[libvirt] [PATCH] Fix a crash when using Open vSwitch virtual ports
Eric Blake
eblake at redhat.com
Thu Aug 30 05:40:30 UTC 2012
On 08/29/2012 10:32 PM, Eric Blake wrote:
> On 08/29/2012 11:44 AM, Kyle Mestery wrote:
>> Fixup buffer usage when handling VLANs. Also fix the logic
>> used to determine if the virNetDevVlanPtr is valid or not.
>> Fixes crashes in the latest code when using Open vSwitch
>> virtualports.
>>
>> Signed-off-by: Kyle Mestery <kmestery at cisco.com>
>> ---
>
> It's hard to see the real fix amongst the churn.
>
>> - virBufferPtr buf;
>> + virBuffer buf = VIR_BUFFER_INITIALIZER;
>
> Yes, the old code risked freeing an uninitialized pointer.
>
>> - if (virtVlan) {
>> - if (VIR_ALLOC(buf) < 0)
>> - goto out_of_memory;
>> +
>> + if (virtVlan && virtVlan->nTags > 0) {
>
> This line also impacts behavior, unrelated to the change between 'buf'
> being heap-allocated vs. stack-allocated...
That said, I _like_ using stack-allocated instead of heap-allocated, but
that means that I think there's two separate issues (virtVlan->nTags vs.
virBuffer usage cleanup), so maybe this deserves two patches instead of
one...
> Note that the new code is wrong as well - you should unconditionally
> free a virBufferPtr's contents, rather than conditionally freeing it
> based on virBufferUse() returning non-zero.
>
> That is, I think the real patch here would be simply this (untested)
> version:
This 3-liner to fix the bug at hand would be the first patch, then
another to convert to stack-allocation with no semantic changes.
>
> diff --git i/src/util/virnetdevopenvswitch.c
> w/src/util/virnetdevopenvswitch.c
> index b903ae4..e8b9f4a 100644
> --- i/src/util/virnetdevopenvswitch.c
> +++ w/src/util/virnetdevopenvswitch.c
> @@ -59,7 +59,7 @@ int virNetDevOpenvswitchAddPort(const char *brname,
> const char *ifname,
> char *ifaceid_ex_id = NULL;
> char *profile_ex_id = NULL;
> char *vmid_ex_id = NULL;
> - virBufferPtr buf;
> + virBufferPtr buf = NULL;
>
> virMacAddrFormat(macaddr, macaddrstr);
> virUUIDFormat(ovsport->interfaceID, ifuuidstr);
> @@ -79,7 +79,7 @@ int virNetDevOpenvswitchAddPort(const char *brname,
> const char *ifname,
> ovsport->profileID) < 0)
> goto out_of_memory;
> }
> - if (virtVlan) {
> + if (virtVlan && virtVlan->tag[0]) {
> if (VIR_ALLOC(buf) < 0)
> goto out_of_memory;
>
> @@ -135,6 +135,7 @@ int virNetDevOpenvswitchAddPort(const char *brname,
> const char *ifname,
>
> ret = 0;
> cleanup:
> + virBufferFreeAndReset(&buf);
> VIR_FREE(buf);
> VIR_FREE(attachedmac_ex_id);
> VIR_FREE(ifaceid_ex_id);
>
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 617 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120829/f24995ba/attachment-0001.sig>
More information about the libvir-list
mailing list