| Message ID | 20170406135155.4385-1-joe@ovn.org |
|---|---|
| State | Accepted |
| Headers | show |
On 6 April 2017 at 06:51, Joe Stringer <joe@ovn.org> wrote: > Neelakantam reports: > > BUG: unable to handle kernel NULL pointer dereference > RIP: 0010:[<ffffffffa04e8b4c>] [<ffffffffa04e8b4c>] dst_cache_get_ip4+0xc/0x50 [openvswitch] > Call Trace: > [<ffffffffa04f6b0a>] vxlan_get_route.isra.41+0xea/0x130 [openvswitch] > [<ffffffff81524289>] ? __skb_get_hash+0x39/0x160 > [<ffffffffa04f7ec0>] ovs_vxlan_fill_metadata_dst+0x170/0x1e0 [openvswitch] > [<ffffffffa04e88ee>] ovs_dev_fill_metadata_dst+0x9e/0xd0 [openvswitch] > [<ffffffffa04d717e>] output_userspace+0xfe/0x180 [openvswitch] > [<ffffffffa04d86dd>] do_execute_actions+0x63d/0x8f0 [openvswitch] > [<ffffffffa04d89d1>] ovs_execute_actions+0x41/0x130 [openvswitch] > [<ffffffffa04de904>] ovs_dp_process_packet+0x94/0x140 [openvswitch] > [<ffffffffa04e73a3>] ovs_vport_receive+0x73/0xd0 [openvswitch] > [<ffffffff810c3f12>] ? enqueue_task_fair+0x402/0x6c0 > [<ffffffff810bb685>] ? sched_clock_cpu+0x85/0xc0 > [<ffffffff810b5d85>] ? check_preempt_curr+0x75/0xa0 > [<ffffffff810b5dc9>] ? ttwu_do_wakeup+0x19/0xd0 > [<ffffffff810b5f5d>] ? ttwu_do_activate.constprop.84+0x5d/0x70 > [<ffffffff810b8a66>] ? try_to_wake_up+0x1b6/0x300 > [<ffffffff810b0d84>] ? __wake_up+0x44/0x50 > [<ffffffffa04e7d84>] internal_dev_xmit+0x24/0x60 [openvswitch] > [<ffffffff8152c671>] dev_hard_start_xmit+0x171/0x3b0 > [<ffffffff8154cd74>] sch_direct_xmit+0x104/0x200 > [<ffffffff8152cae6>] dev_queue_xmit+0x236/0x570 > [<ffffffffa03897bc>] macvlan_start_xmit+0x3c/0xc0 [macvlan] > [<ffffffff8152c671>] dev_hard_start_xmit+0x171/0x3b0 > [<ffffffff8154cd74>] sch_direct_xmit+0x104/0x200 > [<ffffffff8152cae6>] dev_queue_xmit+0x236/0x570 > [<ffffffffa0517a74>] macvtap_get_user+0x414/0x720 [macvtap] > [<ffffffffa0517dab>] macvtap_sendmsg+0x2b/0x30 [macvtap] > [<ffffffffa052e10c>] handle_tx+0x2fc/0x550 [vhost_net] > [<ffffffffa052e395>] handle_tx_kick+0x15/0x20 [vhost_net] > [<ffffffffa051e60b>] vhost_worker+0xfb/0x1e0 [vhost] > [<ffffffffa051e510>] ? vhost_dev_reset_owner+0x50/0x50 [vhost] > [<ffffffff810a5aef>] kthread+0xcf/0xe0 > [<ffffffff810a5a20>] ? kthread_create_on_node+0x140/0x140 > [<ffffffff81645858>] ret_from_fork+0x58/0x90 > [<ffffffff810a5a20>] ? kthread_create_on_node+0x140/0x140 > > ovs_vxlan_fill_metadata_dst() calls vxlan_get_route() with no dst_cache, > handle this case and don't attempt to use dst_cache. > > Reported-by: Neelakantam Gaddam <neelugaddam@gmail.com> > Signed-off-by: Joe Stringer <joe@ovn.org> > --- Neelakantam reported separately that it fixes the issue, so I applied this to master, branch-2.7 and branch-2.6.
diff --git a/datapath/linux/compat/vxlan.c b/datapath/linux/compat/vxlan.c index 3abcab1dcba7..d9da6f3d18c8 100644 --- a/datapath/linux/compat/vxlan.c +++ b/datapath/linux/compat/vxlan.c @@ -916,7 +916,7 @@ static struct rtable *vxlan_get_route(struct vxlan_dev *vxlan, struct dst_cache *dst_cache, const struct ip_tunnel_info *info) { - bool use_cache = ip_tunnel_dst_cache_usable(skb, info); + bool use_cache = (dst_cache && ip_tunnel_dst_cache_usable(skb, info)); struct rtable *rt = NULL; struct flowi4 fl4;
Neelakantam reports: BUG: unable to handle kernel NULL pointer dereference RIP: 0010:[<ffffffffa04e8b4c>] [<ffffffffa04e8b4c>] dst_cache_get_ip4+0xc/0x50 [openvswitch] Call Trace: [<ffffffffa04f6b0a>] vxlan_get_route.isra.41+0xea/0x130 [openvswitch] [<ffffffff81524289>] ? __skb_get_hash+0x39/0x160 [<ffffffffa04f7ec0>] ovs_vxlan_fill_metadata_dst+0x170/0x1e0 [openvswitch] [<ffffffffa04e88ee>] ovs_dev_fill_metadata_dst+0x9e/0xd0 [openvswitch] [<ffffffffa04d717e>] output_userspace+0xfe/0x180 [openvswitch] [<ffffffffa04d86dd>] do_execute_actions+0x63d/0x8f0 [openvswitch] [<ffffffffa04d89d1>] ovs_execute_actions+0x41/0x130 [openvswitch] [<ffffffffa04de904>] ovs_dp_process_packet+0x94/0x140 [openvswitch] [<ffffffffa04e73a3>] ovs_vport_receive+0x73/0xd0 [openvswitch] [<ffffffff810c3f12>] ? enqueue_task_fair+0x402/0x6c0 [<ffffffff810bb685>] ? sched_clock_cpu+0x85/0xc0 [<ffffffff810b5d85>] ? check_preempt_curr+0x75/0xa0 [<ffffffff810b5dc9>] ? ttwu_do_wakeup+0x19/0xd0 [<ffffffff810b5f5d>] ? ttwu_do_activate.constprop.84+0x5d/0x70 [<ffffffff810b8a66>] ? try_to_wake_up+0x1b6/0x300 [<ffffffff810b0d84>] ? __wake_up+0x44/0x50 [<ffffffffa04e7d84>] internal_dev_xmit+0x24/0x60 [openvswitch] [<ffffffff8152c671>] dev_hard_start_xmit+0x171/0x3b0 [<ffffffff8154cd74>] sch_direct_xmit+0x104/0x200 [<ffffffff8152cae6>] dev_queue_xmit+0x236/0x570 [<ffffffffa03897bc>] macvlan_start_xmit+0x3c/0xc0 [macvlan] [<ffffffff8152c671>] dev_hard_start_xmit+0x171/0x3b0 [<ffffffff8154cd74>] sch_direct_xmit+0x104/0x200 [<ffffffff8152cae6>] dev_queue_xmit+0x236/0x570 [<ffffffffa0517a74>] macvtap_get_user+0x414/0x720 [macvtap] [<ffffffffa0517dab>] macvtap_sendmsg+0x2b/0x30 [macvtap] [<ffffffffa052e10c>] handle_tx+0x2fc/0x550 [vhost_net] [<ffffffffa052e395>] handle_tx_kick+0x15/0x20 [vhost_net] [<ffffffffa051e60b>] vhost_worker+0xfb/0x1e0 [vhost] [<ffffffffa051e510>] ? vhost_dev_reset_owner+0x50/0x50 [vhost] [<ffffffff810a5aef>] kthread+0xcf/0xe0 [<ffffffff810a5a20>] ? kthread_create_on_node+0x140/0x140 [<ffffffff81645858>] ret_from_fork+0x58/0x90 [<ffffffff810a5a20>] ? kthread_create_on_node+0x140/0x140 ovs_vxlan_fill_metadata_dst() calls vxlan_get_route() with no dst_cache, handle this case and don't attempt to use dst_cache. Reported-by: Neelakantam Gaddam <neelugaddam@gmail.com> Signed-off-by: Joe Stringer <joe@ovn.org> --- datapath/linux/compat/vxlan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)