| Message ID | 20240716114553.605421-1-amusil@redhat.com |
|---|---|
| State | Accepted |
| Commit | d5fef714bca433f616c128ba4c5f4e05715db5e7 |
| Delegated to: | Simon Horman |
| Headers | show |
| Series | [ovs-dev] flow: Fix unaligned access to the ND target in miniflow_extract. | expand |
| Context | Check | Description |
|---|---|---|
| ovsrobot/apply-robot | success | apply and check: success |
| ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
| ovsrobot/intel-ovs-compilation | fail | test: fail |
On Tue, Jul 16, 2024 at 01:45:53PM +0200, Ales Musil wrote: > The data in the buffer are aligned to 2 bytes, however > 'struct in6_addr' is aligned to 4 bytes. Use the 2 bytes aligned > equivalent 'union ovs_16aligned_in6_addr' instead. This was caught > by one of the OVN tests: > > lib/flow.c:1133:25: runtime error: load of misaligned address > 0x51400009cc92 for type 'const struct in6_addr *', which requires > 4 byte alignment > 0x51400009cc92: note: pointer points here > 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 > ^ > 0 0x8255b2 in miniflow_extract /workspace/ovn/ovs/lib/flow.c:1133:25 > 1 0x81d921 in flow_extract /workspace/ovn/ovs/lib/flow.c:671:5 > 2 0xa966d4 in ofp_packet_to_string /workspace/ovn/ovs/lib/ofp-print.c:82:5 > 3 0xa76de2 in ofputil_packet_in_private_format /workspace/ovn/ovs/lib/ofp-packet.c:1037:24 > 4 0xa99817 in ofp_print_packet_in /workspace/ovn/ovs/lib/ofp-print.c:132:9 > 5 0xa97f46 in ofp_to_string__ /workspace/ovn/ovs/lib/ofp-print.c > 6 0xa97f46 in ofp_to_string /workspace/ovn/ovs/lib/ofp-print.c:1264:21 > 7 0xc338f4 in do_send /workspace/ovn/ovs/lib/vconn.c:687:19 > 8 0xb7f678 in try_send /workspace/ovn/ovs/lib/rconn.c:1128:14 > 9 0xb7d725 in rconn_send__ /workspace/ovn/ovs/lib/rconn.c:760:13 > 10 0xb7d8e7 in rconn_send_with_limit /workspace/ovn/ovs/lib/rconn.c:816:17 > 11 0x6f70de in do_send_packet_ins /workspace/ovn/ovs/ofproto/connmgr.c:1697:13 > 12 0x6f691f in connmgr_send_async_msg /workspace/ovn/ovs/ofproto/connmgr.c:1682:9 > 13 0x5c2d23 in run /workspace/ovn/ovs/ofproto/ofproto-dpif.c:1877:13 > 14 0x56737f in ofproto_run /workspace/ovn/ovs/ofproto/ofproto.c:1906:13 > 15 0x50d4fc in bridge_run__ /workspace/ovn/ovs/vswitchd/bridge.c:3287:9 > 16 0x50a764 in bridge_run /workspace/ovn/ovs/vswitchd/bridge.c:3346:5 > 17 0x53eed7 in main /workspace/ovn/ovs/vswitchd/ovs-vswitchd.c:130:9 > > Signed-off-by: Ales Musil <amusil@redhat.com> Acked-by: Simon Horman <horms@ovn.org>
On 7/16/24 15:34, Simon Horman wrote: > On Tue, Jul 16, 2024 at 01:45:53PM +0200, Ales Musil wrote: >> The data in the buffer are aligned to 2 bytes, however >> 'struct in6_addr' is aligned to 4 bytes. Use the 2 bytes aligned >> equivalent 'union ovs_16aligned_in6_addr' instead. This was caught >> by one of the OVN tests: >> >> lib/flow.c:1133:25: runtime error: load of misaligned address >> 0x51400009cc92 for type 'const struct in6_addr *', which requires >> 4 byte alignment >> 0x51400009cc92: note: pointer points here >> 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 >> ^ >> 0 0x8255b2 in miniflow_extract /workspace/ovn/ovs/lib/flow.c:1133:25 >> 1 0x81d921 in flow_extract /workspace/ovn/ovs/lib/flow.c:671:5 >> 2 0xa966d4 in ofp_packet_to_string /workspace/ovn/ovs/lib/ofp-print.c:82:5 >> 3 0xa76de2 in ofputil_packet_in_private_format /workspace/ovn/ovs/lib/ofp-packet.c:1037:24 >> 4 0xa99817 in ofp_print_packet_in /workspace/ovn/ovs/lib/ofp-print.c:132:9 >> 5 0xa97f46 in ofp_to_string__ /workspace/ovn/ovs/lib/ofp-print.c >> 6 0xa97f46 in ofp_to_string /workspace/ovn/ovs/lib/ofp-print.c:1264:21 >> 7 0xc338f4 in do_send /workspace/ovn/ovs/lib/vconn.c:687:19 >> 8 0xb7f678 in try_send /workspace/ovn/ovs/lib/rconn.c:1128:14 >> 9 0xb7d725 in rconn_send__ /workspace/ovn/ovs/lib/rconn.c:760:13 >> 10 0xb7d8e7 in rconn_send_with_limit /workspace/ovn/ovs/lib/rconn.c:816:17 >> 11 0x6f70de in do_send_packet_ins /workspace/ovn/ovs/ofproto/connmgr.c:1697:13 >> 12 0x6f691f in connmgr_send_async_msg /workspace/ovn/ovs/ofproto/connmgr.c:1682:9 >> 13 0x5c2d23 in run /workspace/ovn/ovs/ofproto/ofproto-dpif.c:1877:13 >> 14 0x56737f in ofproto_run /workspace/ovn/ovs/ofproto/ofproto.c:1906:13 >> 15 0x50d4fc in bridge_run__ /workspace/ovn/ovs/vswitchd/bridge.c:3287:9 >> 16 0x50a764 in bridge_run /workspace/ovn/ovs/vswitchd/bridge.c:3346:5 >> 17 0x53eed7 in main /workspace/ovn/ovs/vswitchd/ovs-vswitchd.c:130:9 >> >> Signed-off-by: Ales Musil <amusil@redhat.com> > > Acked-by: Simon Horman <horms@ovn.org> > Thanks, Ales and Simon! Applied and backported down to 2.17. It is a legit issue, but for some reason I was not able to reproduce the runtime exception with different compilers/versions/flags. Could you share some more details on how it was triggered? Best regards, Ilya Maximets.
On Wed, Jul 17, 2024 at 11:48 PM Ilya Maximets <i.maximets@ovn.org> wrote: > On 7/16/24 15:34, Simon Horman wrote: > > On Tue, Jul 16, 2024 at 01:45:53PM +0200, Ales Musil wrote: > >> The data in the buffer are aligned to 2 bytes, however > >> 'struct in6_addr' is aligned to 4 bytes. Use the 2 bytes aligned > >> equivalent 'union ovs_16aligned_in6_addr' instead. This was caught > >> by one of the OVN tests: > >> > >> lib/flow.c:1133:25: runtime error: load of misaligned address > >> 0x51400009cc92 for type 'const struct in6_addr *', which requires > >> 4 byte alignment > >> 0x51400009cc92: note: pointer points here > >> 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 > >> ^ > >> 0 0x8255b2 in miniflow_extract /workspace/ovn/ovs/lib/flow.c:1133:25 > >> 1 0x81d921 in flow_extract /workspace/ovn/ovs/lib/flow.c:671:5 > >> 2 0xa966d4 in ofp_packet_to_string > /workspace/ovn/ovs/lib/ofp-print.c:82:5 > >> 3 0xa76de2 in ofputil_packet_in_private_format > /workspace/ovn/ovs/lib/ofp-packet.c:1037:24 > >> 4 0xa99817 in ofp_print_packet_in > /workspace/ovn/ovs/lib/ofp-print.c:132:9 > >> 5 0xa97f46 in ofp_to_string__ /workspace/ovn/ovs/lib/ofp-print.c > >> 6 0xa97f46 in ofp_to_string /workspace/ovn/ovs/lib/ofp-print.c:1264:21 > >> 7 0xc338f4 in do_send /workspace/ovn/ovs/lib/vconn.c:687:19 > >> 8 0xb7f678 in try_send /workspace/ovn/ovs/lib/rconn.c:1128:14 > >> 9 0xb7d725 in rconn_send__ /workspace/ovn/ovs/lib/rconn.c:760:13 > >> 10 0xb7d8e7 in rconn_send_with_limit > /workspace/ovn/ovs/lib/rconn.c:816:17 > >> 11 0x6f70de in do_send_packet_ins > /workspace/ovn/ovs/ofproto/connmgr.c:1697:13 > >> 12 0x6f691f in connmgr_send_async_msg > /workspace/ovn/ovs/ofproto/connmgr.c:1682:9 > >> 13 0x5c2d23 in run /workspace/ovn/ovs/ofproto/ofproto-dpif.c:1877:13 > >> 14 0x56737f in ofproto_run /workspace/ovn/ovs/ofproto/ofproto.c:1906:13 > >> 15 0x50d4fc in bridge_run__ /workspace/ovn/ovs/vswitchd/bridge.c:3287:9 > >> 16 0x50a764 in bridge_run /workspace/ovn/ovs/vswitchd/bridge.c:3346:5 > >> 17 0x53eed7 in main /workspace/ovn/ovs/vswitchd/ovs-vswitchd.c:130:9 > >> > >> Signed-off-by: Ales Musil <amusil@redhat.com> > > > > Acked-by: Simon Horman <horms@ovn.org> > > > > Thanks, Ales and Simon! > Applied and backported down to 2.17. > > It is a legit issue, but for some reason I was not able to reproduce > the runtime exception with different compilers/versions/flags. Could > you share some more details on how it was triggered? > > Best regards, Ilya Maximets. > > I managed to trigger in OVN tests by compiling both OVN and OvS with clang + sanitizers. One of the affected tests is "nd_na" in ovn.at for example. Let me know if you don't manage to reproduce it. Thanks, Ales
diff --git a/lib/flow.c b/lib/flow.c index dc5fb328d..9be437524 100644 --- a/lib/flow.c +++ b/lib/flow.c @@ -408,7 +408,8 @@ parse_ethertype(const void **datap, size_t *sizep) static inline bool parse_icmpv6(const void **datap, size_t *sizep, const struct icmp6_data_header *icmp6, - ovs_be32 *rso_flags, const struct in6_addr **nd_target, + ovs_be32 *rso_flags, + const union ovs_16aligned_in6_addr **nd_target, struct eth_addr arp_buf[2], uint8_t *opt_type) { if (icmp6->icmp6_base.icmp6_code != 0 || @@ -1117,7 +1118,7 @@ miniflow_extract(struct dp_packet *packet, struct miniflow *dst) } } else if (OVS_LIKELY(nw_proto == IPPROTO_ICMPV6)) { if (OVS_LIKELY(size >= sizeof(struct icmp6_data_header))) { - const struct in6_addr *nd_target; + const union ovs_16aligned_in6_addr *nd_target; struct eth_addr arp_buf[2]; /* This will populate whether we received Option 1 * or Option 2. */
The data in the buffer are aligned to 2 bytes, however 'struct in6_addr' is aligned to 4 bytes. Use the 2 bytes aligned equivalent 'union ovs_16aligned_in6_addr' instead. This was caught by one of the OVN tests: lib/flow.c:1133:25: runtime error: load of misaligned address 0x51400009cc92 for type 'const struct in6_addr *', which requires 4 byte alignment 0x51400009cc92: note: pointer points here 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ 0 0x8255b2 in miniflow_extract /workspace/ovn/ovs/lib/flow.c:1133:25 1 0x81d921 in flow_extract /workspace/ovn/ovs/lib/flow.c:671:5 2 0xa966d4 in ofp_packet_to_string /workspace/ovn/ovs/lib/ofp-print.c:82:5 3 0xa76de2 in ofputil_packet_in_private_format /workspace/ovn/ovs/lib/ofp-packet.c:1037:24 4 0xa99817 in ofp_print_packet_in /workspace/ovn/ovs/lib/ofp-print.c:132:9 5 0xa97f46 in ofp_to_string__ /workspace/ovn/ovs/lib/ofp-print.c 6 0xa97f46 in ofp_to_string /workspace/ovn/ovs/lib/ofp-print.c:1264:21 7 0xc338f4 in do_send /workspace/ovn/ovs/lib/vconn.c:687:19 8 0xb7f678 in try_send /workspace/ovn/ovs/lib/rconn.c:1128:14 9 0xb7d725 in rconn_send__ /workspace/ovn/ovs/lib/rconn.c:760:13 10 0xb7d8e7 in rconn_send_with_limit /workspace/ovn/ovs/lib/rconn.c:816:17 11 0x6f70de in do_send_packet_ins /workspace/ovn/ovs/ofproto/connmgr.c:1697:13 12 0x6f691f in connmgr_send_async_msg /workspace/ovn/ovs/ofproto/connmgr.c:1682:9 13 0x5c2d23 in run /workspace/ovn/ovs/ofproto/ofproto-dpif.c:1877:13 14 0x56737f in ofproto_run /workspace/ovn/ovs/ofproto/ofproto.c:1906:13 15 0x50d4fc in bridge_run__ /workspace/ovn/ovs/vswitchd/bridge.c:3287:9 16 0x50a764 in bridge_run /workspace/ovn/ovs/vswitchd/bridge.c:3346:5 17 0x53eed7 in main /workspace/ovn/ovs/vswitchd/ovs-vswitchd.c:130:9 Signed-off-by: Ales Musil <amusil@redhat.com> --- lib/flow.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)