[ovs-dev] [PATCH v2] dp-packet: Fix use of uninitialised value at emc_lookup.

William Tu u9012063 at gmail.com
Wed Apr 6 23:28:51 UTC 2016


Valgrind reports "Conditional jump or move depends on uninitialised value"
and "Use of uninitialised value" at case 2016 ovn -- 3 HVs, 1 LS, 3
lports/HV.  It is caused by 1) assigning an uninitialized value to 'key->hash'
at emc_processing(). Due to uninit rss_hash_valid, dp_packet_rss_valid() might
return true and undefined hash value is returned, and 2) at emc_lookup, the
'current_entry->key.hash' could be uninitialized due to dp_packet_clone().
The patch fixes the two and as a result, a couple of calls to
dp_packet_rss_valid() become redundant and thus are removed.

Call stacks:
- Connditional jump or move depends on uninitialised value(s)
    dpif_netdev_packet_get_rss_hash (dpif-netdev.c:3334)
    emc_processing (dpif-netdev.c:3455)
    dp_netdev_input__ (dpif-netdev.c:3639)
and,
- Use of uninitialised value of size 8
    emc_lookup (dpif-netdev.c:1785)
    emc_processing (dpif-netdev.c:3457)
    dp_netdev_input__ (dpif-netdev.c:3639)

Signed-off-by: William Tu <u9012063 at gmail.com>
---
v1->v2
    - use dp_packet_rss_invalidate() instead of direct assignment
    - fix dp_packet_clone_with_headroom()
    - remove redundant dp_packet_rss_invalidate()
---
 lib/dp-packet.c    | 16 +++++++++++++++-
 lib/netdev-bsd.c   |  1 -
 lib/netdev-dummy.c |  1 -
 lib/netdev-linux.c |  1 -
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/lib/dp-packet.c b/lib/dp-packet.c
index aec7fe7..0c85d50 100644
--- a/lib/dp-packet.c
+++ b/lib/dp-packet.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
+ * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2016 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,6 +29,7 @@ dp_packet_init__(struct dp_packet *b, size_t allocated, enum dp_packet_source so
     b->source = source;
     dp_packet_reset_offsets(b);
     pkt_metadata_init(&b->md, 0);
+    dp_packet_rss_invalidate(b);
 }
 
 static void
@@ -167,6 +168,19 @@ dp_packet_clone_with_headroom(const struct dp_packet *buffer, size_t headroom)
     new_buffer->l3_ofs = buffer->l3_ofs;
     new_buffer->l4_ofs = buffer->l4_ofs;
     new_buffer->md = buffer->md;
+#ifdef DPDK_NETDEV
+    new_buffer->mbuf.ol_flags = buffer->mbuf.ol_flags;
+#else
+    new_buffer->rss_hash_valid = buffer->rss_hash_valid;
+#endif
+
+    if (dp_packet_rss_valid(new_buffer)) {
+#ifdef DPDK_NETDEV
+        new_buffer->mbuf.hash.rss = buffer->mbuf.hash.rss;
+#else
+        new_buffer->rss_hash = buffer->rss_hash;
+#endif
+    }
 
     return new_buffer;
 }
diff --git a/lib/netdev-bsd.c b/lib/netdev-bsd.c
index 75bd5a3..49c05f4 100644
--- a/lib/netdev-bsd.c
+++ b/lib/netdev-bsd.c
@@ -641,7 +641,6 @@ netdev_bsd_rxq_recv(struct netdev_rxq *rxq_, struct dp_packet **packets,
         dp_packet_delete(packet);
     } else {
         dp_packet_pad(packet);
-        dp_packet_rss_invalidate(packet);
         packets[0] = packet;
         *c = 1;
     }
diff --git a/lib/netdev-dummy.c b/lib/netdev-dummy.c
index edc86fa..a1013ff 100644
--- a/lib/netdev-dummy.c
+++ b/lib/netdev-dummy.c
@@ -905,7 +905,6 @@ netdev_dummy_rxq_recv(struct netdev_rxq *rxq_, struct dp_packet **arr,
     ovs_mutex_unlock(&netdev->mutex);
 
     dp_packet_pad(packet);
-    dp_packet_rss_invalidate(packet);
 
     arr[0] = packet;
     *c = 1;
diff --git a/lib/netdev-linux.c b/lib/netdev-linux.c
index 3f5b608..a7d7ac7 100644
--- a/lib/netdev-linux.c
+++ b/lib/netdev-linux.c
@@ -1116,7 +1116,6 @@ netdev_linux_rxq_recv(struct netdev_rxq *rxq_, struct dp_packet **packets,
         dp_packet_delete(buffer);
     } else {
         dp_packet_pad(buffer);
-        dp_packet_rss_invalidate(buffer);
         packets[0] = buffer;
         *c = 1;
     }
-- 
2.5.0




More information about the dev mailing list