[ovs-git] [openvswitch/ovs] aaa596: ipf: Fix a use-after-free error, and remove the 'd...

Aaron Conole noreply at github.com
Tue Jun 15 13:17:56 UTC 2021


  Branch: refs/heads/branch-2.15
  Home:   https://github.com/openvswitch/ovs
  Commit: aaa59670556fb8b9ced632d499c25ac91c4232c7
      https://github.com/openvswitch/ovs/commit/aaa59670556fb8b9ced632d499c25ac91c4232c7
  Author: Aaron Conole <aconole at redhat.com>
  Date:   2021-06-15 (Tue, 15 Jun 2021)

  Changed paths:
    M lib/dp-packet.h
    M lib/dpif-netdev.c
    M lib/ipf.c

  Log Message:
  -----------
  ipf: Fix a use-after-free error, and remove the 'do_not_steal' flag.

As reported by Wang Liang, the way packets are passed to the ipf module
doesn't allow for use later on in reassembly.  Such packets may be get
released anyway, such as during cleanup of tx processing.  Because the
ipf module lacks a way of forcing the dp_packet to be retained, it
will later reuse the packet.  Instead, just clone the packet and let the
ipf queue own the copy until the queue is destroyed.

After this change, there are no more in-tree users of the batch
'do_not_steal' flag.  Thus, we remove it as well.

Fixes: 4ea96698f667 ("Userspace datapath: Add fragmentation handling.")
Fixes: 0b3ff31d35f5 ("dp-packet: Add 'do_not_steal' packet batch flag.")
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2021-April/382098.html
Reported-by: Wang Liang <wangliangrt at didiglobal.com>
Signed-off-by: Aaron Conole <aconole at redhat.com>
Co-authored-by: Wang Liang <wangliangrt at didiglobal.com>
Signed-off-by: Wang Liang <wangliangrt at didiglobal.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>




More information about the git mailing list