Thanks for fixing this Lorenzo. Acked-by: Mark Michelson <[email protected]>
On 4/15/22 14:17, Lorenzo Bianconi wrote:
Avoid the following crash in ovn-trace due to a reject action infinite loop: AddressSanitizer:DEADLYSIGNAL ==569410==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc0a991bc4 (pc 0x000000415081 bp 0x7ffc0a993fa0 sp 0x7ffc0a991b30 T0) #0 0x415081 in trace_actions utilities/ovn-trace.c:2617 #1 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #2 0x41d878 in trace__ utilities/ovn-trace.c:3007 #3 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #4 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #5 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #6 0x41d878 in trace__ utilities/ovn-trace.c:3007 #7 0x41788d in execute_next utilities/ovn-trace.c:2307 #8 0x41788d in trace_actions utilities/ovn-trace.c:2644 #9 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 #10 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 #11 0x419671 in execute_reject utilities/ovn-trace.c:2049 #12 0x419671 in trace_actions utilities/ovn-trace.c:2860 #13 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #14 0x41d878 in trace__ utilities/ovn-trace.c:3007 #15 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #16 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #17 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #18 0x41d878 in trace__ utilities/ovn-trace.c:3007 #19 0x41788d in execute_next utilities/ovn-trace.c:2307 #20 0x41788d in trace_actions utilities/ovn-trace.c:2644 #21 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 #22 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 #23 0x419671 in execute_reject utilities/ovn-trace.c:2049 #24 0x419671 in trace_actions utilities/ovn-trace.c:2860 #25 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #26 0x41d878 in trace__ utilities/ovn-trace.c:3007 #27 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #28 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #29 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #30 0x41d878 in trace__ utilities/ovn-trace.c:3007 #31 0x41788d in execute_next utilities/ovn-trace.c:2307 #32 0x41788d in trace_actions utilities/ovn-trace.c:2644 #33 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 #34 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 #35 0x419671 in execute_reject utilities/ovn-trace.c:2049 #36 0x419671 in trace_actions utilities/ovn-trace.c:2860 #37 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #38 0x41d878 in trace__ utilities/ovn-trace.c:3007 #39 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #40 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #41 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #42 0x41d878 in trace__ utilities/ovn-trace.c:3007 #43 0x41788d in execute_next utilities/ovn-trace.c:2307 .... The issue can be triggered with the following reproducer: $ovn-nbctl ls-add sw $ovn-nbctl lsp-add sw p1 $ovn-nbctl lsp-set-addresses p1 "00:00:00:00:00:02 192.168.0.2" $ovn-nbctl lsp-add sw p2 $ovn-nbctl lsp-set-addresses p2 "00:00:00:00:00:03 192.168.0.3" $ovn-nbctl pg-add pg1 p1 p2 $ovn-nbctl acl-add pg1 to-lport 2003 "inport==@pg1 && ip4 && ip4.src == 192.168.0.0/16 && udp && udp.dst == 9000" allow $ovn-nbctl acl-add pg1 to-lport 2001 "inport==@pg1" reject $ovn-trace 'inport == "p2" && eth.src == 00:00:00:00:00:03 && eth.dst == 00:00:00:00:00:02 && ip.ttl==42 && ip4.src == 192.168.0.3' Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2074537 Signed-off-by: Lorenzo Bianconi <[email protected]> --- utilities/ovn-trace.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/utilities/ovn-trace.c b/utilities/ovn-trace.c index 4b652828d..b7460322e 100644 --- a/utilities/ovn-trace.c +++ b/utilities/ovn-trace.c @@ -1802,6 +1802,10 @@ execute_icmp4(const struct ovnact_nest *on, { struct flow icmp4_flow = *uflow;+ if (loopback && icmp4_flow.tp_src == htons(ICMP4_DST_UNREACH)) {+ return; /* Avoid recirculation. */ + } + /* Update fields for ICMP. */ if (loopback) { icmp4_flow.dl_dst = uflow->dl_src; @@ -1834,6 +1838,10 @@ execute_icmp6(const struct ovnact_nest *on, { struct flow icmp6_flow = *uflow;+ if (loopback && icmp6_flow.tp_src == htons(ICMP6_DST_UNREACH)) {+ return; /* Avoid recirculation. */ + } + /* Update fields for ICMPv6. */ if (loopback) { icmp6_flow.dl_dst = uflow->dl_src; @@ -1933,6 +1941,11 @@ execute_tcp_reset(const struct ovnact_nest *on, bool loopback, enum ovnact_pipeline pipeline, struct ovs_list *super) { + struct flow tcp_flow = *uflow; + if (loopback && tcp_flow.tcp_flags == htons(TCP_RST)) { + return; /* Avoid recirculation. */ + } + if (get_dl_type(uflow) == htons(ETH_TYPE_IP)) { execute_tcp4_reset(on, dp, uflow, table_id, loopback, pipeline, super); } else { @@ -1965,6 +1978,7 @@ execute_sctp4_abort(const struct ovnact_nest *on, sctp_flow.nw_ttl = 255; sctp_flow.tp_src = uflow->tp_src; sctp_flow.tp_dst = uflow->tp_dst; + sctp_flow.tcp_flags = htons(TCP_RST);struct ovntrace_node *node = ovntrace_node_append(super, OVNTRACE_NODE_TRANSFORMATION, "sctp_abort"); @@ -2014,6 +2028,11 @@ execute_sctp_abort(const struct ovnact_nest *on, bool loopback, enum ovnact_pipeline pipeline, struct ovs_list *super) { + struct flow sctp_flow = *uflow; + if (loopback && sctp_flow.tcp_flags == htons(TCP_RST)) { + return; /* Avoid recirculation. */ + } + if (get_dl_type(uflow) == htons(ETH_TYPE_IP)) { execute_sctp4_abort(on, dp, uflow, table_id, loopback, pipeline, super);
_______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
