From f2d3fef3d90253dda3e03822df2e921ec853192d Mon Sep 17 00:00:00 2001
From: Joe Stringer <joe@ovn.org>
Date: Mon, 31 Jul 2017 16:54:22 -0700
Subject: [PATCH] ofproto-dpif-upcall: Fix key attr iteration.

This call is operating on messages generated by the datapath. If a
datapath implementation sends improperly formatted netlink attributes,
then it's possible for a revalidator thread to end up trapped in an
infinite loop iterating across these attributes. Rather than using the
UNSAFE variation of this iterator, use the regular version.

Fixes: 994fcc5a15d3 ("upcall: Check for recirc_id in ukey_create_from_dpif_flow()")
Signed-off-by: Joe Stringer <joe@ovn.org>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
Acked-by: Ben Pfaff <blp@ovn.org>
---
 ofproto/ofproto-dpif-upcall.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ofproto/ofproto-dpif-upcall.c b/ofproto/ofproto-dpif-upcall.c
index ddcfc933796..4a71bbe258d 100644
--- a/ofproto/ofproto-dpif-upcall.c
+++ b/ofproto/ofproto-dpif-upcall.c
@@ -1649,7 +1649,7 @@ ukey_create_from_dpif_flow(const struct udpif *udpif,
      * relies on OVS userspace internal state, we need to delete all old
      * datapath flows with either a non-zero recirc_id in the key, or any
      * recirculation actions upon OVS restart. */
-    NL_ATTR_FOR_EACH_UNSAFE (a, left, flow->key, flow->key_len) {
+    NL_ATTR_FOR_EACH (a, left, flow->key, flow->key_len) {
         if (nl_attr_type(a) == OVS_KEY_ATTR_RECIRC_ID
             && nl_attr_get_u32(a) != 0) {
             return EINVAL;