On Fri, May 10, 2024 at 05:45:54PM +0200, Paolo Valerio wrote: > From: Mike Pattrick <m...@redhat.com> > > In case packets are concurrently received in both directions, there's > a chance that the ones in the reverse direction get received right > after the connection gets added to the connection tracker but before > some of the connection's fields are fully initialized. > This could cause OVS to access potentially invalid, as the lookup may > end up retrieving the wrong offsets during CONTAINER_OF(), or > uninitialized memory. > > This may happen in case of regular NAT or all-zero SNAT. > > Fix it by initializing early the connections fields. > > Fixes: 1116459b3ba8 ("conntrack: Remove nat_conn introducing key > directionality.") > Reported-at: https://issues.redhat.com/browse/FDP-616 > Signed-off-by: Mike Pattrick <m...@redhat.com> > Co-authored-by: Paolo Valerio <pvale...@redhat.com> > Signed-off-by: Paolo Valerio <pvale...@redhat.com>
Acked-by: Simon Horman <ho...@ovn.org> (I accidently sent the above for v1 just now) _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev