[dpdk-stable] patch 'net/tap: fix crash in flow destroy' has been queued to LTS release 18.11.9

Kevin Traynor ktraynor at redhat.com
Fri Jun 5 20:24:34 CEST 2020

Previous message: [dpdk-stable] patch 'net/ixgbe: fix link status synchronization on BSD' has been queued to LTS release 18.11.9
Next message: [dpdk-stable] patch 'net/bnxt: fix FW version query' has been queued to LTS release 18.11.9
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to LTS release 18.11.9

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 06/10/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/38a16ce6529150af6431e6b879306c6d54e23b20

Thanks.

Kevin.

---
>From 38a16ce6529150af6431e6b879306c6d54e23b20 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen at networkplumber.org>
Date: Mon, 27 Apr 2020 14:39:26 -0700
Subject: [PATCH] net/tap: fix crash in flow destroy

[ upstream commit 8451387df206f5ad34461280ab6a2e5bfe382b9b ]

The TAP driver does not initialize all the elements of the rte_flow
structure. This can lead to crash in rte_flow_destroy.

(gdb) where
    flow=0x100e99280, error=0x0)
    at drivers/net/tap/tap_flow.c:1514

(gdb) p remote_flow
$1 = (struct rte_flow *) 0x6b6b6b6b6b6b6b6b

Which is here:
static int
tap_flow_destroy_pmd(struct pmd_internals *pmd,
		     struct rte_flow *flow,
		     struct rte_flow_error *error)
{
	struct rte_flow *remote_flow = flow->remote_flow;
...
	if (remote_flow) {
		remote_flow->msg.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;

Simplest fix is to use rte_zmalloc() so remote_flow and other fields
are always set at zero.

Fixes: 2bc06869cd94 ("net/tap: add remote netdevice traffic capture")

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
Reviewed-by: Ferruh Yigit <ferruh.yigit at intel.com>
---
 drivers/net/tap/tap_flow.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/net/tap/tap_flow.c b/drivers/net/tap/tap_flow.c
index d155618fc8..0c5043b63f 100644
--- a/drivers/net/tap/tap_flow.c
+++ b/drivers/net/tap/tap_flow.c
@@ -1379,5 +1379,5 @@ tap_flow_create(struct rte_eth_dev *dev,
 		goto fail;
 	}
-	flow = rte_malloc(__func__, sizeof(struct rte_flow), 0);
+	flow = rte_zmalloc(__func__, sizeof(struct rte_flow), 0);
 	if (!flow) {
 		rte_flow_error_set(error, ENOMEM, RTE_FLOW_ERROR_TYPE_HANDLE,
@@ -1415,5 +1415,5 @@ tap_flow_create(struct rte_eth_dev *dev,
 	 */
 	if (pmd->remote_if_index) {
-		remote_flow = rte_malloc(__func__, sizeof(struct rte_flow), 0);
+		remote_flow = rte_zmalloc(__func__, sizeof(struct rte_flow), 0);
 		if (!remote_flow) {
 			rte_flow_error_set(
@@ -1692,5 +1692,5 @@ int tap_flow_implicit_create(struct pmd_internals *pmd,
 	};
 
-	remote_flow = rte_malloc(__func__, sizeof(struct rte_flow), 0);
+	remote_flow = rte_zmalloc(__func__, sizeof(struct rte_flow), 0);
 	if (!remote_flow) {
 		TAP_LOG(ERR, "Cannot allocate memory for rte_flow");
@@ -1895,5 +1895,5 @@ static int rss_enable(struct pmd_internals *pmd,
 		}
 
-		rss_flow = rte_malloc(__func__, sizeof(struct rte_flow), 0);
+		rss_flow = rte_zmalloc(__func__, sizeof(struct rte_flow), 0);
 		if (!rss_flow) {
 			TAP_LOG(ERR,
-- 
2.21.3

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-06-05 19:20:52.882412244 +0100
+++ 0037-net-tap-fix-crash-in-flow-destroy.patch	2020-06-05 19:20:50.784041404 +0100
@@ -1 +1 @@
-From 8451387df206f5ad34461280ab6a2e5bfe382b9b Mon Sep 17 00:00:00 2001
+From 38a16ce6529150af6431e6b879306c6d54e23b20 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 8451387df206f5ad34461280ab6a2e5bfe382b9b ]
+
@@ -31 +32,0 @@
-Cc: stable at dpdk.org
@@ -40 +41 @@
-index 9d90361d99..1538349e9c 100644
+index d155618fc8..0c5043b63f 100644
@@ -43 +44 @@
-@@ -1381,5 +1381,5 @@ tap_flow_create(struct rte_eth_dev *dev,
+@@ -1379,5 +1379,5 @@ tap_flow_create(struct rte_eth_dev *dev,
@@ -50 +51 @@
-@@ -1417,5 +1417,5 @@ tap_flow_create(struct rte_eth_dev *dev,
+@@ -1415,5 +1415,5 @@ tap_flow_create(struct rte_eth_dev *dev,
@@ -57 +58 @@
-@@ -1694,5 +1694,5 @@ int tap_flow_implicit_create(struct pmd_internals *pmd,
+@@ -1692,5 +1692,5 @@ int tap_flow_implicit_create(struct pmd_internals *pmd,
@@ -64 +65 @@
-@@ -1897,5 +1897,5 @@ static int rss_enable(struct pmd_internals *pmd,
+@@ -1895,5 +1895,5 @@ static int rss_enable(struct pmd_internals *pmd,

Previous message: [dpdk-stable] patch 'net/ixgbe: fix link status synchronization on BSD' has been queued to LTS release 18.11.9
Next message: [dpdk-stable] patch 'net/bnxt: fix FW version query' has been queued to LTS release 18.11.9
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list