fix(ovn): add null check before sbrec delete calls

[oilbeater]

Summary

• Add a patch for OVN (branch-25.03) that adds null pointer checks before calling sbrec_port_binding_delete, sbrec_bfd_delete, and sbrec_encap_delete
• Prevents potential null pointer dereference crashes in northd and ovn-sbctl
• Applies the patch during the OVN build in Dockerfile.base

Changes

• dist/images/patches/sbrec-delete-null-check.patch: New patch file with null checks in three locations:
  • northd/northd.c: Check op->sb before sbrec_port_binding_delete
  • northd/northd.c: Check bfd_e->sb_bt before sbrec_bfd_delete
  • utilities/ovn-sbctl.c: Check sbctl_ch->ch_cfg->encaps[i] before sbrec_encap_delete
• dist/images/Dockerfile.base: Add and apply the new patch

Test plan

• Verify the OVN base image builds successfully with the new patch applied
• Confirm no null pointer crashes in northd when deleting port bindings
• Confirm no null pointer crashes in northd BFD table sync
• Confirm no null pointer crashes in ovn-sbctl chassis deletion

Fix #6053

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello @oilbeater, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the robustness of OVN by addressing potential null pointer dereference issues. By strategically adding null checks in critical deletion functions, it prevents crashes in core components like northd and ovn-sbctl, leading to a more stable and reliable network virtualization environment. The changes are integrated into the OVN build process to ensure consistent application.

Highlights

• Null Pointer Checks: Introduced a new patch to add null pointer checks before calls to sbrec_port_binding_delete, sbrec_bfd_delete, and sbrec_encap_delete within OVN's northd and ovn-sbctl components.
• Crash Prevention: The added checks prevent potential null pointer dereference crashes, enhancing the stability of northd and ovn-sbctl.
• Build Process Integration: The new patch is now applied during the OVN build process by updating Dockerfile.base.

Changelog

• dist/images/Dockerfile.base
  • Added a new patch file sbrec-delete-null-check.patch to the build context.
  • Modified the OVN build script to apply the sbrec-delete-null-check.patch during compilation.
• dist/images/patches/sbrec-delete-null-check.patch
  • Created a new patch file.
  • Added a null check for op->sb before calling sbrec_port_binding_delete in northd/northd.c.
  • Added a null check for bfd_e->sb_bt before calling sbrec_bfd_delete in northd/northd.c.
  • Added a null check for sbctl_ch->ch_cfg->encaps[i] before calling sbrec_encap_delete in utilities/ovn-sbctl.c.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[dosubot]

Related Documentation

Checked 0 published document(s) in 1 knowledge base(s). No updates required.

^{How did I do? Any feedback?}  

[gemini-code-assist]

Code Review

The pull request introduces a new patch to add null pointer checks before sbrec_port_binding_delete, sbrec_bfd_delete, and sbrec_encap_delete calls in OVN. This is a critical improvement to prevent potential null pointer dereference crashes, enhancing the stability of northd and ovn-sbctl. The changes also correctly integrate this new patch into the Dockerfile.base for the OVN build process. The implementation of the null checks is straightforward and directly addresses the identified vulnerability.

[gemini-code-assist]

Adding a null check for op->sb before calling sbrec_port_binding_delete is a critical fix. This prevents potential null pointer dereferences, which could lead to crashes in northd.

[gemini-code-assist]

The addition of bfd_e->sb_bt null check before sbrec_bfd_delete is a crucial improvement. This addresses a potential crash scenario in the BFD table synchronization within northd.

[gemini-code-assist]

Implementing a null check for sbctl_ch->ch_cfg->encaps[i] before sbrec_encap_delete is vital. This prevents crashes in ovn-sbctl when handling chassis deletion, especially if an encapsulation entry is unexpectedly null.

[gemini-code-assist]

The patch application for sbrec-delete-null-check.patch is correctly added. This ensures that the critical null checks are applied during the OVN build process, preventing potential crashes.

[coveralls]

Pull Request Test Coverage Report for Build 22278762748

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 23.057%

---

Totals
Change from base Build 22272109217:	0.0%
Covered Lines:	12533
Relevant Lines:	54357

---

💛 - Coveralls