[ovs-git] [openvswitch/ovs] e9c363: ofp-port: Free memory on error in ofp_print_ofpst_...

GitHub noreply at github.com
Thu Oct 25 19:53:56 UTC 2018


  Branch: refs/heads/dpdk-latest
  Home:   https://github.com/openvswitch/ovs
  Commit: e9c363ee1a3dbf59ed3e15cd848ccecbc07522cb
      https://github.com/openvswitch/ovs/commit/e9c363ee1a3dbf59ed3e15cd848ccecbc07522cb
  Author: Yifeng Sun <pkusunyifeng at gmail.com>
  Date:   2018-10-23 (Tue, 23 Oct 2018)

  Changed paths:
    M lib/ofp-port.c

  Log Message:
  -----------
  ofp-port: Free memory on error in ofp_print_ofpst_port_reply

Counters in ops->custom_stats may already be valid at this error point.
This patch frees the leaked memory.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10322
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: 7587e1daa673149575149716605ef78f260d9989
      https://github.com/openvswitch/ovs/commit/7587e1daa673149575149716605ef78f260d9989
  Author: Yifeng Sun <pkusunyifeng at gmail.com>
  Date:   2018-10-23 (Tue, 23 Oct 2018)

  Changed paths:
    M lib/odp-util.c

  Log Message:
  -----------
  odp-util: Initialize nsh_hdr in odp_nsh_hdr_from_attr

For function odp_nsh_hdr_from_attr, paramemter `attr` may not contain
all necessary OVS_NSH_KEY_ATTR_ to fully initialize data of nsh_hdr.
On return, nsh_hdr can contain uninitialized values in its fields.

This patch zeroes out nsh_hdr in the beginning in order to prevent it.

Reported-by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10863
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: a1da3f297717c2de70dab88f7783117b78f85e89
      https://github.com/openvswitch/ovs/commit/a1da3f297717c2de70dab88f7783117b78f85e89
  Author: Yifeng Sun <pkusunyifeng at gmail.com>
  Date:   2018-10-23 (Tue, 23 Oct 2018)

  Changed paths:
    M lib/odp-util.c

  Log Message:
  -----------
  odp-util: Move ufid handling to odp_flow_from_string

When parse_odp_key_mask_attr runs into ufid, it returns length of ufid
without further parsing. This causes problem to set action in function
parse_odp_action where nested nlattrs are expected from ofpbuf after.

Since in all callers of parse_odp_key_mask_attr, only odp_flow_from_string
needs to understand ufid. This patch moves ufid parsing from
parse_odp_key_mask_attr out to odp_flow_from_string.

Reported-by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10850
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: 903f6c4f8a9bce51984435ca3990f2717c63f703
      https://github.com/openvswitch/ovs/commit/903f6c4f8a9bce51984435ca3990f2717c63f703
  Author: Numan Siddique <nusiddiq at redhat.com>
  Date:   2018-10-23 (Tue, 23 Oct 2018)

  Changed paths:
    M ofproto/connmgr.c
    M tests/bridge.at

  Log Message:
  -----------
  connmgr: Fix vswitchd abort when a port is added and the controller is down

We see the below trace when a port is added to a bridge and the configured
controller is down

0x00007fb002f8b207 in raise () from /lib64/libc.so.6
0x00007fb002f8c8f8 in abort () from /lib64/libc.so.6
0x00007fb004953026 in ofputil_protocol_to_ofp_version () from /lib64/libopenvswitch-2.10.so.0
0x00007fb00494e38e in ofputil_encode_port_status () from /lib64/libopenvswitch-2.10.so.0
0x00007fb004ef1c5b in connmgr_send_port_status () from /lib64/libofproto-2.10.so.0
0x00007fb004efa9f4 in ofport_install () from /lib64/libofproto-2.10.so.0
0x00007fb004efbfb2 in update_port () from /lib64/libofproto-2.10.so.0
0x00007fb004efc7f9 in ofproto_port_add () from /lib64/libofproto-2.10.so.0
0x0000556d540a3f95 in bridge_add_ports__ ()
0x0000556d540a5a47 in bridge_reconfigure ()
0x0000556d540a9199 in bridge_run ()
0x0000556d540a02a5 in main ()

The abort is because of ofputil_protocol_to_ofp_version() is called with invalid
protocol - OFPUTIL_P_NONE. Please see [1] for more details. Similar aborts are
seen as reported in [2].

The commit [3] changed the behavior of the function rconn_get_version().
Before the commit [3], the function ofconn_receives_async_msg() would always
return false if the connection to the controller was down, since
rconn_get_version() used to return -1. This patch now checks the rconn
connection status in ofconn_receives_async_msg() and returns false if not
connected. This would avoid the aborts seen in the above stack trace.

The issue can be reproduced by running the test added in this patch
without the fix.

[1] - https://bugzilla.redhat.com/show_bug.cgi?id=1640045
[2] - https://bugzilla.redhat.com/show_bug.cgi?id=1637926

[3] - 476d2551ab ("rconn: Introduce new invariant to fix assertion failure in corner case.")

Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Eelco Chaudron <echaudro at redhat.com>


  Commit: aa1a0f1aaf6a772327b712d0507735af5b8c791d
      https://github.com/openvswitch/ovs/commit/aa1a0f1aaf6a772327b712d0507735af5b8c791d
  Author: Bhargava Shastry <bshastry at sect.tu-berlin.de>
  Date:   2018-10-23 (Tue, 23 Oct 2018)

  Changed paths:
    M tests/oss-fuzz/automake.mk
    A tests/oss-fuzz/config/ofctl_parse_target.options
    A tests/oss-fuzz/config/ofp-flow.dict
    A tests/oss-fuzz/ofctl_parse_target.c

  Log Message:
  -----------
  ossfuzz: Add ofctl parse target

This patch adds a new target called ofctl_parse_target to
ossfuzz. The main idea is to begin to fuzz APIs from the ofctl utility
program. At a later point, these may be added. For the moment, this patch
only fuzzes APIs that parse flow mod commands.

This target is demonstrably capable of finding memory corruption defects
in the parsing path. To aid the fuzzing process, a dictionary file
containing tokens specific to this parsing path have been added.

Signed-off-by: Bhargava Shastry <bshastry at sect.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp at ovn.org>


  Commit: 3fe1232de9b2df55eb083e3100ae5e509b8aa090
      https://github.com/openvswitch/ovs/commit/3fe1232de9b2df55eb083e3100ae5e509b8aa090
  Author: Alin Gabriel Serdean <aserdean at ovn.org>
  Date:   2018-10-24 (Wed, 24 Oct 2018)

  Changed paths:
    M ovn/utilities/ovn-nbctl.c

  Log Message:
  -----------
  windows, ovn-nbctl: Add service_start call inside the server loop

Currently all ovn-nbctl (daemon) tests are failing due to the missing
call to `service_start` which is required on Windows.

Windows lacks fork so we need to pass all arguments, so we can spawn a new
process and interpret it properly when calling `service_start`.

Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Co-authored-by: Ben Pfaff <blp at ovn.org>
Acked-by: Anand Kumar <kumaranand at vmware.com>


  Commit: 2ef3f7535619b9a4fcf000a9217f3a4cc6b54aa5
      https://github.com/openvswitch/ovs/commit/2ef3f7535619b9a4fcf000a9217f3a4cc6b54aa5
  Author: Alin Gabriel Serdean <aserdean at ovn.org>
  Date:   2018-10-24 (Wed, 24 Oct 2018)

  Changed paths:
    M lib/daemon-windows.c
    M lib/daemon.h

  Log Message:
  -----------
  windows: Add set_detach function to daemon-windows.c

The daemon-windows file is missing a `set_detach` routine, so add it.

This will be useful in the long run.

Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>
Acked-by: Anand Kumar <kumaranand at vmware.com>


  Commit: 555fe6c93c150535e43399d3f4d9468782b18de1
      https://github.com/openvswitch/ovs/commit/555fe6c93c150535e43399d3f4d9468782b18de1
  Author: Anand Kumar <kumaranand at vmware.com>
  Date:   2018-10-24 (Wed, 24 Oct 2018)

  Changed paths:
    M datapath-windows/ovsext/IpHelper.c

  Log Message:
  -----------
  datapath-windows: Remove IP neighbor entries when internal adapter is down.

Remove the IP neighboring entries when adapter is down,
so that when 'OVS_IPHELPER_INSTANCE' is deleted, no stale entries
are present

Also fix accessing iphelper instance without acquiring the lock.

Signed-off-by: Anand Kumar <kumaranand at vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean at ovn.org>
Tested-by: Alin Gabriel Serdean <aserdean at ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/bafb398bf6df...555fe6c93c15
      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.


More information about the git mailing list