OVS_BUFFER_CONTEXT gets cleared as part of NdisFreeNetBufferListContext function call. This causes an invalid reference error.
Found while testing with driver verifier enabled. Signed-off-by: Sairam Venugopal <vsai...@vmware.com> --- datapath-windows/ovsext/BufferMgmt.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/datapath-windows/ovsext/BufferMgmt.c b/datapath-windows/ovsext/BufferMgmt.c index 448cd76..da5c04a 100644 --- a/datapath-windows/ovsext/BufferMgmt.c +++ b/datapath-windows/ovsext/BufferMgmt.c @@ -1622,6 +1622,7 @@ OvsCompleteNBL(PVOID switch_ctx, { POVS_BUFFER_CONTEXT ctx; UINT16 flags; + UINT32 dataOffsetDelta; PNET_BUFFER_LIST parent; NDIS_STATUS status; NDIS_HANDLE poolHandle; @@ -1653,6 +1654,7 @@ OvsCompleteNBL(PVOID switch_ctx, nb = NET_BUFFER_LIST_FIRST_NB(nbl); flags = ctx->flags; + dataOffsetDelta = ctx->dataOffsetDelta; if (!(flags & OVS_BUFFER_FRAGMENT) && NET_BUFFER_DATA_LENGTH(nb) != ctx->origDataLength) { UINT32 diff; @@ -1667,7 +1669,7 @@ OvsCompleteNBL(PVOID switch_ctx, } } - if (ctx->flags & OVS_BUFFER_PRIVATE_CONTEXT) { + if (flags & OVS_BUFFER_PRIVATE_CONTEXT) { NdisFreeNetBufferListContext(nbl, sizeof (OVS_BUFFER_CONTEXT)); } @@ -1740,7 +1742,7 @@ OvsCompleteNBL(PVOID switch_ctx, #ifdef DBG InterlockedDecrement((LONG volatile *)&ovsPool->fragNBLCount); #endif - NdisFreeFragmentNetBufferList(nbl, ctx->dataOffsetDelta, 0); + NdisFreeFragmentNetBufferList(nbl, dataOffsetDelta, 0); } if (parent != NULL) { -- 2.9.0.windows.1 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev