On Wed, Oct 14, 2020 at 8:14 AM Ilya Maximets <[email protected]> wrote: > > Hi. > > I tried to run OVN under MemorySanitizer and it found that 'nexthop' > that passed to ic_route_hash() is typically allocated on stack and > not fully initialized. 'nexthop' has type of 'struct v46_ip' which > contains a union to share space for ipv4 and ipv6 address. If only > ipv4 initialized where is a plenty of uninitialized space that goes > to hash_bytes(nexthop, sizeof *nexthop, basis). This might cause > inability to find this nexthop inside the hashmap. > > So, 'nexthop' must be fully initialized with memset in order to > avoid such problems. Another option is to use single structure > 'struct in6_addr' and map ipv4 address to it with existing api: > in6_addr_{get,set}_mapped_ipv4/IN6_IS_ADDR_V4MAPPED. >
Thanks Ilya for reporting this bug! The impact of the bug is: When a directly connected network of a router is found to be advertised, if the route already existed in the global IC-SB, it may not be found due to the hash difference, and results in the existing route being deleted and the same one recreated, unnecessarily. I fixed it here: https://patchwork.ozlabs.org/project/ovn/patch/[email protected]/ > To be honest, I do not understand why 'struct v46_ip' exist, but > that's a bit different story. > Maybe we should refactor the code to avoid this kind of problem happening again. The struct existed before and I found it convenient so just reused it (in ECMP route processing as well). Thanks, Han > Report from MemorySanitizer: > > ==3074629==WARNING: MemorySanitizer: use-of-uninitialized-value > #0 0x67177e in mhash_add__ ovs/./lib/hash.h:66:9 > #1 0x671668 in mhash_add ovs/./lib/hash.h:78:12 > #2 0x6701e9 in hash_bytes ovs/lib/hash.c:38:16 > #3 0x524b4a in add_network_to_routes_ad ic/ovn-ic.c:1095:5 > #4 0x51eea3 in route_run ic/ovn-ic.c:1424:21 > #5 0x51887b in main ic/ovn-ic.c:1674:17 > #6 0x7fd4ce7871a2 in __libc_start_main > #7 0x49c90d in _start (ic/ovn-ic+0x49c90d) > > Uninitialized value was created by an allocation of 'nexthop' in the > stack frame of function 'add_network_to_routes_ad' > #0 0x5245f0 in add_network_to_routes_ad ic/ovn-ic.c:1069 > > Best regards, Ilya Maximets. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
