The iface is removed from the "ifaces" hmap only if the ofp_port != OFPP_NONE (iface_destroy__). However, during the creation all ports are inserted regardless the ofp_port.
This can later on lead to use-after-free in "iface_from_ofp_port". To prevent that match the removal function and add only ports that have ofp_port != OFPP_NONE. Reported-by: Dumitru Ceara <[email protected]> Signed-off-by: Ales Musil <[email protected]> --- v2: Rebase on top of current master. Add more descriptive commit message. --- vswitchd/bridge.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c index 25ce45e3d..9e089f268 100644 --- a/vswitchd/bridge.c +++ b/vswitchd/bridge.c @@ -2127,8 +2127,10 @@ iface_create(struct bridge *br, const struct ovsrec_interface *iface_cfg, iface->netdev = netdev; iface->type = iface_get_type(iface_cfg, br->cfg); iface->cfg = iface_cfg; - hmap_insert(&br->ifaces, &iface->ofp_port_node, - hash_ofp_port(ofp_port)); + if (iface->ofp_port != OFPP_NONE) { + hmap_insert(&br->ifaces, &iface->ofp_port_node, + hash_ofp_port(ofp_port)); + } /* Populate initial status in database. */ iface_refresh_stats(iface); -- 2.37.2 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
