| Message ID | 1536649937-13108-1-git-send-email-wangyunjian@huawei.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [ovs-dev] datapath: lisp: Fix uninitialized field in tunnel_cfg. | expand |
On 9/11/2018 12:12 AM, wangyunjian wrote: > From: Yunjian Wang <wangyunjian@huawei.com> > > The tunnel_cfg had the gro_receive and gro_complete fields uninitialized > in function lisp_open(). This caused an uninitialized memory read. > > Signed-off-by: Yunjian Wang <wangyunjian@huawei.com> > --- > datapath/linux/compat/lisp.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/datapath/linux/compat/lisp.c b/datapath/linux/compat/lisp.c > index eb45d5f..58144ad 100644 > --- a/datapath/linux/compat/lisp.c > +++ b/datapath/linux/compat/lisp.c > @@ -457,6 +457,7 @@ static int lisp_open(struct net_device *dev) > > rcu_assign_pointer(lisp->sock, sock); > /* Mark socket as an encapsulation socket */ > + memset(&tunnel_cfg, 0, sizeof(tunnel_cfg)); > tunnel_cfg.sk_user_data = dev; > tunnel_cfg.encap_type = 1; > tunnel_cfg.encap_rcv = lisp_rcv; LGTM Reviewed-by: Greg Rose <gvrose8192@gmail.com>
On Tue, Sep 11, 2018 at 01:41:22PM -0700, Gregory Rose wrote: > On 9/11/2018 12:12 AM, wangyunjian wrote: > >From: Yunjian Wang <wangyunjian@huawei.com> > > > >The tunnel_cfg had the gro_receive and gro_complete fields uninitialized > >in function lisp_open(). This caused an uninitialized memory read. > > > >Signed-off-by: Yunjian Wang <wangyunjian@huawei.com> > >--- > > datapath/linux/compat/lisp.c | 1 + > > 1 file changed, 1 insertion(+) > > > >diff --git a/datapath/linux/compat/lisp.c b/datapath/linux/compat/lisp.c > >index eb45d5f..58144ad 100644 > >--- a/datapath/linux/compat/lisp.c > >+++ b/datapath/linux/compat/lisp.c > >@@ -457,6 +457,7 @@ static int lisp_open(struct net_device *dev) > > rcu_assign_pointer(lisp->sock, sock); > > /* Mark socket as an encapsulation socket */ > >+ memset(&tunnel_cfg, 0, sizeof(tunnel_cfg)); > > tunnel_cfg.sk_user_data = dev; > > tunnel_cfg.encap_type = 1; > > tunnel_cfg.encap_rcv = lisp_rcv; > > LGTM > > Reviewed-by: Greg Rose <gvrose8192@gmail.com> Thanks, applied and backported as far as branch-2.5.
diff --git a/datapath/linux/compat/lisp.c b/datapath/linux/compat/lisp.c index eb45d5f..58144ad 100644 --- a/datapath/linux/compat/lisp.c +++ b/datapath/linux/compat/lisp.c @@ -457,6 +457,7 @@ static int lisp_open(struct net_device *dev) rcu_assign_pointer(lisp->sock, sock); /* Mark socket as an encapsulation socket */ + memset(&tunnel_cfg, 0, sizeof(tunnel_cfg)); tunnel_cfg.sk_user_data = dev; tunnel_cfg.encap_type = 1; tunnel_cfg.encap_rcv = lisp_rcv;