leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ca539345f8
linux/net
History
Pravin B Shelar ca539345f8 openvswitch: Initialize unmasked key and uid len 
Flow alloc needs to initialize unmasked key pointer. Otherwise
it can crash kernel trying to free random unmasked-key pointer.

general protection fault: 0000 [#1] SMP
3.19.0-rc6-net-next+ #457
Hardware name: Supermicro X7DWU/X7DWU, BIOS  1.1 04/30/2008
RIP: 0010:[<ffffffff8111df0e>] [<ffffffff8111df0e>] kfree+0xac/0x196
Call Trace:
 [<ffffffffa060bd87>] flow_free+0x21/0x59 [openvswitch]
 [<ffffffffa060bde0>] ovs_flow_free+0x21/0x23 [openvswitch]
 [<ffffffffa0605b4a>] ovs_packet_cmd_execute+0x2f3/0x35f [openvswitch]
 [<ffffffffa0605995>] ? ovs_packet_cmd_execute+0x13e/0x35f [openvswitch]
 [<ffffffff811fe6fb>] ? nla_parse+0x4f/0xec
 [<ffffffff8139a2fc>] genl_family_rcv_msg+0x26d/0x2c9
 [<ffffffff8107620f>] ? __lock_acquire+0x90e/0x9aa
 [<ffffffff8139a3be>] genl_rcv_msg+0x66/0x89
 [<ffffffff8139a358>] ? genl_family_rcv_msg+0x2c9/0x2c9
 [<ffffffff81399591>] netlink_rcv_skb+0x3e/0x95
 [<ffffffff81399898>] ? genl_rcv+0x18/0x37
 [<ffffffff813998a7>] genl_rcv+0x27/0x37
 [<ffffffff81399033>] netlink_unicast+0x103/0x191
 [<ffffffff81399382>] netlink_sendmsg+0x2c1/0x310
 [<ffffffff811007ad>] ? might_fault+0x50/0xa0
 [<ffffffff8135c773>] do_sock_sendmsg+0x5f/0x7a
 [<ffffffff8135c799>] sock_sendmsg+0xb/0xd
 [<ffffffff8135cacf>] ___sys_sendmsg+0x1a3/0x218
 [<ffffffff8113e54b>] ? get_close_on_exec+0x86/0x86
 [<ffffffff8115a9d0>] ? fsnotify+0x32c/0x348
 [<ffffffff8115a720>] ? fsnotify+0x7c/0x348
 [<ffffffff8113e5f5>] ? __fget+0xaa/0xbf
 [<ffffffff8113e54b>] ? get_close_on_exec+0x86/0x86
 [<ffffffff8135cccd>] __sys_sendmsg+0x3d/0x5e
 [<ffffffff8135cd02>] SyS_sendmsg+0x14/0x16
 [<ffffffff81411852>] system_call_fastpath+0x12/0x17

Fixes: 74ed7ab9264("openvswitch: Add support for unique flow IDs.")
CC: Joe Stringer <joestringer@nicira.com>
Reported-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-02-08 00:51:14 -08:00
..
6lowpan net/6lowpan: Remove FSF address from GPL statement. 2014-12-05 12:43:04 +01:00
9p
802
8021q vlan: advertise link netns via netlink 2015-01-23 17:51:15 -08:00
appletalk new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
atm put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
ax25 new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
batman-adv batman-adv: Kconfig, Add missing DEBUG_FS dependency 2015-01-07 22:17:11 +01:00
bluetooth Bluetooth: Fix potential NULL dereference 2015-02-03 09:02:12 +01:00
bridge bridge: add missing bridge port check for offloads 2015-02-07 22:49:47 -08:00
caif caif: remove wrong dev_net_set() call 2015-01-29 14:20:02 -08:00
can netlink: make nlmsg_end() and genlmsg_end() void 2015-01-18 01:03:45 -05:00
ceph libceph: fix sparse endianness warnings 2015-01-08 20:36:57 +03:00
core Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-02-05 14:33:28 -08:00
dcb dcbnl : Disable software interrupts before taking dcb_lock 2014-11-16 14:50:52 -05:00
dccp net: introduce helper macro for_each_cmsghdr 2014-12-10 22:41:55 -05:00
decnet netlink: Fix bugs in nlmsg_end() conversions. 2015-01-18 23:36:08 -05:00
dns_resolver
dsa net: dsa: set slave MII bus PHY mask 2015-01-25 16:00:54 -08:00
ethernet net: Add Transparent Ethernet Bridging GRO support. 2015-01-02 15:46:41 -05:00
hsr
ieee802154 netlink: make nlmsg_end() and genlmsg_end() void 2015-01-18 01:03:45 -05:00
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-02-05 14:33:28 -08:00
ipv6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-02-05 14:33:28 -08:00
ipx switch ipxrtr_route_packet() from iovec to msghdr 2014-11-24 04:28:49 -05:00
irda irda: use msecs_to_jiffies for conversions 2015-01-30 18:08:25 -08:00
iucv net: introduce helper macro for_each_cmsghdr 2014-12-10 22:41:55 -05:00
key new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
l2tp netlink: make nlmsg_end() and genlmsg_end() void 2015-01-18 01:03:45 -05:00
lapb lapb: move EXPORT_SYMBOL after functions. 2014-10-24 15:51:42 -04:00
llc net: llc: use correct size for sysctl timeout entries 2015-01-25 00:23:21 -08:00
mac80211 Last round of updates for net-next: 2015-02-04 14:57:45 -08:00
mac802154 mac802154: fix kbuild test robot warning 2015-01-03 01:51:51 +01:00
mpls net: mark some potential candidates __read_mostly 2015-01-30 17:58:39 -08:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-02-05 14:33:28 -08:00
netlabel netlabel: Less function calls in netlbl_mgmt_add_common() after error detection 2015-02-03 16:22:13 -08:00
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-02-05 14:33:28 -08:00
netrom new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
nfc NFC: nci: Move NFCEE discovery logic 2015-02-04 09:15:18 +01:00
openvswitch openvswitch: Initialize unmasked key and uid len 2015-02-08 00:51:14 -08:00
packet netlink: make nlmsg_end() and genlmsg_end() void 2015-01-18 01:03:45 -05:00
phonet phonet netlink: allow multiple messages per skb in route dump 2015-01-19 16:20:17 -05:00
rds rds: Make rds_message_copy_from_user() return 0 on success. 2015-02-07 22:41:56 -08:00
rfkill Last round of updates for net-next: 2015-02-04 14:57:45 -08:00
rose new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
rxrpc Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-02-04 20:46:55 -08:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-02-05 14:33:28 -08:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-02-05 14:33:28 -08:00
sunrpc rpc: fix xdr_truncate_encode to handle buffer ending on page boundary 2015-01-07 14:03:58 -05:00
switchdev swdevice: add new apis to set and del bridge port attributes 2015-02-01 23:16:34 -08:00
tipc tipc: eliminate race condition at multicast reception 2015-02-05 16:00:03 -08:00
unix net: remove sock_iocb 2015-01-28 23:15:07 -08:00
vmw_vsock vmci: propagate msghdr all way down to __qp_memcpy_to_queue() 2015-02-04 01:34:14 -05:00
wimax
wireless Last round of updates for net-next: 2015-02-04 14:57:45 -08:00
x25 new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
xfrm netlink: make nlmsg_end() and genlmsg_end() void 2015-01-18 01:03:45 -05:00
compat.c put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
Kconfig net: introduce generic switch devices support 2014-12-02 20:01:20 -08:00
Makefile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2014-12-16 15:53:03 -08:00
socket.c net: switch sockets to ->read_iter/->write_iter 2015-02-04 01:34:15 -05:00
sysctl_net.c