datapath: Make sure that the "reserved" byte in user-provided flow is zero.

Otherwise we could return a "false negative" lookup result to the user.
(This is not known to fix any real bug; for it to do so, there would have
to be userspace code that doesn't initialize the "reserved" byte, but I
don't know of any.)

diff --git a/datapath/datapath.c b/datapath/datapath.c
index 897261194f9ab959e8f4d80236b0103475bb4eae..34172027c1a99ac2edf4dbbe61a1dbce6ed21a7c 100644 (file)
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -882,6 +882,7 @@ static int put_flow(struct datapath *dp, struct odp_flow_put __user *ufp)
        error = -EFAULT;
        if (copy_from_user(&uf, ufp, sizeof(struct odp_flow_put)))
                goto error;
+       uf.flow.key.reserved = 0;
 
 retry:
        table = rcu_dereference(dp->table);
@@ -1025,6 +1026,7 @@ static int del_or_query_flow(struct datapath *dp,
        error = -EFAULT;
        if (copy_from_user(&uf, ufp, sizeof uf))
                goto error;
+       uf.key.reserved = 0;
 
        flow = dp_table_lookup(table, &uf.key);
        error = -ENOENT;
@@ -1065,6 +1067,7 @@ static int query_multiple_flows(struct datapath *dp,
 
                if (__copy_from_user(&uf, ufp, sizeof uf))
                        return -EFAULT;
+               uf.key.reserved = 0;
 
                flow = dp_table_lookup(table, &uf.key);
                if (!flow)