[ovs-dev] Kernel BUG on Xen

Jesse Gross jesse at nicira.com
Thu Apr 22 18:51:33 UTC 2010


On Thu, Apr 22, 2010 at 2:38 PM, Nick Couchman <Nick.Couchman at seakr.com>wrote:

> >
> >  It looks like we don't properly handle the case where the packet is
> shorter
> > than it should be, i.e. the length in the header indicates it is longer
> than
> > the actual data.
> >
> > The interesting thing is that this should be checked in skb_pull_up_to(),
> > which we got directly from Xen, so at least some versions of Xen might
> have
> > the same issue.  Have you tried running without OVS?
> >
> > Obviously, we should be handling all packets without crashing, valid or
> not,
> > but I'm a little surprised that Windows would generate such a packet.
>  Does
> > this happen consistently?  Is there anything interesting about the guest?
>
> The system works fine when I'm using the native Linux bridge support, it's
> just with OVS that it crashes.  In Windows, I'm using James Harper's GPL PV
> drivers for Xen guests, so it's possible there is something in the GPL PV
> driver code that is generating a short packet.  Yes, this is extremely
> consistent - I tried several times in a row and always got just to the
> Windows login screen before I see the Kernel BUG message that I initially
> posted.  The kernel BUG message is very consistent, too - always to the same
> function with the same traceback.


Can you try applying this patch to see if it makes a difference?

diff --git a/datapath/datapath.c b/datapath/datapath.c
index e1320f2..fe90829 100644
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -554,6 +554,8 @@ static int skb_pull_up_to(struct sk_buff *skb, void
*ptr)
 {
  if (ptr < (void *)skb->tail)
  return 1;
+ if (ptr - (void *)skb->data > skb->len)
+ return 0;
  if (__pskb_pull_tail(skb,
      ptr - (void *)skb->data - skb_headlen(skb))) {
  return 1;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-dev/attachments/20100422/05ff56d6/attachment-0003.html>


More information about the dev mailing list