execute_odp_actions() can be passed a zero-length set of actions, in which case it may not dereference its 'odp_actions' parameter at all, but in fact it did do so. In at least one corner case, odp_actions can be NULL, so that this caused a segfault.
Introduced in commit 98403001ec "datapath: Move Netlink PID for userspace actions from flows to actions." Reported-by: Pravin Shelar <[email protected]> --- ofproto/ofproto-dpif.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index 36635fc..8e5a863 100644 --- a/ofproto/ofproto-dpif.c +++ b/ofproto/ofproto-dpif.c @@ -2207,8 +2207,10 @@ execute_odp_actions(struct ofproto_dpif *ofproto, const struct flow *flow, struct ofpbuf key; int error; - if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE - && NLA_ALIGN(odp_actions->nla_len) == actions_len) { + if (actions_len == 0) { + return true; + } else if (odp_actions->nla_type == OVS_ACTION_ATTR_USERSPACE + && NLA_ALIGN(odp_actions->nla_len) == actions_len) { struct user_action_cookie cookie; struct dpif_upcall upcall; uint64_t cookie_u64; -- 1.7.4.4 _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
