[ovs-git] [openvswitch/ovs] 640d4d: ipf: Fix a use-after-free error, and remove the 'd...

Aaron Conole noreply at github.com
Tue Jun 15 13:17:46 UTC 2021


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 640d4db788eda96bb904abcfc7de2327107bafe1
      https://github.com/openvswitch/ovs/commit/640d4db788eda96bb904abcfc7de2327107bafe1
  Author: Aaron Conole <aconole at redhat.com>
  Date:   2021-06-15 (Tue, 15 Jun 2021)

  Changed paths:
    M lib/dp-packet.h
    M lib/dpif-netdev.c
    M lib/ipf.c

  Log Message:
  -----------
  ipf: Fix a use-after-free error, and remove the 'do_not_steal' flag.

As reported by Wang Liang, the way packets are passed to the ipf module
doesn't allow for use later on in reassembly.  Such packets may be get
released anyway, such as during cleanup of tx processing.  Because the
ipf module lacks a way of forcing the dp_packet to be retained, it
will later reuse the packet.  Instead, just clone the packet and let the
ipf queue own the copy until the queue is destroyed.

After this change, there are no more in-tree users of the batch
'do_not_steal' flag.  Thus, we remove it as well.

Fixes: 4ea96698f667 ("Userspace datapath: Add fragmentation handling.")
Fixes: 0b3ff31d35f5 ("dp-packet: Add 'do_not_steal' packet batch flag.")
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2021-April/382098.html
Reported-by: Wang Liang <wangliangrt at didiglobal.com>
Signed-off-by: Aaron Conole <aconole at redhat.com>
Co-authored-by: Wang Liang <wangliangrt at didiglobal.com>
Signed-off-by: Wang Liang <wangliangrt at didiglobal.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>




More information about the git mailing list