revalidator: Fix access of uninitialized memory.

Commit 64bb477 "dpif: Minimize memory copy for revalidation." introduced
a bug where the corner case of ukey creation (in revalidator threads)
could result in access to uninitialized memory when deleting flows from
the datapath. This could result in OVS aborting or deadlock. Fix it.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>

diff --git a/ofproto/ofproto-dpif-upcall.c b/ofproto/ofproto-dpif-upcall.c
index 38e1affdc33dcfc8368920b80f6328763dd117a0..5fe90ac0a86e32994770fc0929971c5cea446f67 100644 (file)
--- a/ofproto/ofproto-dpif-upcall.c
+++ b/ofproto/ofproto-dpif-upcall.c
@@ -1675,6 +1675,7 @@ exit:
 static void
 delete_op_init__(struct ukey_op *op, const struct dpif_flow *flow)
 {
+    op->ukey = NULL;
     op->dop.type = DPIF_OP_FLOW_DEL;
     op->dop.u.flow_del.key = flow->key;
     op->dop.u.flow_del.key_len = flow->key_len;