested-by: Marcelo Ricardo Leitner <mleitner at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/80254376e3e7...343585ff639c

More information about the git mailing list