[ovs-git] [openvswitch/ovs] e92669: compat: Fix IPv6 frag expiry crash.

GitHub noreply at github.com
Tue Aug 2 01:50:17 UTC 2016


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: e92669badd3f1b17fd3f6247b45f3de129bc108f
      https://github.com/openvswitch/ovs/commit/e92669badd3f1b17fd3f6247b45f3de129bc108f
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-08-01 (Mon, 01 Aug 2016)

  Changed paths:
    M datapath/linux/compat/nf_conntrack_reasm.c

  Log Message:
  -----------
  compat: Fix IPv6 frag expiry crash.

If a user sends some fragments of an IPv6 message through OVS, but OVS
fails to assemble the IPv6 message and the OVS module is then unloaded
before the fragments expire, it could lead to a kernel panic like the
following:

Call Trace:
 <IRQ>
 [<ffffffff810e1919>] ? call_timer_fn+0x39/0x130
 [<ffffffff810e31fe>] run_timer_softirq+0x20e/0x2c0
 [<ffffffff8107dd0d>] __do_softirq+0xdd/0x290
 [<ffffffff817c5bdc>] do_softirq_own_stack+0x1c/0x30
 <EOI>
 [<ffffffff8107df5f>] do_softirq+0x4f/0x60
 [<ffffffff8107dff5>] __local_bh_enable_ip+0x85/0x90
 [<ffffffff8173994f>] inet_frags_exit_net+0x6f/0xc0
 [<ffffffffc00c02a3>] nf_ct_net_exit+0x43/0x50 [nf_defrag_ipv6]
 [<ffffffff816ae528>] ops_exit_list.isra.4+0x38/0x60
 [<ffffffff816ae656>] unregister_pernet_operations+0x96/0xe0
 [<ffffffff816ae6c5>] unregister_pernet_subsys+0x25/0x40
 [<ffffffffc00c1315>] nf_ct_frag6_cleanup+0x15/0x23 [nf_defrag_ipv6]
 [<ffffffffc00c133d>] nf_defrag_fini+0x1a/0xcdd [nf_defrag_ipv6]
 [<ffffffff810fbedd>] SyS_delete_module+0x18d/0x220
 [<ffffffff817c40b2>] entry_SYSCALL_64_fastpath+0x16/0x75
Code:  Bad RIP value.
RIP  [<ffffffffc030f990>] 0xffffffffc030f990
 RSP <ffff88007a043e90>
CR2: ffffffffc030f990
---[ end trace 3bd8c1bbc4478fe2 ]---
Kernel panic - not syncing: Fatal exception in interrupt

Fixes: 73b09aff14c7 ("compat: Backport IPv6 reassembly.")
Reported-by: Jarno Rajahalme <jarno at ovn.org>
Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Pravin B Shelar <pshelar at ovn.org>


  Commit: ccd0a13bfa5121b1d2215d7811056d9310ad1e31
      https://github.com/openvswitch/ovs/commit/ccd0a13bfa5121b1d2215d7811056d9310ad1e31
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-08-01 (Mon, 01 Aug 2016)

  Changed paths:
    M acinclude.m4
    M datapath/linux/compat/include/net/inet_frag.h
    M datapath/linux/compat/inet_fragment.c
    M datapath/linux/compat/ip_fragment.c
    M datapath/linux/compat/nf_conntrack_reasm.c

  Log Message:
  -----------
  compat: Simplify inet_fragment backports.

The core fragmentation handling logic is exported on all supported
kernels, so it's not necessary to backport the latest version of this.
This greatly simplifies the code due to inconsistencies between the old
per-lookup garbage collection and the newer workqueue based garbage
collection.

As a result of simplifying and removing unnecessary backport code, a few
bugs are fixed for corner cases such as when some fragments remain in
the fragment cache when openvswitch is unloaded.

Some backported ip functions need a little extra logic than what is seen
on the latest code due to this, for instance on kernels <3.17:
* Call inet_frag_evictor() before defrag
* Limit hashsize in ip{,6}_fragment logic

The pernet init/exit logic also differs a little from upstream. Upstream
ipv[46]_defrag logic initializes the various pernet fragment parameters
and its own global fragments cache. In the OVS backport, the pernet
parameters are shared while the fragments cache is separate. The
backport relies upon upstream pernet initialization to perform the
shared setup, and performs no pernet initialization of its own. When it
comes to pernet exit however, the backport must ensure that all
OVS-specific fragment state is cleared, while the shared state remains
untouched so that the regular ipv[46] logic may do its own cleanup. In
practice this means that OVS must have its own divergent implementation
of inet_frags_exit_net().

Fixes the following crash:

Call Trace:
 <IRQ>
 [<ffffffff810744f6>] ? call_timer_fn+0x36/0x100
 [<ffffffff8107548f>] run_timer_softirq+0x1ef/0x2f0
 [<ffffffff8106cccc>] __do_softirq+0xec/0x2c0
 [<ffffffff8106d215>] irq_exit+0x105/0x110
 [<ffffffff81737095>] smp_apic_timer_interrupt+0x45/0x60
 [<ffffffff81735a1d>] apic_timer_interrupt+0x6d/0x80
 <EOI>
 [<ffffffff8104f596>] ? native_safe_halt+0x6/0x10
 [<ffffffff8101cb2f>] default_idle+0x1f/0xc0
 [<ffffffff8101d406>] arch_cpu_idle+0x26/0x30
 [<ffffffff810bf3a5>] cpu_startup_entry+0xc5/0x290
 [<ffffffff810415ed>] start_secondary+0x21d/0x2d0
Code:  Bad RIP value.
RIP  [<ffffffffa0177480>] 0xffffffffa0177480
 RSP <ffff88003f703e78>
CR2: ffffffffa0177480
---[ end trace eb98ca80ba07bd9c ]---
Kernel panic - not syncing: Fatal exception in interrupt

Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Pravin B Shelar <pshelar at ovn.org>


  Commit: c5c06de4bf8181b1d5ff5de48ce91e666a6f4c0d
      https://github.com/openvswitch/ovs/commit/c5c06de4bf8181b1d5ff5de48ce91e666a6f4c0d
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-08-01 (Mon, 01 Aug 2016)

  Changed paths:
    M datapath/linux/Modules.mk
    R datapath/linux/compat/include/linux/ipv6.h
    R datapath/linux/compat/reassembly.c

  Log Message:
  -----------
  compat: Remove ip6_expire_frag_queue().

This was previously backported to fix issues with our inet_fragment
backport; with that largely gone, we can get rid of this too.

Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Pravin B Shelar <pshelar at ovn.org>


  Commit: fc00853c9cda8015fc521ae48752e1d46195527c
      https://github.com/openvswitch/ovs/commit/fc00853c9cda8015fc521ae48752e1d46195527c
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-08-01 (Mon, 01 Aug 2016)

  Changed paths:
    M datapath/linux/compat/nf_conntrack_reasm.c

  Log Message:
  -----------
  compat: IPv6 fragmentation backport cleanups.

Remove a couple of functions that are available on all supported kernel
versions.

Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Pravin B Shelar <pshelar at ovn.org>


  Commit: 78f4537f72cb1cdb4cf851e03477c43a9f7554e5
      https://github.com/openvswitch/ovs/commit/78f4537f72cb1cdb4cf851e03477c43a9f7554e5
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-08-01 (Mon, 01 Aug 2016)

  Changed paths:
    M datapath/linux/compat/include/net/inet_frag.h

  Log Message:
  -----------
  compat: Remove inet_frag_evictor backport.

Kernel 3.7 and lower are now unsupported, remove this fragment.

Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Pravin B Shelar <pshelar at ovn.org>


  Commit: 5e9c7f2bcf75c2d730b0095d536dfbc39bff6475
      https://github.com/openvswitch/ovs/commit/5e9c7f2bcf75c2d730b0095d536dfbc39bff6475
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-08-01 (Mon, 01 Aug 2016)

  Changed paths:
    M datapath/linux/compat/ip_fragment.c
    M datapath/linux/compat/nf_conntrack_reasm.c

  Log Message:
  -----------
  compat: Only call nf_defrag_ipv[46]_enable() once.

This function is just a dummy to ensure that the corresponding netfilter
fragment module is loaded, to initialize the shared structures. But it
doesn't need to be invoked once per namespace; one call per protocol
should do the trick.

Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Pravin B Shelar <pshelar at ovn.org>


  Commit: 38f453801bc12017fe1d64be0eb7b2dd5db57c86
      https://github.com/openvswitch/ovs/commit/38f453801bc12017fe1d64be0eb7b2dd5db57c86
  Author: Joe Stringer <joe at ovn.org>
  Date:   2016-08-01 (Mon, 01 Aug 2016)

  Changed paths:
    M acinclude.m4
    M datapath/linux/compat/include/net/inet_frag.h
    M datapath/linux/compat/ip_fragment.c
    M datapath/linux/compat/nf_conntrack_reasm.c

  Log Message:
  -----------
  compat: Properly handle fragment lru.

In kernels <=3.16 there is an LRU for managing fragment queues for IPv4
and IPv6. Because the backport code comes from more recent upstream
versions of Linux, this LRU management was missing from ip_frag_queue()
and nf_ct_frag6_queue().

Fixes: 595e069a0634 ("compat: Backport IPv4 reassembly.")
Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Pravin B Shelar <pshelar at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/c34a87b6c570...38f453801bc1


More information about the git mailing list