From 8c3af9f8819bc4ec17134708a6611dd513278d1f Mon Sep 17 00:00:00 2001
From: Ilya Maximets <i.maximets@ovn.org>
Date: Thu, 21 Nov 2019 14:14:52 +0100
Subject: dp-packet: Fix clearing/copying of memory layout flags.

'ol_flags' of DPDK mbuf could contain bits responsible for external
or indirect buffers which are not actually offload flags in a common
sense.  Clearing/copying of these flags could lead to memory leaks of
external memory chunks and crashes due to access to wrong memory.

OVS should not clear these flags while resetting offloads and also
should not copy them to the newly allocated packets.

This change is required to support DPDK 19.11, as some drivers may
return mbufs with these flags set.  However, it might be good to do
the same for DPDK 18.11, because these flags are present and should
be taken into account.

Fixes: 03f3f9c0faf8 ("dpdk: Update to use DPDK 18.11.")
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
---
 lib/dp-packet.c | 1 +
 lib/dp-packet.h | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/dp-packet.c b/lib/dp-packet.c
index 62d7faa4c..8dfedcb7c 100644
--- a/lib/dp-packet.c
+++ b/lib/dp-packet.c
@@ -194,6 +194,7 @@ dp_packet_clone_with_headroom(const struct dp_packet *buffer, size_t headroom)
 
 #ifdef DPDK_NETDEV
     new_buffer->mbuf.ol_flags = buffer->mbuf.ol_flags;
+    new_buffer->mbuf.ol_flags &= ~DPDK_MBUF_NON_OFFLOADING_FLAGS;
 #endif
 
     if (dp_packet_rss_valid(buffer)) {
diff --git a/lib/dp-packet.h b/lib/dp-packet.h
index 14f0897fa..3dd59e25d 100644
--- a/lib/dp-packet.h
+++ b/lib/dp-packet.h
@@ -54,6 +54,11 @@ enum dp_packet_offload_mask {
     DP_PACKET_OL_RSS_HASH_MASK  = 0x1, /* Is the 'rss_hash' valid? */
     DP_PACKET_OL_FLOW_MARK_MASK = 0x2, /* Is the 'flow_mark' valid? */
 };
+#else
+/* DPDK mbuf ol_flags that are not really an offload flags.  These are mostly
+ * related to mbuf memory layout and OVS should not touch/clear them. */
+#define DPDK_MBUF_NON_OFFLOADING_FLAGS (EXT_ATTACHED_MBUF | \
+                                        IND_ATTACHED_MBUF)
 #endif
 
 /* Buffer for holding packet data.  A dp_packet is automatically reallocated
@@ -538,7 +543,7 @@ dp_packet_rss_valid(const struct dp_packet *p)
 static inline void
 dp_packet_reset_offload(struct dp_packet *p)
 {
-    p->mbuf.ol_flags = 0;
+    p->mbuf.ol_flags &= DPDK_MBUF_NON_OFFLOADING_FLAGS;
 }
 
 static inline bool
-- 
2.14.1