[PATCH net] net: openvswitch: release vport resources on failure

From: Aaron Conole
Date: Tue Dec 20 2022 - 16:28:18 EST

Next message: Borislav Petkov: "Re: [PATCH v4 10/39] x86/mm: Introduce _PAGE_COW"
Previous message: Conor Dooley: "Re: [PATCH v3 7/7] riscv: dts: starfive: Add StarFive JH7110 VisionFive 2 board device tree"
Next in thread: Eelco Chaudron: "Re: [PATCH net] net: openvswitch: release vport resources on failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A recent commit introducing upcall packet accounting failed to properly
release the vport object when the per-cpu stats struct couldn't be
allocated. This can cause dangling pointers to dp objects long after
they've been released.

Cc: Eelco Chaudron <echaudro@xxxxxxxxxx>
Cc: wangchuanlei <wangchuanlei@xxxxxxxxxx>
Fixes: 1933ea365aa7 ("net: openvswitch: Add support to count upcall packets")
Reported-by: syzbot+8f4e2dcfcb3209ac35f9@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Aaron Conole <aconole@xxxxxxxxxx>
---
net/openvswitch/datapath.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index 932bcf766d63..6774baf9e212 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -1854,7 +1854,7 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
vport->upcall_stats = netdev_alloc_pcpu_stats(struct vport_upcall_stats_percpu);
if (!vport->upcall_stats) {
err = -ENOMEM;
- goto err_destroy_portids;
+ goto err_destroy_vport;
}

err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
@@ -1869,6 +1869,8 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
ovs_notify(&dp_datapath_genl_family, reply, info);
return 0;

+err_destroy_vport:
+ ovs_dp_detach_port(vport);
err_destroy_portids:
kfree(rcu_dereference_raw(dp->upcall_portids));
err_unlock_and_destroy_meters:
@@ -2316,7 +2318,7 @@ static int ovs_vport_cmd_new(struct sk_buff *skb, struct genl_info *info)
vport->upcall_stats = netdev_alloc_pcpu_stats(struct vport_upcall_stats_percpu);
if (!vport->upcall_stats) {
err = -ENOMEM;
- goto exit_unlock_free;
+ goto exit_unlock_free_vport;
}

err = ovs_vport_cmd_fill_info(vport, reply, genl_info_net(info),
@@ -2336,6 +2338,8 @@ static int ovs_vport_cmd_new(struct sk_buff *skb, struct genl_info *info)
ovs_notify(&dp_vport_genl_family, reply, info);
return 0;

+exit_unlock_free_vport:
+ ovs_dp_detach_port(vport);
exit_unlock_free:
ovs_unlock();
kfree_skb(reply);
--
2.31.1

Next message: Borislav Petkov: "Re: [PATCH v4 10/39] x86/mm: Introduce _PAGE_COW"
Previous message: Conor Dooley: "Re: [PATCH v3 7/7] riscv: dts: starfive: Add StarFive JH7110 VisionFive 2 board device tree"
Next in thread: Eelco Chaudron: "Re: [PATCH net] net: openvswitch: release vport resources on failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]