[ovs-git] [openvswitch/ovs] cf22bd: netdev-linux: Fix use of uninitialized LAG master ...

Ilya Maximets noreply at github.com
Mon May 24 19:42:07 UTC 2021


  Branch: refs/heads/branch-2.14
  Home:   https://github.com/openvswitch/ovs
  Commit: cf22bd251dd166360e4bb9d596be145f3d5e715e
      https://github.com/openvswitch/ovs/commit/cf22bd251dd166360e4bb9d596be145f3d5e715e
  Author: Ilya Maximets <i.maximets at ovn.org>
  Date:   2021-05-24 (Mon, 24 May 2021)

  Changed paths:
    M lib/netdev-linux.c

  Log Message:
  -----------
  netdev-linux: Fix use of uninitialized LAG master name.

'if_indextoname' may fail leaving the 'master_name' uninitialized:

 Conditional jump or move depends on uninitialised value(s)
    at 0x4C34329: strlen (vg_replace_strmem.c:459)
    by 0x51C638: hash_string (hash.h:342)
    by 0x51C638: hash_name (shash.c:28)
    by 0x51CC51: shash_find (shash.c:231)
    by 0x51CD38: shash_find_data (shash.c:245)
    by 0x4A797F: netdev_from_name (netdev.c:2013)
    by 0x544148: netdev_linux_update_lag (netdev-linux.c:676)
    by 0x544148: netdev_linux_run (netdev-linux.c:769)
    by 0x4A5997: netdev_run (netdev.c:186)
    by 0x40752B: main (ovs-vswitchd.c:129)
  Uninitialised value was created by a stack allocation
    at 0x543AFA: netdev_linux_run (netdev-linux.c:722)

Fixes: d22f8927c3c9 ("netdev-linux: monitor and offload LAG slaves to TC")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Mark D. Gray <mark.d.gray at redhat.com>


  Commit: 42af27b3eb63692b9ffcee1fadc19e6eee6d8d35
      https://github.com/openvswitch/ovs/commit/42af27b3eb63692b9ffcee1fadc19e6eee6d8d35
  Author: Ilya Maximets <i.maximets at ovn.org>
  Date:   2021-05-24 (Mon, 24 May 2021)

  Changed paths:
    M ofproto/ofproto-dpif.c

  Log Message:
  -----------
  ofproto-dpif: Fix use of uninitialized attributes of timeout policy.

'cdtp' is allocated on a stack and it has uninitialized 'present'
field that specifies which attributes are actually set.  This
causes use of uninitialized attributes.

 Conditional jump or move depends on uninitialised value(s)
    at 0x539651: dpif_netlink_get_nl_tp_udp_attrs (dpif-netlink.c:3206)
    by 0x539651: dpif_netlink_get_nl_tp_attrs (dpif-netlink.c:3234)
    by 0x539651: dpif_netlink_ct_set_timeout_policy (dpif-netlink.c:3370)
    by 0x42B615: ct_add_timeout_policy_to_dpif (ofproto-dpif.c:5421)
    by 0x42B615: ct_set_zone_timeout_policy (ofproto-dpif.c:5525)
    by 0x40BD98: ct_zones_reconfigure (bridge.c:756)
    by 0x40BD98: datapath_reconfigure (bridge.c:804)
    by 0x40D737: bridge_reconfigure (bridge.c:903)
    by 0x411720: bridge_run (bridge.c:3331)
    by 0x40751C: main (ovs-vswitchd.c:127)

Clearing the whole structure to avoid this kind of problems.

Fixes: 993cae678bca ("ofproto-dpif: Consume CT_Zone, and CT_Timeout_Policy tables")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Mark D. Gray <mark.d.gray at redhat.com>


  Commit: 146ff09f0601ed3a9d5c76849484ae3f33107cb9
      https://github.com/openvswitch/ovs/commit/146ff09f0601ed3a9d5c76849484ae3f33107cb9
  Author: Ilya Maximets <i.maximets at ovn.org>
  Date:   2021-05-24 (Mon, 24 May 2021)

  Changed paths:
    M lib/dpif-netlink.c

  Log Message:
  -----------
  dpif-netlink: Fix send of uninitialized memory in ct limit requests.

ct limit requests never initializes the whole 'struct ovs_zone_limit'
sending uninitialized stack memory to kernel:

 Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
    at 0x5E23867: sendmsg (in /usr/lib64/libpthread-2.28.so)
    by 0x54F761: nl_sock_transact_multiple__ (netlink-socket.c:858)
    by 0x54FB6E: nl_sock_transact_multiple.part.9 (netlink-socket.c:1079)
    by 0x54FCC0: nl_sock_transact_multiple (netlink-socket.c:1044)
    by 0x54FCC0: nl_sock_transact (netlink-socket.c:1108)
    by 0x550B6F: nl_transact (netlink-socket.c:1804)
    by 0x53BEA2: dpif_netlink_ct_get_limits (dpif-netlink.c:3052)
    by 0x588B57: dpctl_ct_get_limits (dpctl.c:2178)
    by 0x586FF2: dpctl_unixctl_handler (dpctl.c:2870)
    by 0x52C241: process_command (unixctl.c:310)
    by 0x52C241: run_connection (unixctl.c:344)
    by 0x52C241: unixctl_server_run (unixctl.c:395)
    by 0x407526: main (ovs-vswitchd.c:128)
  Address 0x10b87480 is 32 bytes inside a block of size 4,096 alloc'd
    at 0x4C30F0B: malloc (vg_replace_malloc.c:307)
    by 0x52CDE4: xmalloc (util.c:138)
    by 0x4F7E07: ofpbuf_init (ofpbuf.c:123)
    by 0x4F7E07: ofpbuf_new (ofpbuf.c:151)
    by 0x53BDE3: dpif_netlink_ct_get_limits (dpif-netlink.c:3025)
    by 0x588B57: dpctl_ct_get_limits (dpctl.c:2178)
    by 0x586FF2: dpctl_unixctl_handler (dpctl.c:2870)
    by 0x52C241: process_command (unixctl.c:310)
    by 0x52C241: run_connection (unixctl.c:344)
    by 0x52C241: unixctl_server_run (unixctl.c:395)
    by 0x407526: main (ovs-vswitchd.c:128)
  Uninitialised value was created by a stack allocation
    at 0x46AAA0: ct_dpif_get_limits (ct-dpif.c:197)

Fix that by using designated initializers that will clear all the
non-specified fields.

Fixes: 906ff9d229ee ("dpif-netlink: Implement conntrack zone limit")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Mark D. Gray <mark.d.gray at redhat.com>


Compare: https://github.com/openvswitch/ovs/compare/0050d9401554...146ff09f0601


More information about the git mailing list