From 308a079ea92dfda7e57b02d1d348fba0f55678da Mon Sep 17 00:00:00 2001 From: Sairam Venugopal Date: Wed, 14 Nov 2018 12:07:28 -0800 Subject: datapath-windows: Fix invalid reference in Buffermgmt.c OVS_BUFFER_CONTEXT gets cleared as part of NdisFreeNetBufferListContext function call. This causes an invalid reference error. Found while testing with driver verifier enabled. Signed-off-by: Sairam Venugopal Acked-by: Anand Kumar Acked-by: Alin Gabriel Serdean Signed-off-by: Alin Gabriel Serdean --- datapath-windows/ovsext/BufferMgmt.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'datapath-windows') diff --git a/datapath-windows/ovsext/BufferMgmt.c b/datapath-windows/ovsext/BufferMgmt.c index 448cd7652..da5c04a93 100644 --- a/datapath-windows/ovsext/BufferMgmt.c +++ b/datapath-windows/ovsext/BufferMgmt.c @@ -1622,6 +1622,7 @@ OvsCompleteNBL(PVOID switch_ctx, { POVS_BUFFER_CONTEXT ctx; UINT16 flags; + UINT32 dataOffsetDelta; PNET_BUFFER_LIST parent; NDIS_STATUS status; NDIS_HANDLE poolHandle; @@ -1653,6 +1654,7 @@ OvsCompleteNBL(PVOID switch_ctx, nb = NET_BUFFER_LIST_FIRST_NB(nbl); flags = ctx->flags; + dataOffsetDelta = ctx->dataOffsetDelta; if (!(flags & OVS_BUFFER_FRAGMENT) && NET_BUFFER_DATA_LENGTH(nb) != ctx->origDataLength) { UINT32 diff; @@ -1667,7 +1669,7 @@ OvsCompleteNBL(PVOID switch_ctx, } } - if (ctx->flags & OVS_BUFFER_PRIVATE_CONTEXT) { + if (flags & OVS_BUFFER_PRIVATE_CONTEXT) { NdisFreeNetBufferListContext(nbl, sizeof (OVS_BUFFER_CONTEXT)); } @@ -1740,7 +1742,7 @@ OvsCompleteNBL(PVOID switch_ctx, #ifdef DBG InterlockedDecrement((LONG volatile *)&ovsPool->fragNBLCount); #endif - NdisFreeFragmentNetBufferList(nbl, ctx->dataOffsetDelta, 0); + NdisFreeFragmentNetBufferList(nbl, dataOffsetDelta, 0); } if (parent != NULL) { -- cgit v1.2.1