datapath-windows: BSOD for a transactional NL cmd without dump state.

The BSOD is triggered by the incorect extraction of the OVS message
from the received input buffer from userspace, in _FlowNlGetCmdHandler
function.

Signed-off-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-by: Sorin Vinturis <svinturis@cloudbasesolutions.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/54
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

diff --git a/datapath-windows/ovsext/Flow.c b/datapath-windows/ovsext/Flow.c
index 0e88d8c..ceac37f 100644 (file)
--- a/datapath-windows/ovsext/Flow.c
+++ b/datapath-windows/ovsext/Flow.c
@@ -413,7 +413,7 @@ _FlowNlGetCmdHandler(POVS_USER_PARAMS_CONTEXT usrParamsCtx,
     NTSTATUS rc = STATUS_SUCCESS;
     POVS_OPEN_INSTANCE instance = (POVS_OPEN_INSTANCE)
                                   (usrParamsCtx->ovsInstance);
-    POVS_MESSAGE msgIn = instance->dumpState.ovsMsg;
+    POVS_MESSAGE msgIn = (POVS_MESSAGE)usrParamsCtx->inputBuffer;
     PNL_MSG_HDR nlMsgHdr = &(msgIn->nlMsg);
     POVS_HDR ovsHdr = &(msgIn->ovsHdr);
     PNL_MSG_HDR nlMsgOutHdr = NULL;
@@ -532,7 +532,7 @@ done:
 /*
  *----------------------------------------------------------------------------
  *  _FlowNlDumpCmdHandler --
- *    Handler for OVS_FLOW_CMD_GET command.
+ *    Handler for OVS_FLOW_CMD_DUMP command.
  *----------------------------------------------------------------------------
  */
 NTSTATUS