GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/1.1/patches/2231591/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2231591,
    "url": "http://patchwork.ozlabs.org/api/1.1/patches/2231591/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/openvswitch/patch/20260430213349.407991-1-i.maximets@ovn.org/",
    "project": {
        "id": 47,
        "url": "http://patchwork.ozlabs.org/api/1.1/projects/47/?format=api",
        "name": "Open vSwitch",
        "link_name": "openvswitch",
        "list_id": "ovs-dev.openvswitch.org",
        "list_email": "ovs-dev@openvswitch.org",
        "web_url": "http://openvswitch.org/",
        "scm_url": "git@github.com:openvswitch/ovs.git",
        "webscm_url": "https://github.com/openvswitch/ovs"
    },
    "msgid": "<20260430213349.407991-1-i.maximets@ovn.org>",
    "date": "2026-04-30T21:32:50",
    "name": "[ovs-dev,net] openvswitch: vport: fix race between tunnel creation and linking",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "be60357383d8fb41b6a7bd476051d4026d1db2dd",
    "submitter": {
        "id": 76798,
        "url": "http://patchwork.ozlabs.org/api/1.1/people/76798/?format=api",
        "name": "Ilya Maximets",
        "email": "i.maximets@ovn.org"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/openvswitch/patch/20260430213349.407991-1-i.maximets@ovn.org/mbox/",
    "series": [
        {
            "id": 502393,
            "url": "http://patchwork.ozlabs.org/api/1.1/series/502393/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/openvswitch/list/?series=502393",
            "date": "2026-04-30T21:32:50",
            "name": "[ovs-dev,net] openvswitch: vport: fix race between tunnel creation and linking",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/502393/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2231591/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2231591/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "<ovs-dev-bounces@openvswitch.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "dev@openvswitch.org"
        ],
        "Delivered-To": [
            "patchwork-incoming@legolas.ozlabs.org",
            "ovs-dev@lists.linuxfoundation.org"
        ],
        "Authentication-Results": [
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org\n (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)",
            "smtp4.osuosl.org;\n dmarc=none (p=none dis=none) header.from=ovn.org"
        ],
        "Received": [
            "from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g66r523Svz1yHZ\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 01 May 2026 07:34:11 +1000 (AEST)",
            "from localhost (localhost [127.0.0.1])\n\tby smtp2.osuosl.org (Postfix) with ESMTP id 8B7F240E75;\n\tThu, 30 Apr 2026 21:34:09 +0000 (UTC)",
            "from smtp2.osuosl.org ([127.0.0.1])\n by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id L4Wjp-jt7Zc0; Thu, 30 Apr 2026 21:34:08 +0000 (UTC)",
            "from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])\n\tby smtp2.osuosl.org (Postfix) with ESMTPS id 448C24059F;\n\tThu, 30 Apr 2026 21:34:08 +0000 (UTC)",
            "from lf-lists.osuosl.org (localhost [127.0.0.1])\n\tby lists.linuxfoundation.org (Postfix) with ESMTP id 28085C04E8;\n\tThu, 30 Apr 2026 21:34:08 +0000 (UTC)",
            "from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n by lists.linuxfoundation.org (Postfix) with ESMTP id 4FBB3C04E7\n for <dev@openvswitch.org>; Thu, 30 Apr 2026 21:34:06 +0000 (UTC)",
            "from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id 2FF1641DB5\n for <dev@openvswitch.org>; Thu, 30 Apr 2026 21:34:06 +0000 (UTC)",
            "from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id rvnktHfij71I for <dev@openvswitch.org>;\n Thu, 30 Apr 2026 21:34:05 +0000 (UTC)",
            "from mail-wr1-f67.google.com (mail-wr1-f67.google.com\n [209.85.221.67])\n by smtp4.osuosl.org (Postfix) with ESMTPS id E90C541DB3\n for <dev@openvswitch.org>; Thu, 30 Apr 2026 21:34:04 +0000 (UTC)",
            "by mail-wr1-f67.google.com with SMTP id\n ffacd0b85a97d-43d7e23defbso833227f8f.0\n for <dev@openvswitch.org>; Thu, 30 Apr 2026 14:34:04 -0700 (PDT)",
            "from im-t490s.redhat.com (89-24-32-159.nat.epc.tmcz.cz.\n [89.24.32.159]) by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-44a986aa3a5sm360701f8f.26.2026.04.30.14.34.01\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 30 Apr 2026 14:34:02 -0700 (PDT)"
        ],
        "X-Virus-Scanned": [
            "amavis at osuosl.org",
            "amavis at osuosl.org"
        ],
        "X-Comment": "SPF check N/A for local connections - client-ip=140.211.9.56;\n helo=lists.linuxfoundation.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN> ",
        "DKIM-Filter": [
            "OpenDKIM Filter v2.11.0 smtp2.osuosl.org 448C24059F",
            "OpenDKIM Filter v2.11.0 smtp4.osuosl.org E90C541DB3"
        ],
        "Received-SPF": "Pass (mailfrom) identity=mailfrom; client-ip=209.85.221.67;\n helo=mail-wr1-f67.google.com; envelope-from=i.maximets.ovn@gmail.com;\n receiver=<UNKNOWN>",
        "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp4.osuosl.org E90C541DB3",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777584843; x=1778189643;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=sfmPhFElhLAwy6YMf8rD+Yyjnbfd1EzluOPK8WXa+TM=;\n b=M4O9uoDT1e003Ts8SGRJ6uclnSW4RS/NnJLZRK9UNml7uRZoZugaxD1e+ZYMxCihlz\n LADsnSLuyYemo5xaNL+17Z9V2ctB5qO2rsX5Z6FaqpI525k64KKDYPh5YgpkGDsQGA2X\n DpHx0ubdZNyc3AtENuXjseKHdSc0mJSyeBfZtZsfCWwx78kXn2eORcQgpIOKZJ5uacs/\n oO8brL2mKCDma1VZ/wmHobgWTZyRdRcPgRsELF6e7w1yEpXk6L5szSIU+AJqBCnVjUzx\n sk2BSwnZDVp05Go/bn+faGpwt6i6/pAiMMU9N1Fq//zgDoXp2hVpMBGdZPXtte0Iq3TB\n NMiA==",
        "X-Forwarded-Encrypted": "i=1;\n AFNElJ9Lze4LrtTilSPZmXAXv5c/3f6RGiB87r4XPrferwFbOOay2/rddoq8mhSr4rzgFvn5dIU=@openvswitch.org",
        "X-Gm-Message-State": "AOJu0YwBefvMvf4v/4SpWfLP2PguD5m4Y5uytuqcXiE55475SWYCaogc\n QbXnqbbkLkjgp/WVxdrOBrGjllcfWGgDXOz32s4YcP3twzNaeWBF4nD4",
        "X-Gm-Gg": "AeBDievpnJeM8yrCb/cD3uyz629xvOS09HHSSoYKTfzRTiI5/DQd6v/99Xm1lQeFDcS\n xr/PxKsb/BYYdN+he+HAWd1Ssrbe2+azlfya29iJOm7TiH4MMSKMOai0YfjYKX44liYzi+o4aa2\n u0/ZjVj3g7VJDlqP9sEz7I+xGN/2VM3kZIP5jEfivOUgd4z16Rf7zpsJzPRDylPYz1LBWvt1y70\n SPXiWfLN7Q+RjzneSJoSE0g23ohXKEPb/4vZJiRkuPimeozTbWD8uv0TkUOqxud1t6klNSn9yTk\n zLwNPdoRv8yj7oSHnkB4cqD5iuSUNZwE6ziaB/6hxKaGCm4HWYJauaMJh6fVHdB1MBBj+Df8HGK\n pzqfSl4oQysxUfMkzjj4xjjgJMi5Lq+n+v7ijph1bAJP7+25YKjnIaAZVo3Art5cNM/6pC19GC6\n wOSbQjpcC/+LXVaaZjiT/9FWQG+JYTBjPbtXtaTK5UJ2eKu5+qszQHdAOIcrp9+tAVwqwyanLKh\n lpxY8D4",
        "X-Received": "by 2002:a5d:5f82:0:b0:43d:c95b:c46f with SMTP id\n ffacd0b85a97d-44a88cdf06fmr572444f8f.38.1777584842576;\n Thu, 30 Apr 2026 14:34:02 -0700 (PDT)",
        "From": "Ilya Maximets <i.maximets@ovn.org>",
        "To": "netdev@vger.kernel.org",
        "Date": "Thu, 30 Apr 2026 23:32:50 +0200",
        "Message-ID": "<20260430213349.407991-1-i.maximets@ovn.org>",
        "X-Mailer": "git-send-email 2.53.0",
        "MIME-Version": "1.0",
        "Subject": "[ovs-dev] [PATCH net] openvswitch: vport: fix race between tunnel\n creation and linking",
        "X-BeenThere": "ovs-dev@openvswitch.org",
        "X-Mailman-Version": "2.1.30",
        "Precedence": "list",
        "List-Id": "<ovs-dev.openvswitch.org>",
        "List-Unsubscribe": "<https://mail.openvswitch.org/mailman/options/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>",
        "List-Archive": "<http://mail.openvswitch.org/pipermail/ovs-dev/>",
        "List-Post": "<mailto:ovs-dev@openvswitch.org>",
        "List-Help": "<mailto:ovs-dev-request@openvswitch.org?subject=help>",
        "List-Subscribe": "<https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>",
        "Cc": "dev@openvswitch.org, Yifan Wu <yifanwucs@gmail.com>,\n Xin Liu <bird@lzu.edu.cn>, linux-kernel@vger.kernel.org,\n Ilya Maximets <i.maximets@ovn.org>, Juefei Pu <tomapufckgml@gmail.com>,\n Yang Yang <n05ec@lzu.edu.cn>, Eric Dumazet <edumazet@google.com>,\n Simon Horman <horms@kernel.org>, Jakub Kicinski <kuba@kernel.org>,\n Paolo Abeni <pabeni@redhat.com>, Yuan Tan <tanyuan98@outlook.com>,\n \"David S. Miller\" <davem@davemloft.net>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Errors-To": "ovs-dev-bounces@openvswitch.org",
        "Sender": "\"dev\" <ovs-dev-bounces@openvswitch.org>"
    },
    "content": "When a tunnel vport is created it first creates the tunnel device, e.g.,\nwith geneve_dev_create_fb(), then it calls ovs_netdev_link() to take a\nreference and link it to the device that represents openvswitch datapath.\n\nThe creation of the device is happening under RTNL, but then RTNL is\nreleased and re-acquired to find the device by name.  It is technically\npossible for the tunnel device to be re-named or deleted within that\nwindow while RTNL is not held, and some other device created in its\nplace.  This will cause a non-tunnel device to be referenced in the\nvport and tunnel-specific functions used on it, e.g. vxlan_get_options()\nthat directly casts the private netdev data into a struct vxlan_dev\ncausing an invalid memory access:\n\n BUG: KASAN: slab-use-after-free in vxlan_get_options+0x323/0x3a0\n  vxlan_get_options+0x323/0x3a0\n  ovs_vport_cmd_new+0x6e3/0xd30\n\nFix that by taking a reference to the just created device before\nreleasing RTNL.  This ensures that the device in the vport is always\nthe one that was just created.  The search by name is only needed\nfor a standard vport-netdev that links pre-existing devices, so that\nfunctionality and device type checks are moved to netdev_create().\n\nIt is also awkward that ovs_netdev_link() takes ownership of the vport\nand destroys it on failure.  It doesn't know the type of the port it is\ndealing with, so we need to pass down the indicator that it's a tunnel,\nso the link can be properly deleted on failure.\n\nIt's possible to refactor the logic to make the ovs_netdev_link() do\nonly the linking part and let the callers perform a proper destruction,\nbut it will be much more code for each legacy tunnel port type, so it\nis not worth it for the bug fix.\n\nFixes: 614732eaa12d (\"openvswitch: Use regular VXLAN net_device device\")\nReported-by: Yuan Tan <tanyuan98@outlook.com>\nReported-by: Yifan Wu <yifanwucs@gmail.com>\nReported-by: Juefei Pu <tomapufckgml@gmail.com>\nReported-by: Xin Liu <bird@lzu.edu.cn>\nReported-by: Yang Yang <n05ec@lzu.edu.cn>\nSigned-off-by: Ilya Maximets <i.maximets@ovn.org>\n---\n net/openvswitch/vport-geneve.c |  5 ++-\n net/openvswitch/vport-gre.c    |  5 ++-\n net/openvswitch/vport-netdev.c | 58 ++++++++++++++++++++--------------\n net/openvswitch/vport-netdev.h |  2 +-\n net/openvswitch/vport-vxlan.c  |  5 ++-\n 5 files changed, 48 insertions(+), 27 deletions(-)",
    "diff": "diff --git a/net/openvswitch/vport-geneve.c b/net/openvswitch/vport-geneve.c\nindex b10e1602c6b14..cb5ea4424ffc8 100644\n--- a/net/openvswitch/vport-geneve.c\n+++ b/net/openvswitch/vport-geneve.c\n@@ -97,6 +97,9 @@ static struct vport *geneve_tnl_create(const struct vport_parms *parms)\n \t\tgoto error;\n \t}\n \n+\tvport->dev = dev;\n+\tnetdev_hold(vport->dev, &vport->dev_tracker, GFP_KERNEL);\n+\n \trtnl_unlock();\n \treturn vport;\n error:\n@@ -111,7 +114,7 @@ static struct vport *geneve_create(const struct vport_parms *parms)\n \tif (IS_ERR(vport))\n \t\treturn vport;\n \n-\treturn ovs_netdev_link(vport, parms->name);\n+\treturn ovs_netdev_link(vport, true);\n }\n \n static struct vport_ops ovs_geneve_vport_ops = {\ndiff --git a/net/openvswitch/vport-gre.c b/net/openvswitch/vport-gre.c\nindex 4014c9b5eb798..6cb5a697b396a 100644\n--- a/net/openvswitch/vport-gre.c\n+++ b/net/openvswitch/vport-gre.c\n@@ -63,6 +63,9 @@ static struct vport *gre_tnl_create(const struct vport_parms *parms)\n \t\treturn ERR_PTR(err);\n \t}\n \n+\tvport->dev = dev;\n+\tnetdev_hold(vport->dev, &vport->dev_tracker, GFP_KERNEL);\n+\n \trtnl_unlock();\n \treturn vport;\n }\n@@ -75,7 +78,7 @@ static struct vport *gre_create(const struct vport_parms *parms)\n \tif (IS_ERR(vport))\n \t\treturn vport;\n \n-\treturn ovs_netdev_link(vport, parms->name);\n+\treturn ovs_netdev_link(vport, true);\n }\n \n static struct vport_ops ovs_gre_vport_ops = {\ndiff --git a/net/openvswitch/vport-netdev.c b/net/openvswitch/vport-netdev.c\nindex 12055af832dc0..a92ca8b37f96a 100644\n--- a/net/openvswitch/vport-netdev.c\n+++ b/net/openvswitch/vport-netdev.c\n@@ -73,37 +73,21 @@ static struct net_device *get_dpdev(const struct datapath *dp)\n \treturn local->dev;\n }\n \n-struct vport *ovs_netdev_link(struct vport *vport, const char *name)\n+struct vport *ovs_netdev_link(struct vport *vport, bool tunnel)\n {\n \tint err;\n \n-\tvport->dev = dev_get_by_name(ovs_dp_get_net(vport->dp), name);\n-\tif (!vport->dev) {\n+\tif (WARN_ON_ONCE(!vport->dev)) {\n \t\terr = -ENODEV;\n \t\tgoto error_free_vport;\n \t}\n-\t/* Ensure that the device exists and that the provided\n-\t * name is not one of its aliases.\n-\t */\n-\tif (strcmp(name, ovs_vport_name(vport))) {\n-\t\terr = -ENODEV;\n-\t\tgoto error_put;\n-\t}\n-\tnetdev_tracker_alloc(vport->dev, &vport->dev_tracker, GFP_KERNEL);\n-\tif (vport->dev->flags & IFF_LOOPBACK ||\n-\t    (vport->dev->type != ARPHRD_ETHER &&\n-\t     vport->dev->type != ARPHRD_NONE) ||\n-\t    ovs_is_internal_dev(vport->dev)) {\n-\t\terr = -EINVAL;\n-\t\tgoto error_put;\n-\t}\n \n \trtnl_lock();\n \terr = netdev_master_upper_dev_link(vport->dev,\n \t\t\t\t\t   get_dpdev(vport->dp),\n \t\t\t\t\t   NULL, NULL, NULL);\n \tif (err)\n-\t\tgoto error_unlock;\n+\t\tgoto error_put_unlock;\n \n \terr = netdev_rx_handler_register(vport->dev, netdev_frame_hook,\n \t\t\t\t\t vport);\n@@ -119,10 +103,11 @@ struct vport *ovs_netdev_link(struct vport *vport, const char *name)\n \n error_master_upper_dev_unlink:\n \tnetdev_upper_dev_unlink(vport->dev, get_dpdev(vport->dp));\n-error_unlock:\n-\trtnl_unlock();\n-error_put:\n+error_put_unlock:\n+\tif (tunnel && vport->dev->reg_state == NETREG_REGISTERED)\n+\t\trtnl_delete_link(vport->dev, 0, NULL);\n \tnetdev_put(vport->dev, &vport->dev_tracker);\n+\trtnl_unlock();\n error_free_vport:\n \tovs_vport_free(vport);\n \treturn ERR_PTR(err);\n@@ -132,12 +117,39 @@ EXPORT_SYMBOL_GPL(ovs_netdev_link);\n static struct vport *netdev_create(const struct vport_parms *parms)\n {\n \tstruct vport *vport;\n+\tint err;\n \n \tvport = ovs_vport_alloc(0, &ovs_netdev_vport_ops, parms);\n \tif (IS_ERR(vport))\n \t\treturn vport;\n \n-\treturn ovs_netdev_link(vport, parms->name);\n+\tvport->dev = dev_get_by_name(ovs_dp_get_net(vport->dp), parms->name);\n+\tif (!vport->dev) {\n+\t\terr = -ENODEV;\n+\t\tgoto error_free_vport;\n+\t}\n+\tnetdev_tracker_alloc(vport->dev, &vport->dev_tracker, GFP_KERNEL);\n+\n+\t/* Ensure that the provided name is not an alias. */\n+\tif (strcmp(parms->name, ovs_vport_name(vport))) {\n+\t\terr = -ENODEV;\n+\t\tgoto error_put;\n+\t}\n+\n+\tif (vport->dev->flags & IFF_LOOPBACK ||\n+\t    (vport->dev->type != ARPHRD_ETHER &&\n+\t     vport->dev->type != ARPHRD_NONE) ||\n+\t    ovs_is_internal_dev(vport->dev)) {\n+\t\terr = -EINVAL;\n+\t\tgoto error_put;\n+\t}\n+\n+\treturn ovs_netdev_link(vport, false);\n+error_put:\n+\tnetdev_put(vport->dev, &vport->dev_tracker);\n+error_free_vport:\n+\tovs_vport_free(vport);\n+\treturn ERR_PTR(err);\n }\n \n static void vport_netdev_free(struct rcu_head *rcu)\ndiff --git a/net/openvswitch/vport-netdev.h b/net/openvswitch/vport-netdev.h\nindex c5d83a43bfc49..6c0d7366f9862 100644\n--- a/net/openvswitch/vport-netdev.h\n+++ b/net/openvswitch/vport-netdev.h\n@@ -13,7 +13,7 @@\n \n struct vport *ovs_netdev_get_vport(struct net_device *dev);\n \n-struct vport *ovs_netdev_link(struct vport *vport, const char *name);\n+struct vport *ovs_netdev_link(struct vport *vport, bool tunnel);\n void ovs_netdev_detach_dev(struct vport *);\n \n int __init ovs_netdev_init(void);\ndiff --git a/net/openvswitch/vport-vxlan.c b/net/openvswitch/vport-vxlan.c\nindex 0b881b043bcf4..c1b37b50d29e1 100644\n--- a/net/openvswitch/vport-vxlan.c\n+++ b/net/openvswitch/vport-vxlan.c\n@@ -126,6 +126,9 @@ static struct vport *vxlan_tnl_create(const struct vport_parms *parms)\n \t\tgoto error;\n \t}\n \n+\tvport->dev = dev;\n+\tnetdev_hold(vport->dev, &vport->dev_tracker, GFP_KERNEL);\n+\n \trtnl_unlock();\n \treturn vport;\n error:\n@@ -140,7 +143,7 @@ static struct vport *vxlan_create(const struct vport_parms *parms)\n \tif (IS_ERR(vport))\n \t\treturn vport;\n \n-\treturn ovs_netdev_link(vport, parms->name);\n+\treturn ovs_netdev_link(vport, true);\n }\n \n static struct vport_ops ovs_vxlan_netdev_vport_ops = {\n",
    "prefixes": [
        "ovs-dev",
        "net"
    ]
}