[ovs-git] [openvswitch/ovs] f8cc5a: dynamic-string: Fix a crash in ds_clone().

Vlad Buslov noreply at github.com
Mon Aug 16 20:02:39 UTC 2021 

  Branch: refs/heads/branch-2.15
  Home:   https://github.com/openvswitch/ovs
  Commit: f8cc5aa35cdbb4bec47f22a2b6e75f24e5fd7679
      https://github.com/openvswitch/ovs/commit/f8cc5aa35cdbb4bec47f22a2b6e75f24e5fd7679
  Author: Sriharsha Basavapatna <sriharsha.basavapatna at broadcom.com>
  Date:   2021-08-16 (Mon, 16 Aug 2021)

  Changed paths:
    M lib/dynamic-string.c

  Log Message:
  -----------
  dynamic-string: Fix a crash in ds_clone().

ds_clone() crashes while trying to clone an empty dynamic string.
It happens because it doesn't check if memory was allocated and
tries to read from the NULL pointer.  ds_init() doesn't allocate
any memory.

For example:
In netdev_offload_dpdk_flow_create() when an offload request fails,
dump_flow() is called to log a warning message. The 's_tnl' string
in flow_patterns gets initialized in vport_to_rte_tunnel() conditionally
via ds_put_format(). If it is not initialized, it crashes later in
dump_flow_attr()->ds_clone()->memcpy() while dereferencing this string.

To fix this, check if memory for the src string has been allocated,
before copying it to the dst string.

Fixes: fa44a4a3ff7b ("ovn-controller: Persist desired conntrack groups.")
Signed-off-by: Sriharsha Basavapatna <sriharsha.basavapatna at broadcom.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: 079a4de723bffad96b99156b472ccd8a4766e75b
      https://github.com/openvswitch/ovs/commit/079a4de723bffad96b99156b472ccd8a4766e75b
  Author: Paolo Valerio <pvalerio at redhat.com>
  Date:   2021-08-16 (Mon, 16 Aug 2021)

  Changed paths:
    M lib/netlink-socket.c

  Log Message:
  -----------
  netlink-socket: Replace error with txn->error when logging nacked transactions.

in case nl_msg_nlmsgerr returns true which basically means that the
nlmsg_type == NLMSG_ERROR, we need to log the error code, besides the
descriptive representation, stored by nl_msg_nlmsgerr instead of
"error".

Fixes: 72d32ac0b3a1 ("netlink-socket: Make caller provide message receive buffers.")
Suggested-by: Marcelo Ricardo Leitner <mleitner at redhat.com>
Reviewed-by: Marcelo Ricardo Leitner <mleitner at redhat.com>
Signed-off-by: Paolo Valerio <pvalerio at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: d3ff41d609f70072293a3d253a05d74d0def22c5
      https://github.com/openvswitch/ovs/commit/d3ff41d609f70072293a3d253a05d74d0def22c5
  Author: Vlad Buslov <vladbu at nvidia.com>
  Date:   2021-08-16 (Mon, 16 Aug 2021)

  Changed paths:
    M lib/tc.c

  Log Message:
  -----------
  tc: Set action flags for tunnel_key release.

The commit that enabled 'no_percpu' flag for compatible actions missed the
tunnel_key release action code. Add missing call to nl_msg_put_act_flags().

Fixes: 292d5bd9bb34 ("tc: Set 'no_percpu' flag for compatible actions")
Reported-by: Marcelo Ricardo Leitner <mleitner at redhat.com>
Signed-off-by: Vlad Buslov <vladbu at nvidia.com>
Reviewed-by: Roi Dayan <roid at nvidia.com>
Tested-by: Marcelo Ricardo Leitner <mleitner at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/64d1bba91931...d3ff41d609f7

More information about the git mailing list