From patchwork Wed Oct 14 02:01:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?Lui0uum5jw==?= X-Patchwork-Id: 1381777 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=bytedance.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=bytedance-com.20150623.gappssmtp.com header.i=@bytedance-com.20150623.gappssmtp.com header.a=rsa-sha256 header.s=20150623 header.b=nRklk1Ar; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C9wmR0GPBz9sT6 for ; Wed, 14 Oct 2020 13:07:51 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 00F0987F0D; Wed, 14 Oct 2020 02:07:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AE4qS2hVR+rl; Wed, 14 Oct 2020 02:07:48 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id BD39787F21; Wed, 14 Oct 2020 02:07:48 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 90F7BC0052; Wed, 14 Oct 2020 02:07:48 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 030F5C0051 for ; Wed, 14 Oct 2020 02:07:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id E5778879BA for ; Wed, 14 Oct 2020 02:07:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8QX2vU5dM7kl for ; Wed, 14 Oct 2020 02:07:45 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com [209.85.167.174]) by fraxinus.osuosl.org (Postfix) with ESMTPS id C66A7879B8 for ; Wed, 14 Oct 2020 02:07:45 +0000 (UTC) Received: by mail-oi1-f174.google.com with SMTP id w141so1640256oia.2 for ; Tue, 13 Oct 2020 19:07:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=+8I08+DVRTzV12O4CuTS6gK6d3IwKLpMHlaUmrVqRYQ=; b=nRklk1ArWA6AUrYa2m3fJI0e9ExdYQ+OG7QSaEY/77PYTk1cn+FEQUh0GzSdWA+0bI wWVtrIzS7UbHcRC6tT7rJCe4xOi+89w9awTY6XEdNSYgvnkAbLb4HwmO+W/4TnD5Q1RV ZAbQZcSszCY1cXXkeVVwql2PWqtyuYH1Kw9cahoeuitETUqfCdzs8Lk8Ee8r95jNf8WY NauldWheOMJVAypjkFtw2BBmQebwGe2veIWYu94W8Z2owaTpz11gx4kLx1sFcZ3KLFOU 7YfDIlj2ckq2Yh34EfAMr2B9/01t7pY70//33eiCIZc0OkwGdJx6nFYHpYTJBTI5lZao /sSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=+8I08+DVRTzV12O4CuTS6gK6d3IwKLpMHlaUmrVqRYQ=; b=WwOk4PcT6zZRfvAGXY9M7Cub0T/HFQ3mUshdGCo4zpUVD2/xJ1O8B0iP3ulMEHO7sO EVOWa49/CcnHPZrbnCFsWy0Zfx8RJKYaSIyUTmPbY6c/0j5Gn2FfaclwETkvdrKiaj+5 65ct81nh5csVqfiIhAX/lBgEPtwhF7MG2aPEf2uXhBCIJ72acNNa8/wUEvLpeggO7xFh 1zADI0HYV21vWr2wdBhaawhfxFfKsDYc4em4X2Dpju3v8QfVpVqlyiQF2su1ppb6TrSs SOUyFhQIpclo62PV6DPLW4L9dPwdqyYBGIg5ik5YM8MnIMX4YqFe5XOTuQB1HR5t8VL5 jj8Q== X-Gm-Message-State: AOAM53311GjVQYWvb5oojpPm669HncEfZA38N4bqIRRjOOXuXkpyKiIJ yV3YfJ2DW+oAtq9qjE+OyYh3Td1BqbB2OtvO X-Google-Smtp-Source: ABdhPJwtWpUgb+KjywrETQQJp+aX1wJyILerrGGKVdxnrKdnDCUZ9xxwsOmf7wxULRIKGBDFblZYAA== X-Received: by 2002:a17:90a:c58f:: with SMTP id l15mr1141110pjt.93.1602640884815; Tue, 13 Oct 2020 19:01:24 -0700 (PDT) Received: from localhost ([61.120.150.71]) by smtp.gmail.com with ESMTPSA id i24sm1014855pfd.7.2020.10.13.19.01.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Oct 2020 19:01:24 -0700 (PDT) From: "hepeng.0320" To: dev@openvswitch.org, dlu998@gmail.com Date: Wed, 14 Oct 2020 10:01:20 +0800 Message-Id: <20201014020120.50440-1-hepeng.0320@bytedance.com> X-Mailer: git-send-email 2.23.0 MIME-Version: 1.0 Subject: [ovs-dev] [ovs-dev v1] ipf: avoid accessing to a freed rp. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" if there are multiple pkts in the batch, the loop will access a freed rp, which cause ovs crash. --- lib/ipf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/ipf.c b/lib/ipf.c index 446e89d13..c20bcc0b3 100644 --- a/lib/ipf.c +++ b/lib/ipf.c @@ -1153,7 +1153,7 @@ ipf_post_execute_reass_pkts(struct ipf *ipf, /* Inner batch loop is constant time since batch size is <= * NETDEV_MAX_BURST. */ DP_PACKET_BATCH_REFILL_FOR_EACH (pb_idx, pb_cnt, pkt, pb) { - if (pkt == rp->list->reass_execute_ctx) { + if (rp && pkt == rp->list->reass_execute_ctx) { for (int i = 0; i <= rp->list->last_inuse_idx; i++) { rp->list->frag_list[i].pkt->md.ct_label = pkt->md.ct_label; rp->list->frag_list[i].pkt->md.ct_mark = pkt->md.ct_mark; @@ -1206,6 +1206,7 @@ ipf_post_execute_reass_pkts(struct ipf *ipf, ipf_reassembled_list_remove(rp); dp_packet_delete(rp->pkt); free(rp); + rp = NULL; } else { dp_packet_batch_refill(pb, pkt, pb_idx); }