* 3.19-rc4: BUG: unable to handle kernel paging request at ffff880055f15000 ovs_packet_cmd_execute+0x1f/0x229
@ 2015-01-14 12:14 Sander Eikelenboom
2015-01-14 13:00 ` Thomas Graf
0 siblings, 1 reply; 9+ messages in thread
From: Sander Eikelenboom @ 2015-01-14 12:14 UTC (permalink / raw)
To: Pravin B Shelar; +Cc: David S. Miller, netdev, linux-kernel
Hi,
I was testing 3.19-rc4 with openvswitch and encountered the splat below.
#addr2line -e /boot/vmlinux-3.19.0-rc4-creanuc-20150114-doflr-apicpatchv3-apicrevert+ ffffffff818a1690
/mnt/kernelbuild/linux-tip/net/openvswitch/datapath.c:527
--
Sander
[ 463.033308] BUG: unable to handle kernel paging request at ffff880055f15000
[ 463.072154] IP: [<ffffffff818a1690>] ovs_packet_cmd_execute+0x1f/0x229
[ 463.106202] PGD 1e10067 PUD 2097067 PMD 5ff54067 PTE 0
[ 463.126940] Oops: 0000 [#1] SMP
[ 463.147505] Modules linked in:
[ 463.166938] CPU: 2 PID: 3049 Comm: ovs-vswitchd Not tainted 3.19.0-rc4-creanuc-20150114-doflr-apicpatchv3-apicrevert+ #1
[ 463.187507] Hardware name: /D53427RKE, BIOS RKPPT10H.86A.0017.2013.0425.1251 04/25/2013
[ 463.208553] task: ffff880058d30000 ti: ffff880055c38000 task.ti: ffff880055c38000
[ 463.229734] RIP: e030:[<ffffffff818a1690>] [<ffffffff818a1690>] ovs_packet_cmd_execute+0x1f/0x229
[ 463.251082] RSP: e02b:ffff880055c3ba48 EFLAGS: 00010296
[ 463.271786] RAX: ffff88004fe38818 RBX: ffffffff81ed4cc0 RCX: 0000000000000000
[ 463.293072] RDX: ffff880055c3bb00 RSI: ffff880055c3bad0 RDI: ffff8800559dc700
[ 463.314521] RBP: ffff8800559dc700 R08: ffffffff81b08d00 R09: 000000007ffff000
[ 463.336189] R10: ffff88004fe38814 R11: ffffffff81ed4cc0 R12: ffff880055f14fc0
[ 463.356906] R13: ffff88004fe38800 R14: ffff880055f14fc0 R15: ffffffff81b08c60
[ 463.377482] FS: 00007f196321c700(0000) GS:ffff88005f700000(0000) knlGS:ffff88005f680000
[ 463.398646] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 463.419995] CR2: ffff880055f15000 CR3: 000000005622e000 CR4: 0000000000042660
[ 463.441577] Stack:
[ 463.462975] 000000000000000c ffff88004fe38814 0000000000000005 ffffffff8130b116
[ 463.485114] ffffffff81ed4cc0 ffffffff81ed4cc0 ffff8800559dc700 ffff880055f14fc0
[ 463.507367] ffff88004fe38800 0000000000000008 ffffffff81b08c60 ffffffff81794364
[ 463.530186] Call Trace:
[ 463.552330] [<ffffffff8130b116>] ? nla_parse+0x57/0xe7
[ 463.574869] [<ffffffff81794364>] ? genl_family_rcv_msg+0x243/0x2a9
[ 463.597276] [<ffffffff818ad9a2>] ? __slab_alloc.constprop.63+0x2bb/0x2e5
[ 463.619394] [<ffffffff81794402>] ? genl_rcv_msg+0x38/0x5b
[ 463.641361] [<ffffffff817911a6>] ? __netlink_lookup+0x3a/0x40
[ 463.663192] [<ffffffff817943ca>] ? genl_family_rcv_msg+0x2a9/0x2a9
[ 463.685141] [<ffffffff81793686>] ? netlink_rcv_skb+0x36/0x7c
[ 463.706874] [<ffffffff81793987>] ? genl_rcv+0x1f/0x2c
[ 463.729152] [<ffffffff817930ea>] ? netlink_unicast+0x100/0x19c
[ 463.751315] [<ffffffff8179350d>] ? netlink_sendmsg+0x311/0x36b
[ 463.772483] [<ffffffff8173d574>] ? do_sock_sendmsg+0x62/0x7b
[ 463.793309] [<ffffffff8173e6ce>] ? copy_msghdr_from_user+0x158/0x17c
[ 463.814032] [<ffffffff8173e94c>] ? ___sys_sendmsg+0x11f/0x197
[ 463.834595] [<ffffffff8173ddfd>] ? sock_poll+0xf2/0xfd
[ 463.854970] [<ffffffff81136d27>] ? ep_send_events_proc+0x91/0x153
[ 463.875603] [<ffffffff81136c96>] ? ep_read_events_proc+0x92/0x92
[ 463.896168] [<ffffffff818b6929>] ? _raw_spin_unlock_irqrestore+0x42/0x5b
[ 463.917050] [<ffffffff8113759c>] ? ep_scan_ready_list.isra.14+0x163/0x182
[ 463.938458] [<ffffffff81137820>] ? ep_poll+0x250/0x2c4
[ 463.958214] [<ffffffff8173f410>] ? __sys_sendmsg+0x3b/0x5d
[ 463.977581] [<ffffffff818b6da9>] ? system_call_fastpath+0x12/0x17
[ 463.996860] Code: ff 89 d8 5b 5d 41 5c 41 5d 41 5e c3 41 57 41 56 41 55 41 54 55 53 48 83 ec 28 48 8b 46 18 4c 8b 76 20 48 89 44 24 08 49 8b 46 08 <49> 8b 6e 40 48 85 c0 0f 84 e0 01 00 00 49 83 7e 10 00 0f 84 d5
[ 464.037236] RIP [<ffffffff818a1690>] ovs_packet_cmd_execute+0x1f/0x229
[ 464.056926] RSP <ffff880055c3ba48>
[ 464.076182] CR2: ffff880055f15000
[ 464.095097] ---[ end trace 8bcb28ced5309e55 ]---
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: 3.19-rc4: BUG: unable to handle kernel paging request at ffff880055f15000 ovs_packet_cmd_execute+0x1f/0x229
2015-01-14 12:14 3.19-rc4: BUG: unable to handle kernel paging request at ffff880055f15000 ovs_packet_cmd_execute+0x1f/0x229 Sander Eikelenboom
@ 2015-01-14 13:00 ` Thomas Graf
2015-01-14 13:03 ` Florian Westphal
2015-01-14 13:05 ` 3.19-rc4: BUG: unable to handle kernel paging request at ffff880055f15000 ovs_packet_cmd_execute+0x1f/0x229 Sander Eikelenboom
0 siblings, 2 replies; 9+ messages in thread
From: Thomas Graf @ 2015-01-14 13:00 UTC (permalink / raw)
To: Sander Eikelenboom; +Cc: Pravin B Shelar, David S. Miller, netdev, dev
Copying ovs-dev mailing list and thus qutoing full message.
On 01/14/15 at 01:14pm, Sander Eikelenboom wrote:
> Hi,
>
> I was testing 3.19-rc4 with openvswitch and encountered the splat below.
What version of OVS are you using? Did this work properly with rc3 or
an older kernel?
> #addr2line -e /boot/vmlinux-3.19.0-rc4-creanuc-20150114-doflr-apicpatchv3-apicrevert+ ffffffff818a1690
> /mnt/kernelbuild/linux-tip/net/openvswitch/datapath.c:527
> --
> Sander
>
> [ 463.033308] BUG: unable to handle kernel paging request at ffff880055f15000
> [ 463.072154] IP: [<ffffffff818a1690>] ovs_packet_cmd_execute+0x1f/0x229
> [ 463.106202] PGD 1e10067 PUD 2097067 PMD 5ff54067 PTE 0
> [ 463.126940] Oops: 0000 [#1] SMP
> [ 463.147505] Modules linked in:
> [ 463.166938] CPU: 2 PID: 3049 Comm: ovs-vswitchd Not tainted 3.19.0-rc4-creanuc-20150114-doflr-apicpatchv3-apicrevert+ #1
> [ 463.187507] Hardware name: /D53427RKE, BIOS RKPPT10H.86A.0017.2013.0425.1251 04/25/2013
> [ 463.208553] task: ffff880058d30000 ti: ffff880055c38000 task.ti: ffff880055c38000
> [ 463.229734] RIP: e030:[<ffffffff818a1690>] [<ffffffff818a1690>] ovs_packet_cmd_execute+0x1f/0x229
> [ 463.251082] RSP: e02b:ffff880055c3ba48 EFLAGS: 00010296
> [ 463.271786] RAX: ffff88004fe38818 RBX: ffffffff81ed4cc0 RCX: 0000000000000000
> [ 463.293072] RDX: ffff880055c3bb00 RSI: ffff880055c3bad0 RDI: ffff8800559dc700
> [ 463.314521] RBP: ffff8800559dc700 R08: ffffffff81b08d00 R09: 000000007ffff000
> [ 463.336189] R10: ffff88004fe38814 R11: ffffffff81ed4cc0 R12: ffff880055f14fc0
> [ 463.356906] R13: ffff88004fe38800 R14: ffff880055f14fc0 R15: ffffffff81b08c60
> [ 463.377482] FS: 00007f196321c700(0000) GS:ffff88005f700000(0000) knlGS:ffff88005f680000
> [ 463.398646] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 463.419995] CR2: ffff880055f15000 CR3: 000000005622e000 CR4: 0000000000042660
> [ 463.441577] Stack:
> [ 463.462975] 000000000000000c ffff88004fe38814 0000000000000005 ffffffff8130b116
> [ 463.485114] ffffffff81ed4cc0 ffffffff81ed4cc0 ffff8800559dc700 ffff880055f14fc0
> [ 463.507367] ffff88004fe38800 0000000000000008 ffffffff81b08c60 ffffffff81794364
> [ 463.530186] Call Trace:
> [ 463.552330] [<ffffffff8130b116>] ? nla_parse+0x57/0xe7
> [ 463.574869] [<ffffffff81794364>] ? genl_family_rcv_msg+0x243/0x2a9
> [ 463.597276] [<ffffffff818ad9a2>] ? __slab_alloc.constprop.63+0x2bb/0x2e5
> [ 463.619394] [<ffffffff81794402>] ? genl_rcv_msg+0x38/0x5b
> [ 463.641361] [<ffffffff817911a6>] ? __netlink_lookup+0x3a/0x40
> [ 463.663192] [<ffffffff817943ca>] ? genl_family_rcv_msg+0x2a9/0x2a9
> [ 463.685141] [<ffffffff81793686>] ? netlink_rcv_skb+0x36/0x7c
> [ 463.706874] [<ffffffff81793987>] ? genl_rcv+0x1f/0x2c
> [ 463.729152] [<ffffffff817930ea>] ? netlink_unicast+0x100/0x19c
> [ 463.751315] [<ffffffff8179350d>] ? netlink_sendmsg+0x311/0x36b
> [ 463.772483] [<ffffffff8173d574>] ? do_sock_sendmsg+0x62/0x7b
> [ 463.793309] [<ffffffff8173e6ce>] ? copy_msghdr_from_user+0x158/0x17c
> [ 463.814032] [<ffffffff8173e94c>] ? ___sys_sendmsg+0x11f/0x197
> [ 463.834595] [<ffffffff8173ddfd>] ? sock_poll+0xf2/0xfd
> [ 463.854970] [<ffffffff81136d27>] ? ep_send_events_proc+0x91/0x153
> [ 463.875603] [<ffffffff81136c96>] ? ep_read_events_proc+0x92/0x92
> [ 463.896168] [<ffffffff818b6929>] ? _raw_spin_unlock_irqrestore+0x42/0x5b
> [ 463.917050] [<ffffffff8113759c>] ? ep_scan_ready_list.isra.14+0x163/0x182
> [ 463.938458] [<ffffffff81137820>] ? ep_poll+0x250/0x2c4
> [ 463.958214] [<ffffffff8173f410>] ? __sys_sendmsg+0x3b/0x5d
> [ 463.977581] [<ffffffff818b6da9>] ? system_call_fastpath+0x12/0x17
> [ 463.996860] Code: ff 89 d8 5b 5d 41 5c 41 5d 41 5e c3 41 57 41 56 41 55 41 54 55 53 48 83 ec 28 48 8b 46 18 4c 8b 76 20 48 89 44 24 08 49 8b 46 08 <49> 8b 6e 40 48 85 c0 0f 84 e0 01 00 00 49 83 7e 10 00 0f 84 d5
> [ 464.037236] RIP [<ffffffff818a1690>] ovs_packet_cmd_execute+0x1f/0x229
> [ 464.056926] RSP <ffff880055c3ba48>
> [ 464.076182] CR2: ffff880055f15000
> [ 464.095097] ---[ end trace 8bcb28ced5309e55 ]---
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: 3.19-rc4: BUG: unable to handle kernel paging request at ffff880055f15000 ovs_packet_cmd_execute+0x1f/0x229
2015-01-14 13:00 ` Thomas Graf
@ 2015-01-14 13:03 ` Florian Westphal
2015-01-14 13:13 ` Thomas Graf
2015-01-14 13:56 ` [PATCH net] openvswitch: packet messages need their own probe attribtue Thomas Graf
2015-01-14 13:05 ` 3.19-rc4: BUG: unable to handle kernel paging request at ffff880055f15000 ovs_packet_cmd_execute+0x1f/0x229 Sander Eikelenboom
1 sibling, 2 replies; 9+ messages in thread
From: Florian Westphal @ 2015-01-14 13:03 UTC (permalink / raw)
To: Thomas Graf
Cc: Sander Eikelenboom, Pravin B Shelar, David S. Miller, netdev, dev
Thomas Graf <tgraf@suug.ch> wrote:
> Copying ovs-dev mailing list and thus qutoing full message.
>
> On 01/14/15 at 01:14pm, Sander Eikelenboom wrote:
> > Hi,
> >
> > I was testing 3.19-rc4 with openvswitch and encountered the splat below.
>
> What version of OVS are you using? Did this work properly with rc3 or
> an older kernel?
seems like it was introduced via 05da5898a96c
(openvswitch: Add support for OVS_FLOW_ATTR_PROBE).
It adds test for OVS_FLOW_ATTR_PROBE to ovs_packet_cmd_execute() but
this function seems to only expect OVS_PACKET_ATTR_* (so we get
out-of-bounds access)?
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: 3.19-rc4: BUG: unable to handle kernel paging request at ffff880055f15000 ovs_packet_cmd_execute+0x1f/0x229
2015-01-14 13:00 ` Thomas Graf
2015-01-14 13:03 ` Florian Westphal
@ 2015-01-14 13:05 ` Sander Eikelenboom
1 sibling, 0 replies; 9+ messages in thread
From: Sander Eikelenboom @ 2015-01-14 13:05 UTC (permalink / raw)
To: Thomas Graf; +Cc: Pravin B Shelar, David S. Miller, netdev, dev
Wednesday, January 14, 2015, 2:00:05 PM, you wrote:
> Copying ovs-dev mailing list and thus qutoing full message.
> On 01/14/15 at 01:14pm, Sander Eikelenboom wrote:
>> Hi,
>>
>> I was testing 3.19-rc4 with openvswitch and encountered the splat below.
> What version of OVS are you using? Did this work properly with rc3 or
> an older kernel?
Hi Thomas,
Don't know for sure, i haven't seen it before, but on the other hand after a
reboot it is running fine now for some time.
So it seems it's not reliably reproducible :(.
OVS version is current Debian wheezy:
ii openvswitch-common 1.4.2+git20120612-9.1~deb7u1 amd64 Open vSwitch common components
ii openvswitch-controller 1.4.2+git20120612-9.1~deb7u1 amd64 Open vSwitch controller implementation
ii openvswitch-pki 1.4.2+git20120612-9.1~deb7u1 all Open vSwitch public key infrastructure dependency package
ii openvswitch-switch 1.4.2+git20120612-9.1~deb7u1 amd64 Open vSwitch switch implementations
--
Sander
>> #addr2line -e /boot/vmlinux-3.19.0-rc4-creanuc-20150114-doflr-apicpatchv3-apicrevert+ ffffffff818a1690
>> /mnt/kernelbuild/linux-tip/net/openvswitch/datapath.c:527
>> --
>> Sander
>>
>> [ 463.033308] BUG: unable to handle kernel paging request at ffff880055f15000
>> [ 463.072154] IP: [<ffffffff818a1690>] ovs_packet_cmd_execute+0x1f/0x229
>> [ 463.106202] PGD 1e10067 PUD 2097067 PMD 5ff54067 PTE 0
>> [ 463.126940] Oops: 0000 [#1] SMP
>> [ 463.147505] Modules linked in:
>> [ 463.166938] CPU: 2 PID: 3049 Comm: ovs-vswitchd Not tainted 3.19.0-rc4-creanuc-20150114-doflr-apicpatchv3-apicrevert+ #1
>> [ 463.187507] Hardware name: /D53427RKE, BIOS RKPPT10H.86A.0017.2013.0425.1251 04/25/2013
>> [ 463.208553] task: ffff880058d30000 ti: ffff880055c38000 task.ti: ffff880055c38000
>> [ 463.229734] RIP: e030:[<ffffffff818a1690>] [<ffffffff818a1690>] ovs_packet_cmd_execute+0x1f/0x229
>> [ 463.251082] RSP: e02b:ffff880055c3ba48 EFLAGS: 00010296
>> [ 463.271786] RAX: ffff88004fe38818 RBX: ffffffff81ed4cc0 RCX: 0000000000000000
>> [ 463.293072] RDX: ffff880055c3bb00 RSI: ffff880055c3bad0 RDI: ffff8800559dc700
>> [ 463.314521] RBP: ffff8800559dc700 R08: ffffffff81b08d00 R09: 000000007ffff000
>> [ 463.336189] R10: ffff88004fe38814 R11: ffffffff81ed4cc0 R12: ffff880055f14fc0
>> [ 463.356906] R13: ffff88004fe38800 R14: ffff880055f14fc0 R15: ffffffff81b08c60
>> [ 463.377482] FS: 00007f196321c700(0000) GS:ffff88005f700000(0000) knlGS:ffff88005f680000
>> [ 463.398646] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [ 463.419995] CR2: ffff880055f15000 CR3: 000000005622e000 CR4: 0000000000042660
>> [ 463.441577] Stack:
>> [ 463.462975] 000000000000000c ffff88004fe38814 0000000000000005 ffffffff8130b116
>> [ 463.485114] ffffffff81ed4cc0 ffffffff81ed4cc0 ffff8800559dc700 ffff880055f14fc0
>> [ 463.507367] ffff88004fe38800 0000000000000008 ffffffff81b08c60 ffffffff81794364
>> [ 463.530186] Call Trace:
>> [ 463.552330] [<ffffffff8130b116>] ? nla_parse+0x57/0xe7
>> [ 463.574869] [<ffffffff81794364>] ? genl_family_rcv_msg+0x243/0x2a9
>> [ 463.597276] [<ffffffff818ad9a2>] ? __slab_alloc.constprop.63+0x2bb/0x2e5
>> [ 463.619394] [<ffffffff81794402>] ? genl_rcv_msg+0x38/0x5b
>> [ 463.641361] [<ffffffff817911a6>] ? __netlink_lookup+0x3a/0x40
>> [ 463.663192] [<ffffffff817943ca>] ? genl_family_rcv_msg+0x2a9/0x2a9
>> [ 463.685141] [<ffffffff81793686>] ? netlink_rcv_skb+0x36/0x7c
>> [ 463.706874] [<ffffffff81793987>] ? genl_rcv+0x1f/0x2c
>> [ 463.729152] [<ffffffff817930ea>] ? netlink_unicast+0x100/0x19c
>> [ 463.751315] [<ffffffff8179350d>] ? netlink_sendmsg+0x311/0x36b
>> [ 463.772483] [<ffffffff8173d574>] ? do_sock_sendmsg+0x62/0x7b
>> [ 463.793309] [<ffffffff8173e6ce>] ? copy_msghdr_from_user+0x158/0x17c
>> [ 463.814032] [<ffffffff8173e94c>] ? ___sys_sendmsg+0x11f/0x197
>> [ 463.834595] [<ffffffff8173ddfd>] ? sock_poll+0xf2/0xfd
>> [ 463.854970] [<ffffffff81136d27>] ? ep_send_events_proc+0x91/0x153
>> [ 463.875603] [<ffffffff81136c96>] ? ep_read_events_proc+0x92/0x92
>> [ 463.896168] [<ffffffff818b6929>] ? _raw_spin_unlock_irqrestore+0x42/0x5b
>> [ 463.917050] [<ffffffff8113759c>] ? ep_scan_ready_list.isra.14+0x163/0x182
>> [ 463.938458] [<ffffffff81137820>] ? ep_poll+0x250/0x2c4
>> [ 463.958214] [<ffffffff8173f410>] ? __sys_sendmsg+0x3b/0x5d
>> [ 463.977581] [<ffffffff818b6da9>] ? system_call_fastpath+0x12/0x17
>> [ 463.996860] Code: ff 89 d8 5b 5d 41 5c 41 5d 41 5e c3 41 57 41 56 41 55 41 54 55 53 48 83 ec 28 48 8b 46 18 4c 8b 76 20 48 89 44 24 08 49 8b 46 08 <49> 8b 6e 40 48 85 c0 0f 84 e0 01 00 00 49 83 7e 10 00 0f 84 d5
>> [ 464.037236] RIP [<ffffffff818a1690>] ovs_packet_cmd_execute+0x1f/0x229
>> [ 464.056926] RSP <ffff880055c3ba48>
>> [ 464.076182] CR2: ffff880055f15000
>> [ 464.095097] ---[ end trace 8bcb28ced5309e55 ]---
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: 3.19-rc4: BUG: unable to handle kernel paging request at ffff880055f15000 ovs_packet_cmd_execute+0x1f/0x229
2015-01-14 13:03 ` Florian Westphal
@ 2015-01-14 13:13 ` Thomas Graf
2015-01-14 13:56 ` [PATCH net] openvswitch: packet messages need their own probe attribtue Thomas Graf
1 sibling, 0 replies; 9+ messages in thread
From: Thomas Graf @ 2015-01-14 13:13 UTC (permalink / raw)
To: Florian Westphal
Cc: Sander Eikelenboom, Pravin B Shelar, David S. Miller, netdev, dev
On 01/14/15 at 02:03pm, Florian Westphal wrote:
> Thomas Graf <tgraf@suug.ch> wrote:
> > Copying ovs-dev mailing list and thus qutoing full message.
> >
> > On 01/14/15 at 01:14pm, Sander Eikelenboom wrote:
> > > Hi,
> > >
> > > I was testing 3.19-rc4 with openvswitch and encountered the splat below.
> >
> > What version of OVS are you using? Did this work properly with rc3 or
> > an older kernel?
>
> seems like it was introduced via 05da5898a96c
> (openvswitch: Add support for OVS_FLOW_ATTR_PROBE).
>
> It adds test for OVS_FLOW_ATTR_PROBE to ovs_packet_cmd_execute() but
> this function seems to only expect OVS_PACKET_ATTR_* (so we get
> out-of-bounds access)?
Absolutely, just came to the same conclusion independently. I'll send
a fix.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH net] openvswitch: packet messages need their own probe attribtue
2015-01-14 13:03 ` Florian Westphal
2015-01-14 13:13 ` Thomas Graf
@ 2015-01-14 13:56 ` Thomas Graf
2015-01-14 20:40 ` Jesse Gross
` (2 more replies)
1 sibling, 3 replies; 9+ messages in thread
From: Thomas Graf @ 2015-01-14 13:56 UTC (permalink / raw)
To: Florian Westphal, davem, Sander Eikelenboom
Cc: Pravin B Shelar, netdev, dev, jrajahalme
User space is currently sending a OVS_FLOW_ATTR_PROBE for both flow
and packet messages. This leads to an out-of-bounds access in
ovs_packet_cmd_execute() because OVS_FLOW_ATTR_PROBE >
OVS_PACKET_ATTR_MAX.
Introduce a new OVS_PACKET_ATTR_PROBE with the same numeric value
as OVS_FLOW_ATTR_PROBE to grow the range of accepted packet attributes
while maintaining to be binary compatible with existing OVS binaries.
Fixes: 05da589 ("openvswitch: Add support for OVS_FLOW_ATTR_PROBE.")
Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
Tracked-down-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
---
include/uapi/linux/openvswitch.h | 4 ++++
net/openvswitch/datapath.c | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h
index 3a6dcaa..f714e86 100644
--- a/include/uapi/linux/openvswitch.h
+++ b/include/uapi/linux/openvswitch.h
@@ -174,6 +174,10 @@ enum ovs_packet_attr {
OVS_PACKET_ATTR_USERDATA, /* OVS_ACTION_ATTR_USERSPACE arg. */
OVS_PACKET_ATTR_EGRESS_TUN_KEY, /* Nested OVS_TUNNEL_KEY_ATTR_*
attributes. */
+ OVS_PACKET_ATTR_UNUSED1,
+ OVS_PACKET_ATTR_UNUSED2,
+ OVS_PACKET_ATTR_PROBE, /* Packet operation is a feature probe,
+ error logging should be suppressed. */
__OVS_PACKET_ATTR_MAX
};
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index 4e9a5f0..b07349e 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -524,7 +524,7 @@ static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
struct vport *input_vport;
int len;
int err;
- bool log = !a[OVS_FLOW_ATTR_PROBE];
+ bool log = !a[OVS_PACKET_ATTR_PROBE];
err = -EINVAL;
if (!a[OVS_PACKET_ATTR_PACKET] || !a[OVS_PACKET_ATTR_KEY] ||
@@ -610,6 +610,7 @@ static const struct nla_policy packet_policy[OVS_PACKET_ATTR_MAX + 1] = {
[OVS_PACKET_ATTR_PACKET] = { .len = ETH_HLEN },
[OVS_PACKET_ATTR_KEY] = { .type = NLA_NESTED },
[OVS_PACKET_ATTR_ACTIONS] = { .type = NLA_NESTED },
+ [OVS_PACKET_ATTR_PROBE] = { .type = NLA_FLAG },
};
static const struct genl_ops dp_packet_genl_ops[] = {
--
1.9.3
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH net] openvswitch: packet messages need their own probe attribtue
2015-01-14 13:56 ` [PATCH net] openvswitch: packet messages need their own probe attribtue Thomas Graf
@ 2015-01-14 20:40 ` Jesse Gross
2015-01-14 21:22 ` Pravin Shelar
[not found] ` <20150114135619.GC564-FZi0V3Vbi30CUdFEqe4BF2D2FQJk+8+b@public.gmane.org>
2 siblings, 0 replies; 9+ messages in thread
From: Jesse Gross @ 2015-01-14 20:40 UTC (permalink / raw)
To: Thomas Graf
Cc: Florian Westphal, David Miller, Sander Eikelenboom,
Pravin B Shelar, netdev, dev, Jarno Rajahalme
On Wed, Jan 14, 2015 at 5:56 AM, Thomas Graf <tgraf@suug.ch> wrote:
> User space is currently sending a OVS_FLOW_ATTR_PROBE for both flow
> and packet messages. This leads to an out-of-bounds access in
> ovs_packet_cmd_execute() because OVS_FLOW_ATTR_PROBE >
> OVS_PACKET_ATTR_MAX.
>
> Introduce a new OVS_PACKET_ATTR_PROBE with the same numeric value
> as OVS_FLOW_ATTR_PROBE to grow the range of accepted packet attributes
> while maintaining to be binary compatible with existing OVS binaries.
>
> Fixes: 05da589 ("openvswitch: Add support for OVS_FLOW_ATTR_PROBE.")
> Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
> Tracked-down-by: Florian Westphal <fw@strlen.de>
> Signed-off-by: Thomas Graf <tgraf@suug.ch>
This is kind of a nasty bug, thanks for fixing it.
Reviewed-by: Jesse Gross <jesse@nicira.com>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net] openvswitch: packet messages need their own probe attribtue
2015-01-14 13:56 ` [PATCH net] openvswitch: packet messages need their own probe attribtue Thomas Graf
2015-01-14 20:40 ` Jesse Gross
@ 2015-01-14 21:22 ` Pravin Shelar
[not found] ` <20150114135619.GC564-FZi0V3Vbi30CUdFEqe4BF2D2FQJk+8+b@public.gmane.org>
2 siblings, 0 replies; 9+ messages in thread
From: Pravin Shelar @ 2015-01-14 21:22 UTC (permalink / raw)
To: Thomas Graf
Cc: Florian Westphal, David Miller, Sander Eikelenboom, netdev, dev,
Jarno Rajahalme
On Wed, Jan 14, 2015 at 5:56 AM, Thomas Graf <tgraf@suug.ch> wrote:
> User space is currently sending a OVS_FLOW_ATTR_PROBE for both flow
> and packet messages. This leads to an out-of-bounds access in
> ovs_packet_cmd_execute() because OVS_FLOW_ATTR_PROBE >
> OVS_PACKET_ATTR_MAX.
>
> Introduce a new OVS_PACKET_ATTR_PROBE with the same numeric value
> as OVS_FLOW_ATTR_PROBE to grow the range of accepted packet attributes
> while maintaining to be binary compatible with existing OVS binaries.
>
> Fixes: 05da589 ("openvswitch: Add support for OVS_FLOW_ATTR_PROBE.")
> Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
> Tracked-down-by: Florian Westphal <fw@strlen.de>
> Signed-off-by: Thomas Graf <tgraf@suug.ch>
> ---
Looks good.
Acked-by: Pravin B Shelar <pshelar@nicira.com>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net] openvswitch: packet messages need their own probe attribtue
[not found] ` <20150114135619.GC564-FZi0V3Vbi30CUdFEqe4BF2D2FQJk+8+b@public.gmane.org>
@ 2015-01-14 21:49 ` David Miller
0 siblings, 0 replies; 9+ messages in thread
From: David Miller @ 2015-01-14 21:49 UTC (permalink / raw)
To: tgraf-G/eBtMaohhA
Cc: dev-yBygre7rU0TnMu66kgdUjQ, netdev-u79uwXL29TY76Z2rM5mHXA,
fw-HFFVJYpyMKqzQB+pC5nmwQ, linux-6SM94LqRVpn6gRhOQ7JHfg
From: Thomas Graf <tgraf@suug.ch>
Date: Wed, 14 Jan 2015 13:56:19 +0000
> User space is currently sending a OVS_FLOW_ATTR_PROBE for both flow
> and packet messages. This leads to an out-of-bounds access in
> ovs_packet_cmd_execute() because OVS_FLOW_ATTR_PROBE >
> OVS_PACKET_ATTR_MAX.
>
> Introduce a new OVS_PACKET_ATTR_PROBE with the same numeric value
> as OVS_FLOW_ATTR_PROBE to grow the range of accepted packet attributes
> while maintaining to be binary compatible with existing OVS binaries.
>
> Fixes: 05da589 ("openvswitch: Add support for OVS_FLOW_ATTR_PROBE.")
> Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
> Tracked-down-by: Florian Westphal <fw@strlen.de>
> Signed-off-by: Thomas Graf <tgraf@suug.ch>
Applied, thanks.
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2015-01-14 21:49 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-14 12:14 3.19-rc4: BUG: unable to handle kernel paging request at ffff880055f15000 ovs_packet_cmd_execute+0x1f/0x229 Sander Eikelenboom
2015-01-14 13:00 ` Thomas Graf
2015-01-14 13:03 ` Florian Westphal
2015-01-14 13:13 ` Thomas Graf
2015-01-14 13:56 ` [PATCH net] openvswitch: packet messages need their own probe attribtue Thomas Graf
2015-01-14 20:40 ` Jesse Gross
2015-01-14 21:22 ` Pravin Shelar
[not found] ` <20150114135619.GC564-FZi0V3Vbi30CUdFEqe4BF2D2FQJk+8+b@public.gmane.org>
2015-01-14 21:49 ` David Miller
2015-01-14 13:05 ` 3.19-rc4: BUG: unable to handle kernel paging request at ffff880055f15000 ovs_packet_cmd_execute+0x1f/0x229 Sander Eikelenboom
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.