This call is operating on messages generated by the datapath. If a datapath implementation sends improperly formatted netlink attributes, then it's possible for a revalidator thread to end up trapped in an infinite loop iterating across these attributes. Rather than using the UNSAFE variation of this iterator, use the regular version.
Fixes: 994fcc5a15d3 ("upcall: Check for recirc_id in ukey_create_from_dpif_flow()") Signed-off-by: Joe Stringer <j...@ovn.org> --- ofproto/ofproto-dpif-upcall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ofproto/ofproto-dpif-upcall.c b/ofproto/ofproto-dpif-upcall.c index 8d1783accdc8..56773686404b 100644 --- a/ofproto/ofproto-dpif-upcall.c +++ b/ofproto/ofproto-dpif-upcall.c @@ -1600,7 +1600,7 @@ ukey_create_from_dpif_flow(const struct udpif *udpif, * relies on OVS userspace internal state, we need to delete all old * datapath flows with either a non-zero recirc_id in the key, or any * recirculation actions upon OVS restart. */ - NL_ATTR_FOR_EACH_UNSAFE (a, left, flow->key, flow->key_len) { + NL_ATTR_FOR_EACH (a, left, flow->key, flow->key_len) { if (nl_attr_type(a) == OVS_KEY_ATTR_RECIRC_ID && nl_attr_get_u32(a) != 0) { return EINVAL; -- 2.13.3 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev