Avoid the following crash in ovn-trace due to a reject action infinite
loop:
AddressSanitizer:DEADLYSIGNAL
==569410==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc0a991bc4 (pc
0x000000415081 bp 0x7ffc0a993fa0 sp 0x7ffc0a991b30 T0)
#0 0x415081 in trace_actions utilities/ovn-trace.c:2617
#1 0x41d878 in trace_actions utilities/ovn-trace.c:2622
#2 0x41d878 in trace__ utilities/ovn-trace.c:3007
#3 0x41e3a8 in execute_output utilities/ovn-trace.c:1700
#4 0x416fcf in trace_actions utilities/ovn-trace.c:2640
#5 0x41d878 in trace_actions utilities/ovn-trace.c:2622
#6 0x41d878 in trace__ utilities/ovn-trace.c:3007
#7 0x41788d in execute_next utilities/ovn-trace.c:2307
#8 0x41788d in trace_actions utilities/ovn-trace.c:2644
#9 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622
#10 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985
#11 0x419671 in execute_reject utilities/ovn-trace.c:2049
#12 0x419671 in trace_actions utilities/ovn-trace.c:2860
#13 0x41d878 in trace_actions utilities/ovn-trace.c:2622
#14 0x41d878 in trace__ utilities/ovn-trace.c:3007
#15 0x41e3a8 in execute_output utilities/ovn-trace.c:1700
#16 0x416fcf in trace_actions utilities/ovn-trace.c:2640
#17 0x41d878 in trace_actions utilities/ovn-trace.c:2622
#18 0x41d878 in trace__ utilities/ovn-trace.c:3007
#19 0x41788d in execute_next utilities/ovn-trace.c:2307
#20 0x41788d in trace_actions utilities/ovn-trace.c:2644
#21 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622
#22 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985
#23 0x419671 in execute_reject utilities/ovn-trace.c:2049
#24 0x419671 in trace_actions utilities/ovn-trace.c:2860
#25 0x41d878 in trace_actions utilities/ovn-trace.c:2622
#26 0x41d878 in trace__ utilities/ovn-trace.c:3007
#27 0x41e3a8 in execute_output utilities/ovn-trace.c:1700
#28 0x416fcf in trace_actions utilities/ovn-trace.c:2640
#29 0x41d878 in trace_actions utilities/ovn-trace.c:2622
#30 0x41d878 in trace__ utilities/ovn-trace.c:3007
#31 0x41788d in execute_next utilities/ovn-trace.c:2307
#32 0x41788d in trace_actions utilities/ovn-trace.c:2644
#33 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622
#34 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985
#35 0x419671 in execute_reject utilities/ovn-trace.c:2049
#36 0x419671 in trace_actions utilities/ovn-trace.c:2860
#37 0x41d878 in trace_actions utilities/ovn-trace.c:2622
#38 0x41d878 in trace__ utilities/ovn-trace.c:3007
#39 0x41e3a8 in execute_output utilities/ovn-trace.c:1700
#40 0x416fcf in trace_actions utilities/ovn-trace.c:2640
#41 0x41d878 in trace_actions utilities/ovn-trace.c:2622
#42 0x41d878 in trace__ utilities/ovn-trace.c:3007
#43 0x41788d in execute_next utilities/ovn-trace.c:2307
....
The issue can be triggered with the following reproducer:
$ovn-nbctl ls-add sw
$ovn-nbctl lsp-add sw p1
$ovn-nbctl lsp-set-addresses p1 "00:00:00:00:00:02 192.168.0.2"
$ovn-nbctl lsp-add sw p2
$ovn-nbctl lsp-set-addresses p2 "00:00:00:00:00:03 192.168.0.3"
$ovn-nbctl pg-add pg1 p1 p2
$ovn-nbctl acl-add pg1 to-lport 2003 "inport==@pg1 && ip4 && ip4.src ==
192.168.0.0/16 && udp && udp.dst == 9000" allow
$ovn-nbctl acl-add pg1 to-lport 2001 "inport==@pg1" reject
$ovn-trace 'inport == "p2" && eth.src == 00:00:00:00:00:03 && eth.dst ==
00:00:00:00:00:02 && ip.ttl==42 && ip4.src == 192.168.0.3'
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2074537
Signed-off-by: Lorenzo Bianconi <[email protected]>
---
utilities/ovn-trace.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/utilities/ovn-trace.c b/utilities/ovn-trace.c
index 4b652828d..b7460322e 100644
--- a/utilities/ovn-trace.c
+++ b/utilities/ovn-trace.c
@@ -1802,6 +1802,10 @@ execute_icmp4(const struct ovnact_nest *on,
{
struct flow icmp4_flow = *uflow;
+ if (loopback && icmp4_flow.tp_src == htons(ICMP4_DST_UNREACH)) {
+ return; /* Avoid recirculation. */
+ }
+
/* Update fields for ICMP. */
if (loopback) {
icmp4_flow.dl_dst = uflow->dl_src;
@@ -1834,6 +1838,10 @@ execute_icmp6(const struct ovnact_nest *on,
{
struct flow icmp6_flow = *uflow;
+ if (loopback && icmp6_flow.tp_src == htons(ICMP6_DST_UNREACH)) {
+ return; /* Avoid recirculation. */
+ }
+
/* Update fields for ICMPv6. */
if (loopback) {
icmp6_flow.dl_dst = uflow->dl_src;
@@ -1933,6 +1941,11 @@ execute_tcp_reset(const struct ovnact_nest *on,
bool loopback, enum ovnact_pipeline pipeline,
struct ovs_list *super)
{
+ struct flow tcp_flow = *uflow;
+ if (loopback && tcp_flow.tcp_flags == htons(TCP_RST)) {
+ return; /* Avoid recirculation. */
+ }
+
if (get_dl_type(uflow) == htons(ETH_TYPE_IP)) {
execute_tcp4_reset(on, dp, uflow, table_id, loopback, pipeline, super);
} else {
@@ -1965,6 +1978,7 @@ execute_sctp4_abort(const struct ovnact_nest *on,
sctp_flow.nw_ttl = 255;
sctp_flow.tp_src = uflow->tp_src;
sctp_flow.tp_dst = uflow->tp_dst;
+ sctp_flow.tcp_flags = htons(TCP_RST);
struct ovntrace_node *node = ovntrace_node_append(
super, OVNTRACE_NODE_TRANSFORMATION, "sctp_abort");
@@ -2014,6 +2028,11 @@ execute_sctp_abort(const struct ovnact_nest *on,
bool loopback, enum ovnact_pipeline pipeline,
struct ovs_list *super)
{
+ struct flow sctp_flow = *uflow;
+ if (loopback && sctp_flow.tcp_flags == htons(TCP_RST)) {
+ return; /* Avoid recirculation. */
+ }
+
if (get_dl_type(uflow) == htons(ETH_TYPE_IP)) {
execute_sctp4_abort(on, dp, uflow, table_id, loopback,
pipeline, super);
--
2.35.1
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
