| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the recent Antrea project testing, some port could not be created
on Windows.
When doing debug, our team found there is one case happening when multiple
ports are waiting for be created with correct port number.
Some system type port will be created netdev successfully and it will cause
conflict as in the dpif side it will be internal type. So finally the port
will be created failed and it could not be easily recovered.
With the patch, on Windows the netdev creating will be blocked for system
type when the ovs_tyep got on dpif is internal. More detailed case description
is in the reported issue No.262 with link below.
Reported-at:https://github.com/openvswitch/ovs-issues/issues/262
Signed-off-by: Wilson Peng <pweisong@vmware.com>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
| |
Acked-by: Alin-Gabriel Serdean <aserdean@ovn.org>
Acked-by: Ian Stokes <ian.stokes@intel.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
| |
Acked-by: Alin-Gabriel Serdean <aserdean@ovn.org>
Acked-by: Ian Stokes <ian.stokes@intel.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IP fragmentation engine may not only steal the packet but also add
more. For example, after receiving the last fragment, it will
add all previous fragments to a batch. Unfortunately, it will also
free the original last fragment and replace it with a copy.
This invalidates the 'packet_clone' pointer in the dpif_netdev_execute()
leading to the use-after-free:
==3525086==ERROR: AddressSanitizer: heap-use-after-free on
address 0x61600020439c at pc 0x000000688a6d
READ of size 1 at 0x61600020439c thread T0
#0 0x688a6c in dp_packet_swap ./lib/dp-packet.h:265:5
#1 0x68781d in dpif_netdev_execute lib/dpif-netdev.c:4103:9
#2 0x6675db in dpif_netdev_operate lib/dpif-netdev.c:4129:25
#3 0x691e5e in dpif_operate lib/dpif.c:1367:13
#4 0x692909 in dpif_execute lib/dpif.c:1321:9
#5 0x5b19c6 in packet_execute ofproto/ofproto-dpif.c:4991:5
#6 0x5a2861 in ofproto_packet_out_finish ofproto/ofproto.c:3662:5
#7 0x5a65c6 in do_bundle_commit ofproto/ofproto.c:8270:13
#8 0x5a0cae in handle_bundle_control ofproto/ofproto.c:8309:17
#9 0x59a476 in handle_single_part_openflow ofproto/ofproto.c:8593:16
#10 0x5877ac in handle_openflow ofproto/ofproto.c:8674:21
#11 0x6296f1 in ofconn_run ofproto/connmgr.c:1329:13
#12 0x62925d in connmgr_run ofproto/connmgr.c:356:9
#13 0x586904 in ofproto_run ofproto/ofproto.c:1879:5
#14 0x55c830 in bridge_run__ vswitchd/bridge.c:3251:9
#15 0x55c015 in bridge_run vswitchd/bridge.c:3310:5
#16 0x575f31 in main vswitchd/ovs-vswitchd.c:127:9
#17 0x7f01099d3492 in __libc_start_main (/lib64/libc.so.6+0x23492)
#18 0x47d96d in _start (vswitchd/ovs-vswitchd+0x47d96d)
0x61600020439c is located 28 bytes inside of 560-byte region
freed by thread T0 here:
#0 0x5177a8 in free (vswitchd/ovs-vswitchd+0x5177a8)
#1 0x6b17b6 in dp_packet_delete ./lib/dp-packet.h:256:9
#2 0x6afeee in ipf_extract_frags_from_batch lib/ipf.c:947:17
#3 0x6afd63 in ipf_preprocess_conntrack lib/ipf.c:1232:9
#4 0x946b2c in conntrack_execute lib/conntrack.c:1446:5
#5 0x67e3ed in dp_execute_cb lib/dpif-netdev.c:8277:9
#6 0x7097d7 in odp_execute_actions lib/odp-execute.c:865:17
#7 0x66409e in dp_netdev_execute_actions lib/dpif-netdev.c:8322:5
#8 0x6877ad in dpif_netdev_execute lib/dpif-netdev.c:4090:5
#9 0x6675db in dpif_netdev_operate lib/dpif-netdev.c:4129:25
#10 0x691e5e in dpif_operate lib/dpif.c:1367:13
#11 0x692909 in dpif_execute lib/dpif.c:1321:9
#12 0x5b19c6 in packet_execute ofproto/ofproto-dpif.c:4991:5
#13 0x5a2861 in ofproto_packet_out_finish ofproto/ofproto.c:3662:5
#14 0x5a65c6 in do_bundle_commit ofproto/ofproto.c:8270:13
#15 0x5a0cae in handle_bundle_control ofproto/ofproto.c:8309:17
#16 0x59a476 in handle_single_part_openflow ofproto/ofproto.c:8593:16
#17 0x5877ac in handle_openflow ofproto/ofproto.c:8674:21
#18 0x6296f1 in ofconn_run ofproto/connmgr.c:1329:13
#19 0x62925d in connmgr_run ofproto/connmgr.c:356:9
#20 0x586904 in ofproto_run ofproto/ofproto.c:1879:5
#21 0x55c830 in bridge_run__ vswitchd/bridge.c:3251:9
#22 0x55c015 in bridge_run vswitchd/bridge.c:3310:5
#23 0x575f31 in main vswitchd/ovs-vswitchd.c:127:9
#24 0x7f01099d3492 in __libc_start_main (/lib64/libc.so.6+0x23492)
The issue can be reproduced with system-userspace testsuite on the
'conntrack - IPv4 fragmentation with fragments specified' test.
Previously, there was a leak inside the IP fragmentation module that
kept the original segment, so 'packet_clone' remained a valid pointer.
But commit 803ed12e31b0 ("ipf: release unhandled packets from the batch")
fixed the leak leading to use-after-free.
Using the packet from a batch instead of 'packet_clone' to swap packet
content to avoid the issue.
While investigating this problem, more issues uncovered. One of them
is that IP fragmentation engine can add more packets to the batch, but
there is no way to get them to a caller. Adding an extra branch for
this case with a 'FIXME' comment in order to highlight the issue.
Another one is that IP fragmentation engine will keep only 32 fragments
dropping all other fragments while refilling a batch, but that should
be fixed separately.
Fixes: 7e6b41ac8d9d ("dpif-netdev: Fix crash when PACKET_OUT is metered.")
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Source port is based on a packet hash and hash depends on a chosen
implementation. Masking it to avoid test failures with '-msse4.2'.
Fixes: 7e6b41ac8d9d ("dpif-netdev: Fix crash when PACKET_OUT is metered.")
Reported-by: Kumar Amber <kumar.amber@intel.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Alin-Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since 640d4db788ed ("ipf: Fix a use-after-free error, ...") the ipf
framework unconditionally allocates a new dp_packet to track
individual fragments. This prevents a use-after-free. However, an
additional issue was present - even when the packet buffer is cloned,
if the ip fragment handling code keeps it, the original buffer is
leaked during the refill loop. Even in the original processing code,
the hardcoded dnsteal branches would always leak a packet buffer from
the refill loop.
This can be confirmed with valgrind:
==717566== 16,672 (4,480 direct, 12,192 indirect) bytes in 8 blocks are definitely lost in loss record 390 of 390
==717566== at 0x484086F: malloc (vg_replace_malloc.c:380)
==717566== by 0x537BFD: xmalloc__ (util.c:137)
==717566== by 0x537BFD: xmalloc (util.c:172)
==717566== by 0x46DDD4: dp_packet_new (dp-packet.c:153)
==717566== by 0x46DDD4: dp_packet_new_with_headroom (dp-packet.c:163)
==717566== by 0x550AA6: netdev_linux_batch_rxq_recv_sock.constprop.0 (netdev-linux.c:1262)
==717566== by 0x5512AF: netdev_linux_rxq_recv (netdev-linux.c:1511)
==717566== by 0x4AB7E0: netdev_rxq_recv (netdev.c:727)
==717566== by 0x47F00D: dp_netdev_process_rxq_port (dpif-netdev.c:4699)
==717566== by 0x47FD13: dpif_netdev_run (dpif-netdev.c:5957)
==717566== by 0x4331D2: type_run (ofproto-dpif.c:370)
==717566== by 0x41DFD8: ofproto_type_run (ofproto.c:1768)
==717566== by 0x40A7FB: bridge_run__ (bridge.c:3245)
==717566== by 0x411269: bridge_run (bridge.c:3310)
==717566== by 0x406E6C: main (ovs-vswitchd.c:127)
The fix is to delete the original packet when it isn't able to be
reinserted into the packet batch. Subsequent valgrind runs show that
the packets are not leaked from the batch any longer.
Fixes: 640d4db788ed ("ipf: Fix a use-after-free error, and remove the 'do_not_steal' flag.")
Fixes: 4ea96698f667 ("Userspace datapath: Add fragmentation handling.")
Reported-by: Wan Junjie <wanjunjie@bytedance.com>
Reported-at: https://github.com/openvswitch/ovs-issues/issues/226
Signed-off-by: Aaron Conole <aconole@redhat.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Tested-by: Wan Junjie <wanjunjie@bytedance.com>
Signed-off-by: Alin-Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In one typical setup, on the Windows VM running OVS Windows Kernel, a Geneva
packet with 8021.q VLAN tag is received. Then it may do POP_VLAN action
processing in Actions.c, if the packet does not have Ieee8021QNetBufferListInfo
in the oob of the packet, it will be processed by function OvsPopVlanInPktBuf().
In the function it will go on remove VLAN header present in the nbl, but related
layers is never readjusted for the offset value at this moment. As a result, it
will cause function OvsValidateIPChecksum drop the packet.
Reported-at:https://github.com/openvswitch/ovs-issues/issues/225
Signed-off-by: wilsonpeng <pweisong@vmware.com>
Signed-off-by: Alin-Gabriel Serdean <aserdean@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to memory usage graphs, our builds are using 3GB at most.
Reducing memory requirements to 4GB to have some room. This change
doesn't affect time needed to finish the build, but should have a
slight positive effect on scheduling time on a community cluster.
And it's also not cool from our side to reserve shared resources that
we're not using, while they could be used by some other project.
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If nl_sock_join_mcgroup() returns an error, the 'sock' is freed and
set to NULL. This issues will lead to null pointer deference in
nl_sock_listen_all_nsid(). To fix it, we call nl_sock_listen_all_nsid()
before joining the mcgroups.
Fixes: cf114a7fce80 ("netlink linux: enable listening to all nsids")
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
In ovs_pcap_open(), we allocate memory for the 'p_file'
structure but not released when fopen fails.
Addresses-Coverity: ("Resource leak")
Fixes: b6e840aed03e ("pcap-file: Add nanosecond resolution pcap support.")
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes (dereference after null check) coverity issue.
For this reason, we should add null check of 'mask' before calling
nl_attr_find__() because the 'mask' maybe null.
Addresses-Coverity: ("Dereference after null check")
Fixes: e6cc0babc25d ("ovs-dpctl: Add mega flow support")
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Acked-by: Vasu Dasari <vdasari@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes (dereference after null check) coverity issue.
We should add null check of 'nsh_mask' to avoid passing NULL pointer
to memcpy() because the 'nsh_mask' maybe null.
Addresses-Coverity: ("Dereference after null check")
Fixes: 81fdabb94dd7 ("nsh: fix nested mask for OVS_KEY_ATTR_NSH")
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a PACKET_OUT has output port of OFPP_TABLE, and the rule
table includes a meter and this causes the packet to be deleted,
execute with a clone of the packet, restoring the original packet
if it is changed by the execution.
Add tests to verify the original issue is fixed, and that the fix
doesn't break tunnel processing.
Reported-by: Tony van der Peet <tony.vanderpeet@alliedtelesis.co.nz>
Signed-off-by: Tony van der Peet <tony.vanderpeet@alliedtelesis.co.nz>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in case nl_msg_nlmsgerr returns true which basically means that the
nlmsg_type == NLMSG_ERROR, we need to log the error code, besides the
descriptive representation, stored by nl_msg_nlmsgerr instead of
"error".
Fixes: 72d32ac0b3a1 ("netlink-socket: Make caller provide message receive buffers.")
Suggested-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
Reviewed-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ds_clone() crashes while trying to clone an empty dynamic string.
It happens because it doesn't check if memory was allocated and
tries to read from the NULL pointer. ds_init() doesn't allocate
any memory.
For example:
In netdev_offload_dpdk_flow_create() when an offload request fails,
dump_flow() is called to log a warning message. The 's_tnl' string
in flow_patterns gets initialized in vport_to_rte_tunnel() conditionally
via ds_put_format(). If it is not initialized, it crashes later in
dump_flow_attr()->ds_clone()->memcpy() while dereferencing this string.
To fix this, check if memory for the src string has been allocated,
before copying it to the dst string.
Fixes: fa44a4a3ff7b ("ovn-controller: Persist desired conntrack groups.")
Signed-off-by: Sriharsha Basavapatna <sriharsha.basavapatna@broadcom.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
19 bytes in 1 blocks are definitely lost in loss record 24 of 121
at 0x4839748: malloc (vg_replace_malloc.c:306)
by 0x483BD63: realloc (vg_replace_malloc.c:834)
by 0x521C26: xrealloc (util.c:149)
by 0x478F91: ds_reserve (dynamic-string.c:63)
by 0x47928B: ds_put_format_valist (dynamic-string.c:161)
by 0x47920A: ds_put_format (dynamic-string.c:142)
by 0x506DE5: process_status_msg (process.c:0)
by 0x52A6D0: fork_and_wait_for_startup (daemon-unix.c:284)
by 0x52A54D: daemonize_start (daemon-unix.c:453)
by 0x40EB3E: main (ovs-vswitchd.c:91)
Fixes: b925336a36e6 ("daemon: restart child process if it died before signaling its readiness")
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Roi Dayan <roid@nvidia.com>
|
|
|
|
|
|
| |
Fixes: 1b1d2e6daa56 ("ovsdb: Introduce experimental support for clustered databases.")
Signed-off-by: Dumitru Ceara <dceara@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a tunnel port gets added to the bridge setting the checksum option
to true:
ovs-vsctl add-port br0 geneve0 \
-- set interface geneve0 type=geneve \
options:remote_ip=<remote_ip> options:key=<key> options:csum=true
the flow dump for the outgoing traffic will include a
"bad key length 1 ..." message:
ovs-appctl dpctl/dump-flows --names -m
ufid:<>, ..., dp:tc,
actions:set(tunnel(tun_id=<>,dst=<>,ttl=64,tp_dst=6081,
key6(bad key length 1, expected 0)(01)flags(key)))
,genev_sys_6081
This is due to a mismatch present between the expected length (zero
for OVS_TUNNEL_KEY_ATTR_CSUM in ovs_tun_key_attr_lens) and the
current one.
With this patch the same flow dump becomes:
ovs-appctl dpctl/dump-flows --names -m
ufid:<>, ..., dp:tc,
actions:set(tunnel(tun_id=<>,dst=<>,ttl=64,tp_dst=6081,
flags(csum|key))),genev_sys_6081
Fixes: d9677a1f0eaf ("netdev-tc-offloads: TC csum option is not matched with tunnel configuration")
Suggested-by: Ilya Maximets <i.maximets@ovn.org>
Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As reported by Wang Liang, the way packets are passed to the ipf module
doesn't allow for use later on in reassembly. Such packets may be get
released anyway, such as during cleanup of tx processing. Because the
ipf module lacks a way of forcing the dp_packet to be retained, it
will later reuse the packet. Instead, just clone the packet and let the
ipf queue own the copy until the queue is destroyed.
After this change, there are no more in-tree users of the batch
'do_not_steal' flag. Thus, we remove it as well.
Fixes: 4ea96698f667 ("Userspace datapath: Add fragmentation handling.")
Fixes: 0b3ff31d35f5 ("dp-packet: Add 'do_not_steal' packet batch flag.")
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2021-April/382098.html
Reported-by: Wang Liang <wangliangrt@didiglobal.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Co-authored-by: Wang Liang <wangliangrt@didiglobal.com>
Signed-off-by: Wang Liang <wangliangrt@didiglobal.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ct limit requests never initializes the whole 'struct ovs_zone_limit'
sending uninitialized stack memory to kernel:
Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
at 0x5E23867: sendmsg (in /usr/lib64/libpthread-2.28.so)
by 0x54F761: nl_sock_transact_multiple__ (netlink-socket.c:858)
by 0x54FB6E: nl_sock_transact_multiple.part.9 (netlink-socket.c:1079)
by 0x54FCC0: nl_sock_transact_multiple (netlink-socket.c:1044)
by 0x54FCC0: nl_sock_transact (netlink-socket.c:1108)
by 0x550B6F: nl_transact (netlink-socket.c:1804)
by 0x53BEA2: dpif_netlink_ct_get_limits (dpif-netlink.c:3052)
by 0x588B57: dpctl_ct_get_limits (dpctl.c:2178)
by 0x586FF2: dpctl_unixctl_handler (dpctl.c:2870)
by 0x52C241: process_command (unixctl.c:310)
by 0x52C241: run_connection (unixctl.c:344)
by 0x52C241: unixctl_server_run (unixctl.c:395)
by 0x407526: main (ovs-vswitchd.c:128)
Address 0x10b87480 is 32 bytes inside a block of size 4,096 alloc'd
at 0x4C30F0B: malloc (vg_replace_malloc.c:307)
by 0x52CDE4: xmalloc (util.c:138)
by 0x4F7E07: ofpbuf_init (ofpbuf.c:123)
by 0x4F7E07: ofpbuf_new (ofpbuf.c:151)
by 0x53BDE3: dpif_netlink_ct_get_limits (dpif-netlink.c:3025)
by 0x588B57: dpctl_ct_get_limits (dpctl.c:2178)
by 0x586FF2: dpctl_unixctl_handler (dpctl.c:2870)
by 0x52C241: process_command (unixctl.c:310)
by 0x52C241: run_connection (unixctl.c:344)
by 0x52C241: unixctl_server_run (unixctl.c:395)
by 0x407526: main (ovs-vswitchd.c:128)
Uninitialised value was created by a stack allocation
at 0x46AAA0: ct_dpif_get_limits (ct-dpif.c:197)
Fix that by using designated initializers that will clear all the
non-specified fields.
Fixes: 906ff9d229ee ("dpif-netlink: Implement conntrack zone limit")
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Mark D. Gray <mark.d.gray@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'if_indextoname' may fail leaving the 'master_name' uninitialized:
Conditional jump or move depends on uninitialised value(s)
at 0x4C34329: strlen (vg_replace_strmem.c:459)
by 0x51C638: hash_string (hash.h:342)
by 0x51C638: hash_name (shash.c:28)
by 0x51CC51: shash_find (shash.c:231)
by 0x51CD38: shash_find_data (shash.c:245)
by 0x4A797F: netdev_from_name (netdev.c:2013)
by 0x544148: netdev_linux_update_lag (netdev-linux.c:676)
by 0x544148: netdev_linux_run (netdev-linux.c:769)
by 0x4A5997: netdev_run (netdev.c:186)
by 0x40752B: main (ovs-vswitchd.c:129)
Uninitialised value was created by a stack allocation
at 0x543AFA: netdev_linux_run (netdev-linux.c:722)
Fixes: d22f8927c3c9 ("netdev-linux: monitor and offload LAG slaves to TC")
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Mark D. Gray <mark.d.gray@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Apart from a cut-and-paste typo, the man page claims that mpls_labels
can be provided in hexadecimal format but that's currently not the case.
Fix mpls ofp-action formatting, add size checks on ofp-action parsing
and add some unit tests.
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using ovs-ofctl add-groups with only "switch" argument, a coredump
is generated. The main reason is that the command "ovs-ofctl add-groups"
need two arguments but the limitation of min-args of this command is
set to 1.
Fixes: 7395c05254df ("Implement OpenFlow 1.1+ "groups" protocol.")
Submitted-at: https://github.com/openvswitch/ovs/pull/360
Signed-off-by: Wang Yibo <bobxxwang@126.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For some reason /etc/hosts in GHA now contains a plain text line
like this:
Note: Don't Delete this file. Also, don't remove this line. ...
This breaks libunbound and makes a series of unit tests to emit
following warning:
|00001|dns_resolve|WARN|Failed to read etc/hosts: syntax error
Working around this issue by removing a bad line from /etc/hosts
until this fixed properly by GitHub team. This in combination
with other fixes should unblock CI.
Bug for virtual-environments:
https://github.com/actions/virtual-environments/issues/3353
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
File layout for man pages in sphinx 4 by default changed [1] from:
Documentation/_ref/man/page.section
to:
Documentation/_ref/man/section/page.section
Ajusting our build scripts so they will be able to locate files
in new places. This fixes our CI build.
[1] https://github.com/sphinx-doc/sphinx/issues/7996
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Reviewed-by: Aaron Conole <aconole@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python3 complains if a dict key is changed during the
iteration.
Use list() to create a copy of it.
Traceback (most recent call last):
File "./ovsdb/ovsdb-idlc.in", line 1581, in <module>
func(*args[1:])
File "./ovsdb/ovsdb-idlc.in", line 185, in printCIDLHeader
replace_cplusplus_keyword(schema)
File "./ovsdb/ovsdb-idlc.in", line 179, in replace_cplusplus_keyword
for columnName in table.columns:
RuntimeError: dictionary keys changed during iteration
Signed-off-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FreeBSD sometimes changes the base version of python3 that is
used for packages. This affects package names. For example,
currently CI is broken, because there is no more py37- versions
of sphinx and openssl available, only py38- ones:
pkg: No packages available to install matching 'py37-openssl'
have been found in the repositories
pkg: No packages available to install matching 'py37-sphinx'
have been found in the repositories
We had the same issue last year with 3.6 -> 3.7 transition:
dfa2e3d04948 ("cirrus: Use python 3.7 packages on FreeBSD.")
Fixing that by searching for a package instead of using a specific
version. This should help to avoid same issues in the future.
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Reviewed-by: Aaron Conole <aconole@redhat.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
GCC 11 pointed out that ofputil_group_to_string()'s prototype asks for
a buffer with one byte more than supplied. This fixes the problem.
This wasn't a buffer overflow because ofputil_group_to_string() honors
the buffer size passed in, which was correct. The worst that could
happen was truncating the last byte of a group name.
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Paolo Valerio <pvalerio@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'struct erspan_metadata' contains union with fields of different
sizes, hence not all the memory initiliazed. This memory goes
to syscalls and also used to compare ukeys with memcmp which may
cause unexpected behavior.
Thread 15 revalidator13:
Conditional jump or move depends on uninitialised value(s)
at 0x4C377B6: bcmp (vg_replace_strmem.c:1111)
by 0x43F844: ofpbuf_equal (ofpbuf.h:273)
by 0x43F844: revalidate_ukey__ (ofproto-dpif-upcall.c:2227)
by 0x43F9C9: revalidate_ukey (ofproto-dpif-upcall.c:2294)
by 0x4425C2: revalidate.isra.33 (ofproto-dpif-upcall.c:2734)
by 0x4434B8: udpif_revalidator (ofproto-dpif-upcall.c:943)
by 0x4FDE2C: ovsthread_wrapper (ovs-thread.c:383)
by 0x5E19159: start_thread (in /usr/lib64/libpthread-2.28.so)
by 0x69ECF72: clone (in /usr/lib64/libc-2.28.so)
Uninitialised value was created by a stack allocation
at 0x4B1CE0: tun_key_to_attr (odp-util.c:3129)
Fixes: 98514eea21f4 ("erspan: add kernel datapath support")
Acked-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tests/ovs-vsctl.at: Add ingress_policing test in ovs-vsctl unit test
tests/system-offloads-traffic.at: Check ingress_policing with offloads enabled and disabled
Exercise OVS setting of ingress_policing parameters using ovs-vsctl and verify that the correct values are stored on OVSDB.
Verify the ingress_policing parameters with tc command. Also check offload and non-offload in tc software datapath based on tc filter type (matchall and basic).
Example invocation:
make check TESTSUITEFLAGS='-k ingress_policing'
make check-offloads TESTSUITEFLAGS='-k ingress_policing'
Signed-off-by: Tianyu Yuan <tianyu.yuan@corigine.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Louis Peens <louis.peens@netronome.com>
Reviewed-by: Tonghao Zhang <xiangxia.m.yue@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Correct calculation of burst parameter used when configuring TC policer
action for ingress port-based policing in the case where TC offload is in
use. This now matches the value calculated for the case where TC offload is
not in use.
The division by 8 is to convert from bits to bytes.
Its unclear why 64 was previously used.
Fixes: e7f6ba220 ("lib/tc: add ingress ratelimiting support for tc-offload")
Signed-off-by: Yong Xu <yong.xu@corigine.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Louis Peens <louis.peens@netronome.com>
Reviewed-by: Tonghao Zhang <xiangxia.m.yue@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Meter commands internally use ofctl_meter_mod__() and
ofctl_meter_request__() functions, which have an optional parameter
called str. When str is NULL, these 2 functions initialize a struct
with meter bands set as NULL. It also needs to set meter n_bands to 0.
Once del-meters change in test dpif-netdev.at is added, the valgrind
report on test '992: dpif-netdev - meters' shows this issue:
Conditional jump or move depends on uninitialised value(s)
at 0x473534: ofputil_put_bands (ofp-meter.c:207)
by 0x473534: ofputil_encode_meter_mod (ofp-meter.c:557)
by 0x40FBA2: ofctl_meter_mod__ (ovs-ofctl.c:4038)
by 0x417BD3: ovs_cmdl_run_command__ (command-line.c:247)
by 0x4078BA: main (ovs-ofctl.c:179)
Uninitialised value was created by a stack allocation
at 0x409350: ofctl_del_meters (ovs-ofctl.c:4088)
Fixes: 3200ed5805 ("ovs-ofctl: Add meter support.")
Signed-off-by: Flavio Fernandes <flavio@flaviof.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When setting the meter rate to 4.3+Gbps, there is an overflow, the
meters don't work as expected.
$ ovs-ofctl -O OpenFlow13 add-meter br-int "meter=1 kbps stats bands=type=drop rate=4294968"
It was overflow when we set the rate to 4294968, because "burst_size" in
the ofputil_meter_band is uint32_t type. This patch remove the "up"
in the dp_meter_band struction, and introduce "rate", "burst_size" and
"bucket" (uint64_t) to userspace datapath's meter band. This patch don't
change the public API and structure.
Signed-off-by: Tonghao Zhang <xiangxia.m.yue@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Python IDL notification mechanism was sending a notification
for each processed update in a transaction as it was processed.
This causes issues with multi-row changes that contain references
to each other.
For example, if a Logical_Router_Port is created along with a
Gateway_Chassis, and the LRP.gateway_chassis set to that GC, then
when the notify() passes the CREATE event for the LRP, the GC will
not yet have been processed, so __getattr__ when _uuid_to_row fails
to find the GC, will return the default value for LRP.gateway_chassis
which is [].
This patch has the process_update methods return the notifications
that would be produced when a row changes, so they can be queued
and sent after all rows have been processed.
Fixes: d7d417fcddf9 ("Allow subclasses of Idl to define a notification hook")
Signed-off-by: Terry Wilson <twilson@redhat.com>
Acked-by: Brian Haley <haleyb.dev@gmail.com>
Acked-by: Dumitru Ceara <dceara@redhat.com>
Tested-by: Flavio Fernandes <flavio@flaviof.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If election times out for a server in 'candidate' role it sets
'candidate_retrying' flag that notifies that storage is disconnected
and client should re-connect. However, cluster/status command
reports 'Status: cluster member' and that is misleading.
Reporting "disconnected from the cluster (election timeout)" instead.
Reported-by: Carlos Goncalves <cgoncalves@redhat.com>
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1929690
Fixes: 1b1d2e6daa56 ("ovsdb: Introduce experimental support for clustered databases.")
Acked-by: Han Zhou <hzhou@ovn.org>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's not enough to just have heartbeats.
RAFT heartbeats are unidirectional, i.e. leader sends them to followers
but not the other way around. Missing heartbeats provokes followers to
start election, but if leader will not receive any replies it will not
do anything while there is a quorum, i.e. there are enough other
servers to make decisions.
This leads to situation that while TCP connection is established,
leader will continue to blindly send messages to it. In our case this
leads to growing send backlog. Connection will be terminated
eventually due to excessive send backlog, but this this might take a
lot of time and wasted process memory. At the same time 'candidate'
will continue to send vote requests to the dead connection on its
side.
To fix that we need to reintroduce inactivity probes that will drop
connection if there was no incoming traffic for a long time and remote
server doesn't reply to the "echo" request. Probe interval might be
chosen based on an election timeout to avoid issues described in commit
db5a066c17bd.
Reported-by: Carlos Goncalves <cgoncalves@redhat.com>
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1929690
Fixes: db5a066c17bd ("raft: Disable RAFT jsonrpc inactivity probe.")
Acked-by: Han Zhou <hzhou@ovn.org>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ovs-vswitchd could crash under these circumstances:
1. When one bridge is being destroyed, ofproto_destroy() is called and
connmgr pointer of its ofproto struct is nullified. This ofproto struct is
deallocated through 'ovsrcu_postpone(ofproto_destroy_defer__, p);'.
2. Before RCU enters quiesce state to actually free this ofproto struct,
revalidator thread calls udpif_revalidator(), which could handle
a learn flow and calls ofproto_flow_mod_learn(), it later calls
ofmonitor_report() and ofproto struct's connmgr pointer is accessed.
The crash stack trace is shown below:
0 ofmonitor_report (mgr=0x0, rule=0x7f..30, event=NXFME_ADDED,
reason=OFPRR_IDLE_TIMEOUT, abbrev_ofconn=0x0, abbrev_xid=0, old_actions=0x0)
at ofproto/connmgr.c:2160
1 add_flow_finish (ofproto=0x55..b0, ofm=<optimized out>, req=0x0)
at ofproto/ofproto.c:5221
2 modify_flows_finish (req=0x0, ofm=0x7f..f0, ofproto=0x55..b0)
at ofproto/ofproto.c:5823
3 ofproto_flow_mod_finish (ofproto=0x55..b0, ofm=0x7f..f0, req=0x0)
at ofproto/ofproto.c:8088
4 ofproto_flow_mod_learn_finish (ofm=0x7f..f0, orig_ofproto=0x0)
at ofproto/ofproto.c:5439
5 ofproto_flow_mod_learn (ofm=0x7f..f0, keep_ref=true, below_limitp=0x0)
at ofproto/ofproto.c:5499
6 xlate_push_stats_entry (entry=0x7f..48, stats=0x7f..10, offloaded=false)
at ofproto/ofproto-dpif-xlate-cache.c:127
7 xlate_push_stats (xcache=<optimized out>, stats=0x7f..10, offloaded=false)
at ofproto/ofproto-dpif-xlate-cache.c:181
8 revalidate_ukey (udpif=0x55..40, ukey=0x7f..60, stats=0x7f..18,
odp_actions=0x7f..50, reval_seq=5655486242,
recircs=0x7f..40, offloaded=false)
at ofproto/ofproto-dpif-upcall.c:2294
9 revalidate at ofproto/ofproto-dpif-upcall.c:2683
10 udpif_revalidator at ofproto/ofproto-dpif-upcall.c:936
11 ovsthread_wrapper at lib/ovs-thread.c:423
12 start_thread () from /usr/lib64/libpthread.so.0
13 clone () from /usr/lib64/libc.so.6
At the time of crash, the involved ofproto was already deallocated:
(gdb) print *ofproto
$1 = ..., name = 0x55d907602820 "nsx-managed", ..., ports = {...,
one = 0x0, mask = 63, n = 0}, ..., connmgr = 0x0, ...
This patch fixes it.
VMware-BZ: #2700626
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Acked-by: William Tu < u9012063@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When you try to specify `SERVER` to the 'ovsdb-client needs-conversion'
command, it interprets the `SERVER` parameter as the path to the schema
and returns an error.
This PR fixes it.
Fixes: 1b1d2e6daa56 ("ovsdb: Introduce experimental support for clustered databases.")
Submitted-at: https://github.com/openvswitch/ovs/pull/347
Signed-off-by: Alexey Roytman <roytman@il.ibm.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modify ci linux build script to use the latest DPDK stable release.
Modify Documentation to use the latest DPDK stable release
18.11.11. Update NEWS file to reflect the latest DPDK stable
release.
Note: 18.11.11 is the final support release for the 18.11 series,
no further support releases for 18.11 series are expected.
So, both OvS 2.11 and 2.12 are updated to use 18.11.11.
Signed-off-by: Hariprasad Govindharajan <hariprasad.govindharajan@intel.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While decoding RAW_ENCAP action, decode_ed_prop() might re-allocate
ofpbuf if there is no enough space left. However, function
'decode_NXAST_RAW_ENCAP' continues to use old pointer to 'encap'
structure leading to write-after-free and incorrect decoding.
==3549105==ERROR: AddressSanitizer: heap-use-after-free on address
0x60600000011a at pc 0x0000005f6cc6 bp 0x7ffc3a2d4410 sp 0x7ffc3a2d4408
WRITE of size 2 at 0x60600000011a thread T0
#0 0x5f6cc5 in decode_NXAST_RAW_ENCAP lib/ofp-actions.c:4461:20
#1 0x5f0551 in ofpact_decode ./lib/ofp-actions.inc2:4777:16
#2 0x5ed17c in ofpacts_decode lib/ofp-actions.c:7752:21
#3 0x5eba9a in ofpacts_pull_openflow_actions__ lib/ofp-actions.c:7791:13
#4 0x5eb9fc in ofpacts_pull_openflow_actions lib/ofp-actions.c:7835:12
#5 0x64bb8b in ofputil_decode_packet_out lib/ofp-packet.c:1113:17
#6 0x65b6f4 in ofp_print_packet_out lib/ofp-print.c:148:13
#7 0x659e3f in ofp_to_string__ lib/ofp-print.c:1029:16
#8 0x659b24 in ofp_to_string lib/ofp-print.c:1244:21
#9 0x65a28c in ofp_print lib/ofp-print.c:1288:28
#10 0x540d11 in ofctl_ofp_parse utilities/ovs-ofctl.c:2814:9
#11 0x564228 in ovs_cmdl_run_command__ lib/command-line.c:247:17
#12 0x56408a in ovs_cmdl_run_command lib/command-line.c:278:5
#13 0x5391ae in main utilities/ovs-ofctl.c:179:9
#14 0x7f6911ce9081 in __libc_start_main (/lib64/libc.so.6+0x27081)
#15 0x461fed in _start (utilities/ovs-ofctl+0x461fed)
Fix that by getting a new pointer before using.
Credit to OSS-Fuzz.
Fuzzer regression test will fail only with AddressSanitizer enabled.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
Fixes: f839892a206a ("OF support and translation of generic encap and decap")
Acked-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
| |
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
| |
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
| |
FreeBSD 12.1 reached EOL and our builds are failing on Cirrus CI.
Updating to 12.2 - current production release.
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although not required, padding can be optionally added until
the packet length is MTU bytes. A packet with extra padding
currently fails sanity checks.
Vulnerability: CVE-2020-35498
Fixes: fa8d9001a624 ("miniflow_extract: Properly handle small IP packets.")
Reported-by: Joakim Hindersson <joakim.hindersson@elastx.se>
Acked-by: Ilya Maximets <i.maximets@ovn.org>
Signed-off-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
| |
Some manpages are generated from rST, but these are not included
in 'dist-docs' make target.
Fixes: fd0837a76f4c ("doc: Convert ovs-vlan-test to rST")
Acked-by: Ben Pfaff <blp@ovn.org>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
Fix the reported back value of the bos mask used by the revalidator
threads.
Fixes: 34b1695506f8 ("lib/tc: add single mpls match offload support")
Reported-by: Marcelo Leitner <mleitner@redhat.com>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
| |
Fixes: 73eb682edb67 ("python: Fix xmlrpclib imports.")
Signed-off-by: Thomas Neuman <thomas.neuman@nutanix.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some repositories that are enabled in GHA are not stable and lead
to 'apt update' failures:
E: The repository
'https://apt.postgresql.org/pub/repos/apt bionic-pgdg Release'
no longer has a Release file.
This causes the job failure.
In most cases we don't really need any packages from these failed
repositories, so we could try to continue the job.
Previously this kind of failures happened on older branches with
ubuntu 16.04 base image, so we have this workaround already there.
Now it started to fail on bionic images, so fixing there too.
Fixes: 02f76fb42ae9 ("github: Fix Ubuntu package installation.")
Acked-by: Aaron Conole <aconole@redhat.com>
Acked-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
| |
'ovs-monitor-ipsec' does not support 'ip6gre' tunnels.
Fixes: 22c5eafb6efa ("ipsec: reintroduce IPsec support for tunneling")
Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
|
|
|
|
|
|
|
| |
ICMP conntrack state should be ICMPS_REPLY after seeing both
side of ICMP traffic.
Signed-off-by: William Tu <u9012063@gmail.com>
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
|