From: Pravin B Shelar Date: Fri, 6 Feb 2015 19:17:13 +0000 (-0800) Subject: openvswitch: Initialize unmasked key and uid len X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ca539345f8767cca221b5aa77bf4329c725d0d7e;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git openvswitch: Initialize unmasked key and uid len Flow alloc needs to initialize unmasked key pointer. Otherwise it can crash kernel trying to free random unmasked-key pointer. general protection fault: 0000 [#1] SMP 3.19.0-rc6-net-next+ #457 Hardware name: Supermicro X7DWU/X7DWU, BIOS 1.1 04/30/2008 RIP: 0010:[] [] kfree+0xac/0x196 Call Trace: [] flow_free+0x21/0x59 [openvswitch] [] ovs_flow_free+0x21/0x23 [openvswitch] [] ovs_packet_cmd_execute+0x2f3/0x35f [openvswitch] [] ? ovs_packet_cmd_execute+0x13e/0x35f [openvswitch] [] ? nla_parse+0x4f/0xec [] genl_family_rcv_msg+0x26d/0x2c9 [] ? __lock_acquire+0x90e/0x9aa [] genl_rcv_msg+0x66/0x89 [] ? genl_family_rcv_msg+0x2c9/0x2c9 [] netlink_rcv_skb+0x3e/0x95 [] ? genl_rcv+0x18/0x37 [] genl_rcv+0x27/0x37 [] netlink_unicast+0x103/0x191 [] netlink_sendmsg+0x2c1/0x310 [] ? might_fault+0x50/0xa0 [] do_sock_sendmsg+0x5f/0x7a [] sock_sendmsg+0xb/0xd [] ___sys_sendmsg+0x1a3/0x218 [] ? get_close_on_exec+0x86/0x86 [] ? fsnotify+0x32c/0x348 [] ? fsnotify+0x7c/0x348 [] ? __fget+0xaa/0xbf [] ? get_close_on_exec+0x86/0x86 [] __sys_sendmsg+0x3d/0x5e [] SyS_sendmsg+0x14/0x16 [] system_call_fastpath+0x12/0x17 Fixes: 74ed7ab9264("openvswitch: Add support for unique flow IDs.") CC: Joe Stringer Reported-by: Or Gerlitz Signed-off-by: Pravin B Shelar Acked-by: Eric Dumazet Signed-off-by: David S. Miller --- diff --git a/net/openvswitch/flow_table.c b/net/openvswitch/flow_table.c index 5e57628e6584..4613df8c8290 100644 --- a/net/openvswitch/flow_table.c +++ b/net/openvswitch/flow_table.c @@ -85,6 +85,8 @@ struct sw_flow *ovs_flow_alloc(void) flow->sf_acts = NULL; flow->mask = NULL; + flow->id.unmasked_key = NULL; + flow->id.ufid_len = 0; flow->stats_last_writer = NUMA_NO_NODE; /* Initialize the default stat node. */