On Tue, Sep 11, 2018 at 01:41:22PM -0700, Gregory Rose wrote: > On 9/11/2018 12:12 AM, wangyunjian wrote: > >From: Yunjian Wang <[email protected]> > > > >The tunnel_cfg had the gro_receive and gro_complete fields uninitialized > >in function lisp_open(). This caused an uninitialized memory read. > > > >Signed-off-by: Yunjian Wang <[email protected]> > >--- > > datapath/linux/compat/lisp.c | 1 + > > 1 file changed, 1 insertion(+) > > > >diff --git a/datapath/linux/compat/lisp.c b/datapath/linux/compat/lisp.c > >index eb45d5f..58144ad 100644 > >--- a/datapath/linux/compat/lisp.c > >+++ b/datapath/linux/compat/lisp.c > >@@ -457,6 +457,7 @@ static int lisp_open(struct net_device *dev) > > rcu_assign_pointer(lisp->sock, sock); > > /* Mark socket as an encapsulation socket */ > >+ memset(&tunnel_cfg, 0, sizeof(tunnel_cfg)); > > tunnel_cfg.sk_user_data = dev; > > tunnel_cfg.encap_type = 1; > > tunnel_cfg.encap_rcv = lisp_rcv; > > LGTM > > Reviewed-by: Greg Rose <[email protected]>
Thanks, applied and backported as far as branch-2.5. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
