From: Ben Pfaff Date: Wed, 9 Mar 2011 18:39:30 +0000 (-0800) Subject: datapath: Avoid random tun_id in odp_packet_cmd_execute(). X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16ceb69e8f8f7a6988a90e6c70f4654bcf62818b;p=openvswitch datapath: Avoid random tun_id in odp_packet_cmd_execute(). flow_extract() sets key->tun_id from OVS_CB(packet)->tun_id, which until now has contained whatever Netlink put there in its NETLINK_CB structure. Zero it earlier so that its value is at least predictable. The resulting code is still not correct, because key->tun_id and key->in_port are now set to arbitrary values. I have known about this since I wrote this function (and before, too, in its earlier incarnations), but until now I did not think that it was a problem because I did not think that there were any users along this code path. But that is wrong: sFlow sampling uses tun_id and in_port and ODP_ACTION_ATTR_CONTROLLER uses in_port. So we need a way to pass these back down from userspace. An upcoming commit will add a way. Signed-off-by: Ben Pfaff Acked-by: Jesse Gross --- diff --git a/datapath/datapath.c b/datapath/datapath.c index 5633dc9c..b25b8996 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -711,13 +711,13 @@ static int odp_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info) else packet->protocol = htons(ETH_P_802_2); + /* Initialize OVS_CB (it came from Netlink so might not be zeroed). */ + memset(OVS_CB(packet), 0, sizeof(struct ovs_skb_cb)); + err = flow_extract(packet, -1, &key, &is_frag); if (err) goto exit; - /* Initialize OVS_CB (it came from Netlink so might not be zeroed). */ - memset(OVS_CB(packet), 0, sizeof(struct ovs_skb_cb)); - rcu_read_lock(); dp = get_dp(odp_header->dp_ifindex); err = -ENODEV;