[{"id":3685065,"web_url":"http://patchwork.ozlabs.org/comment/3685065/","msgid":"<17BF3316-75E2-46EA-A603-0F6B87FBD98F@redhat.com>","list_archive_url":null,"date":"2026-05-01T08:53:23","subject":"Re: [ovs-dev] [PATCH net] openvswitch: vport: fix race between\n tunnel creation and linking","submitter":{"id":70613,"url":"http://patchwork.ozlabs.org/api/people/70613/","name":"Eelco Chaudron","email":"echaudro@redhat.com"},"content":"On 30 Apr 2026, at 23:32, Ilya Maximets wrote:\n\n> When a tunnel vport is created it first creates the tunnel device, e.g.,\n> with geneve_dev_create_fb(), then it calls ovs_netdev_link() to take a\n> reference and link it to the device that represents openvswitch datapath.\n>\n> The creation of the device is happening under RTNL, but then RTNL is\n> released and re-acquired to find the device by name.  It is technically\n> possible for the tunnel device to be re-named or deleted within that\n> window while RTNL is not held, and some other device created in its\n> place.  This will cause a non-tunnel device to be referenced in the\n> vport and tunnel-specific functions used on it, e.g. vxlan_get_options()\n> that directly casts the private netdev data into a struct vxlan_dev\n> causing an invalid memory access:\n>\n>  BUG: KASAN: slab-use-after-free in vxlan_get_options+0x323/0x3a0\n>   vxlan_get_options+0x323/0x3a0\n>   ovs_vport_cmd_new+0x6e3/0xd30\n>\n> Fix that by taking a reference to the just created device before\n> releasing RTNL.  This ensures that the device in the vport is always\n> the one that was just created.  The search by name is only needed\n> for a standard vport-netdev that links pre-existing devices, so that\n> functionality and device type checks are moved to netdev_create().\n>\n> It is also awkward that ovs_netdev_link() takes ownership of the vport\n> and destroys it on failure.  It doesn't know the type of the port it is\n> dealing with, so we need to pass down the indicator that it's a tunnel,\n> so the link can be properly deleted on failure.\n>\n> It's possible to refactor the logic to make the ovs_netdev_link() do\n> only the linking part and let the callers perform a proper destruction,\n> but it will be much more code for each legacy tunnel port type, so it\n> is not worth it for the bug fix.\n>\n> Fixes: 614732eaa12d (\"openvswitch: Use regular VXLAN net_device device\")\n> Reported-by: Yuan Tan <tanyuan98@outlook.com>\n> Reported-by: Yifan Wu <yifanwucs@gmail.com>\n> Reported-by: Juefei Pu <tomapufckgml@gmail.com>\n> Reported-by: Xin Liu <bird@lzu.edu.cn>\n> Reported-by: Yang Yang <n05ec@lzu.edu.cn>\n> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>\n\nThanks for working on this Ilya! The changes look good to me.\n\nAcked-by: Eelco Chaudron <echaudro@redhat.com>","headers":{"Return-Path":"<ovs-dev-bounces@openvswitch.org>","X-Original-To":["incoming@patchwork.ozlabs.org","dev@openvswitch.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","ovs-dev@lists.linuxfoundation.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=ca4TDsdZ;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org\n (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)","smtp3.osuosl.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key,\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=ca4TDsdZ","smtp4.osuosl.org; dmarc=pass (p=quarantine dis=none)\n header.from=redhat.com","smtp4.osuosl.org; dkim=pass (1024-bit key,\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=ca4TDsdZ"],"Received":["from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g6Pw3554Wz1yHZ\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 01 May 2026 18:53:39 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id B478D61732;\n\tFri,  1 May 2026 08:53:37 +0000 (UTC)","from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id SDp5QhPs5Ey5; Fri,  1 May 2026 08:53:34 +0000 (UTC)","from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])\n\tby smtp3.osuosl.org (Postfix) with ESMTPS id BF9C661557;\n\tFri,  1 May 2026 08:53:34 +0000 (UTC)","from lf-lists.osuosl.org (localhost [127.0.0.1])\n\tby lists.linuxfoundation.org (Postfix) with ESMTP id A375CC04E8;\n\tFri,  1 May 2026 08:53:34 +0000 (UTC)","from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n by lists.linuxfoundation.org (Postfix) with ESMTP id 8C8E2C04E7\n for <dev@openvswitch.org>; Fri,  1 May 2026 08:53:33 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id 730A3420A8\n for <dev@openvswitch.org>; Fri,  1 May 2026 08:53:33 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id 8As2fMcumgIu for <dev@openvswitch.org>;\n Fri,  1 May 2026 08:53:31 +0000 (UTC)","from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [170.10.133.124])\n by smtp4.osuosl.org (Postfix) with ESMTPS id 86D9B420B0\n for <dev@openvswitch.org>; Fri,  1 May 2026 08:53:30 +0000 (UTC)","from mail-ej1-f72.google.com (mail-ej1-f72.google.com\n [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS\n (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n us-mta-400-gAJYDVIhNzem6DNYoaygfQ-1; Fri, 01 May 2026 04:53:28 -0400","by mail-ej1-f72.google.com with SMTP id\n a640c23a62f3a-b8fa5744b82so179669266b.3\n for <dev@openvswitch.org>; Fri, 01 May 2026 01:53:27 -0700 (PDT)","from [10.44.33.143] (5920ab7b.static.cust.trined.nl.\n [89.32.171.123])\n by smtp.gmail.com with ESMTPSA id\n 4fb4d7f45d1cf-67b88472df8sm669104a12.28.2026.05.01.01.53.24\n (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);\n Fri, 01 May 2026 01:53:24 -0700 (PDT)"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.9.56;\n helo=lists.linuxfoundation.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp3.osuosl.org BF9C661557","OpenDKIM Filter v2.11.0 smtp4.osuosl.org 86D9B420B0"],"Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124;\n helo=us-smtp-delivery-124.mimecast.com; envelope-from=echaudro@redhat.com;\n receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp4.osuosl.org 86D9B420B0","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1777625609;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:content-type:content-type:\n in-reply-to:in-reply-to:references:references;\n bh=9pondFS8Aq/jVpna8I9ndw4ESa5Xh6101eut5D2XaHE=;\n b=ca4TDsdZylp0jp+Pz3hkY8gux9alB99WuUOH47odp3t6cK8niSGqTjKgc5MQjfHsxKO2vi\n +cd6wwEsXzDpfx1g51pJ5n+fyrzA6gOgbvneEScFFRyB2VigQgKX+ZBmzPjK5AZhyc8Roq\n 2xWKxp7HLG/Ns3WuxeAq269XCQyMW10=","X-MC-Unique":"gAJYDVIhNzem6DNYoaygfQ-1","X-Mimecast-MFC-AGG-ID":"gAJYDVIhNzem6DNYoaygfQ_1777625607","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777625607; x=1778230407;\n h=mime-version:references:in-reply-to:message-id:date:subject:cc:to\n :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=9pondFS8Aq/jVpna8I9ndw4ESa5Xh6101eut5D2XaHE=;\n b=gvh3UqaIQYE2vC1tEhHlOrFlrKQ9uH4fJlZAo/XJvbtEj5fZoohVrYEBuwsT5v1GvN\n 2iIjZ7JUixIr3HaWaupNHnSgyJKe9+HxqoG59gbcYGut2QqkDhldZtfyQtvKA0I6iR9o\n /Tv8JekMXyHNHTetsaL1xjPDxBFY1RjcrnO4rueE/Q6TJw8WGKno4HZeAoCUEvmrmoSM\n pVqt2rQI2SuuW2BzrGFKHs6N+G6fPpAWPXIyz+rseizrgoxtL9gr8j5l6Z2u+UYFy5Mp\n ZvTZD+H4xkFi9NIHBtQSqBA8cFuHGs/XbPadmC6EeEGIldapHTD3QxwBuAQnsoI9Y3lh\n bupw==","X-Forwarded-Encrypted":"i=1;\n AFNElJ82ikA9T0ODylaATwnTLx/T1HLppnh+KalkHMXSwh/GOjQey3dKKyfOWcOct4cQLFJnx2M=@openvswitch.org","X-Gm-Message-State":"AOJu0Yw0Te599mVKtMfYJ/GKfC3Q/ZO6mkZG2G14/tDQql2wUw0+zx79\n CbAAFVXdp3eLfZMZDynUcQVXh9acOMivdh9WHSGTmA+qksOOqJ5Z7aCfUQJNSMMvOYUVM7wa4V6\n t4rLjevaVKSmfWCsKHJx7G+OT3Z6XTIHPQNhuHMmjRYZUtJx0J5MJyA==","X-Gm-Gg":"AeBDieseefike3iDt2SgvpncDpZm/xNsbLgQ8dOA42DYGT4ZPe8+oYeh2UDgvbQsYhH\n bzxFg0hwl29aKad0I1E7vTjRmMrBkMG94uEBzaf29wYD0gotjL9n5n2fqa12Hamglr8eqE68P2Z\n YXWH0zbqN6fqZk2D+mklrzos0efmnQ7VrpPFscZWIrjdZBG/LlpoK5zXTZhudDFUuvVY79FI5BG\n 5zxz+g7mf+5f2P3hu+tgwkFdCytmChvayGPo9PkUq7nYesAQTF9gWOwfBunV48gwq4oIJDlf8zS\n RVryxiOs9V1hp9xEDTvjvKIRXPDp3v8E22cJwMXZ/LS/AbJ0K8R5uGxQT7/vlHwbF3+SmCoUbT0\n QSzCwvNgsLtqTOuIl200axRGGyQ1y22DcStqeYedfBt00VmvQi4736ZyNbDfWDdEvo2fv+s5EvC\n MiXKBRpQ==","X-Received":["by 2002:a17:906:c14a:b0:ba9:2137:7165 with SMTP id\n a640c23a62f3a-bbac46d4b1fmr399324666b.1.1777625606945;\n Fri, 01 May 2026 01:53:26 -0700 (PDT)","by 2002:a17:906:c14a:b0:ba9:2137:7165 with SMTP id\n a640c23a62f3a-bbac46d4b1fmr399320766b.1.1777625606330;\n Fri, 01 May 2026 01:53:26 -0700 (PDT)"],"To":"Ilya Maximets <i.maximets@ovn.org>","Date":"Fri, 01 May 2026 10:53:23 +0200","X-Mailer":"MailMate (2.0r6292)","Message-ID":"<17BF3316-75E2-46EA-A603-0F6B87FBD98F@redhat.com>","In-Reply-To":"<20260430213349.407991-1-i.maximets@ovn.org>","References":"<20260430213349.407991-1-i.maximets@ovn.org>","MIME-Version":"1.0","X-Mimecast-Spam-Score":"0","X-Mimecast-MFC-PROC-ID":"XDuVLUYU3Sl4SmGbcaPJD7qbLrXkXYhTxiPryIogE_I_1777625607","X-Mimecast-Originator":"redhat.com","Subject":"Re: [ovs-dev] [PATCH net] openvswitch: vport: fix race between\n tunnel creation and linking","X-BeenThere":"ovs-dev@openvswitch.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"<ovs-dev.openvswitch.org>","List-Unsubscribe":"<https://mail.openvswitch.org/mailman/options/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>","List-Archive":"<http://mail.openvswitch.org/pipermail/ovs-dev/>","List-Post":"<mailto:ovs-dev@openvswitch.org>","List-Help":"<mailto:ovs-dev-request@openvswitch.org?subject=help>","List-Subscribe":"<https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>","From":"Eelco Chaudron via dev <ovs-dev@openvswitch.org>","Reply-To":"Eelco Chaudron <echaudro@redhat.com>","Cc":"dev@openvswitch.org, Yifan Wu <yifanwucs@gmail.com>,\n Xin Liu <bird@lzu.edu.cn>, netdev@vger.kernel.org,\n linux-kernel@vger.kernel.org, Juefei Pu <tomapufckgml@gmail.com>,\n Yang Yang <n05ec@lzu.edu.cn>, Eric Dumazet <edumazet@google.com>,\n Simon Horman <horms@kernel.org>, Jakub Kicinski <kuba@kernel.org>,\n Paolo Abeni <pabeni@redhat.com>, Yuan Tan <tanyuan98@outlook.com>,\n \"David S. Miller\" <davem@davemloft.net>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"ovs-dev-bounces@openvswitch.org","Sender":"\"dev\" <ovs-dev-bounces@openvswitch.org>"}}]