[ovs-git] [openvswitch/ovs] f11120: datapath: fix panic with multiple vlan headers
GitHub
noreply at github.com
Mon Sep 8 17:44:30 UTC 2014
Branch: refs/heads/master
Home: https://github.com/openvswitch/ovs
Commit: f1112037df05e70f92abe7e2f25ece9f6d766003
https://github.com/openvswitch/ovs/commit/f1112037df05e70f92abe7e2f25ece9f6d766003
Author: Jiri Benc <jbenc at redhat.com>
Date: 2014-09-08 (Mon, 08 Sep 2014)
Changed paths:
M datapath/actions.c
Log Message:
-----------
datapath: fix panic with multiple vlan headers
When there are multiple vlan headers present in a received frame, the
first one is put into vlan_tci and protocol is set to ETH_P_8021Q.
Anything in the skb beyond the VLAN TPID may be still non-linear,
including the inner TCI and ethertype. While ovs_flow_extract takes
care of IP and IPv6 headers, it does nothing with ETH_P_8021Q. Later,
if OVS_ACTION_ATTR_POP_VLAN is executed, __pop_vlan_tci pulls the
next vlan header into vlan_tci.
This leads to two things:
1. Part of the resulting ethernet header is in the non-linear part of
the skb. When eth_type_trans is called later as the result of
OVS_ACTION_ATTR_OUTPUT, kernel BUGs in __skb_pull. Also,
__pop_vlan_tci is in fact accessing random data when it reads
past the TPID.
2. network_header points into the ethernet header instead of behind it.
mac_len is set to a wrong value (10), too.
Reported-by: Yulong Pei <ypei at redhat.com>
Signed-off-by: Jiri Benc <jbenc at redhat.com>
I have dropped second change. Since it assumes inner mac header is of
ETH_HLEN len which is not always true.
Signed-off-by: Pravin B Shelar <pshelar at nicira.com>
Commit: a7d607c58dcc2a58b39b49f06257744c8ac0da82
https://github.com/openvswitch/ovs/commit/a7d607c58dcc2a58b39b49f06257744c8ac0da82
Author: Li RongQing <roy.qing.li at gmail.com>
Date: 2014-09-08 (Mon, 08 Sep 2014)
Changed paths:
M datapath/datapath.c
Log Message:
-----------
datapath: distinguish between the dropped and consumed skb
distinguish between the dropped and consumed skb, not assume the skb
is consumed always
Cc: Thomas Graf <tgraf at noironetworks.com>
Cc: Pravin Shelar <pshelar at nicira.com>
Signed-off-by: Li RongQing <roy.qing.li at gmail.com>
Signed-off-by: Pravin B Shelar <pshelar at nicira.com>
Commit: 800711c3c2c79464d837872f681ab3d257e8fdd6
https://github.com/openvswitch/ovs/commit/800711c3c2c79464d837872f681ab3d257e8fdd6
Author: Pravin B Shelar <pshelar at nicira.com>
Date: 2014-09-08 (Mon, 08 Sep 2014)
Changed paths:
M datapath/datapath.c
Log Message:
-----------
datapath: Set packet egress_tun_info.
packet execute is setting egress_tun_info in skb->cb, rather
than packet->cb. skb is netlink msg skb. This causes corruption
in netlink skb state stored in skb->cb (NETLINK_CB) which
results in following deadlock in netlink code.
=============================================
[ INFO: possible recursive locking detected ]
3.2.62 #2
---------------------------------------------
handler55/22851 is trying to acquire lock:
(genl_mutex){+.+.+.}, at: [<ffffffff81471ad7>] genl_lock+0x17/0x20
but task is already holding lock:
(genl_mutex){+.+.+.}, at: [<ffffffff81471ad7>] genl_lock+0x17/0x20
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(genl_mutex);
lock(genl_mutex);
*** DEADLOCK ***
May be due to missing lock nesting notation
1 lock held by handler55/22851:
#0: (genl_mutex){+.+.+.}, at: [<ffffffff81471ad7>] genl_lock+0x17/0x20
stack backtrace:
Pid: 22851, comm: handler55 Tainted: G O 3.2.62 #2
Call Trace:
[<ffffffff81097bb2>] print_deadlock_bug+0xf2/0x100
[<ffffffff81099b99>] validate_chain+0x579/0x860
[<ffffffff8109a17c>] __lock_acquire+0x2fc/0x4f0
[<ffffffff8109aab0>] lock_acquire+0xa0/0x180
[<ffffffff81519070>] __mutex_lock_common+0x60/0x420
[<ffffffff8151959a>] mutex_lock_nested+0x4a/0x60
[<ffffffff81471ad7>] genl_lock+0x17/0x20
[<ffffffff81471af6>] genl_rcv+0x16/0x40
[<ffffffff8146ff72>] netlink_unicast+0x2f2/0x310
[<ffffffff81470159>] netlink_ack+0x109/0x1f0
[<ffffffff8147030b>] netlink_rcv_skb+0xcb/0xd0
[<ffffffff81471b05>] genl_rcv+0x25/0x40
[<ffffffff8146ff72>] netlink_unicast+0x2f2/0x310
[<ffffffff8147134c>] netlink_sendmsg+0x28c/0x3d0
[<ffffffff8143375f>] sock_sendmsg+0xef/0x120
[<ffffffff81435766>] ___sys_sendmsg+0x416/0x430
[<ffffffff81435949>] __sys_sendmsg+0x49/0x90
[<ffffffff814359a9>] sys_sendmsg+0x19/0x20
[<ffffffff8152432b>] system_call_fastpath+0x16/0x1b
Reported-by: Joe Stringer <joestringer at nicira.com>
Signed-off-by: Pravin B Shelar <pshelar at nicira.com>
Acked-by: Joe Stringer <joestringer at nicira.com>
Compare: https://github.com/openvswitch/ovs/compare/2c8c4fb7ff82...800711c3c2c7
More information about the git
mailing list