From patchwork Wed Oct 14 17:08:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Han Zhou X-Patchwork-Id: 1382271 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CBJlv5WY8z9sTR for ; Thu, 15 Oct 2020 04:08:42 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 941A02E500; Wed, 14 Oct 2020 17:08:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WgTa0Fdp7jII; Wed, 14 Oct 2020 17:08:37 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by silver.osuosl.org (Postfix) with ESMTP id EC0BC2E2E5; Wed, 14 Oct 2020 17:08:36 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id CED18C0052; Wed, 14 Oct 2020 17:08:36 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 85BE4C0051 for ; Wed, 14 Oct 2020 17:08:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 6843C2E2E5 for ; Wed, 14 Oct 2020 17:08:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rcrIIPDG5Q8g for ; Wed, 14 Oct 2020 17:08:34 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by silver.osuosl.org (Postfix) with ESMTPS id D84442E2B6 for ; Wed, 14 Oct 2020 17:08:33 +0000 (UTC) Received: from localhost.localdomain (unknown [73.241.94.255]) (Authenticated sender: hzhou@ovn.org) by relay11.mail.gandi.net (Postfix) with ESMTPSA id 28A39100003; Wed, 14 Oct 2020 17:08:29 +0000 (UTC) From: Han Zhou To: dev@openvswitch.org Date: Wed, 14 Oct 2020 10:08:21 -0700 Message-Id: <20201014170821.227967-1-hzhou@ovn.org> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Cc: Han Zhou , Ilya Maximets Subject: [ovs-dev] [PATCH ovn] ovn-ic: Fix route hash. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" The 'nexthop' that passed to ic_route_hash() is not fully initialized in get_nexthop_from_lport_addresses(). 'nexthop' has type of 'struct v46_ip' which contains a union to share space for ipv4 and ipv6 address.  If only ipv4 initialized where is a plenty of uninitialized space that goes to hash_bytes(nexthop, sizeof *nexthop, basis). Impact: there are two places where this function is called. 1. In add_to_routes_ad(), the nexthop is initialized in parse_route() before calling get_nexthop_from_lport_addresses(), luckily. 2. In add_network_to_routes_ad(), we are unlucky. When a directly connected network of a router is found to be advertised, if the route already existed in the global IC-SB, it may not be found due to the hash difference, and results in the existing route being deleted and the same one recreated, unnecessarily. This patch fixes the problem by initializing the struct to zero before setting the fields. From Ilya's report: > Report from MemorySanitizer: > > ==3074629==WARNING: MemorySanitizer: use-of-uninitialized-value >     #0 0x67177e in mhash_add__ ovs/./lib/hash.h:66:9 >     #1 0x671668 in mhash_add ovs/./lib/hash.h:78:12 >     #2 0x6701e9 in hash_bytes ovs/lib/hash.c:38:16 >     #3 0x524b4a in add_network_to_routes_ad ic/ovn-ic.c:1095:5 >     #4 0x51eea3 in route_run ic/ovn-ic.c:1424:21 >     #5 0x51887b in main ic/ovn-ic.c:1674:17 >     #6 0x7fd4ce7871a2 in __libc_start_main >     #7 0x49c90d in _start (ic/ovn-ic+0x49c90d) > >   Uninitialized value was created by an allocation of 'nexthop' in the >   stack frame of function 'add_network_to_routes_ad' >     #0 0x5245f0 in add_network_to_routes_ad ic/ovn-ic.c:1069 Reported-by: Ilya Maximets Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2020-October/376160.html Fixes: 57b347c55 ("ovn-ic: Route advertisement.") Signed-off-by: Han Zhou Acked-by: Numan Siddique --- ic/ovn-ic.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ic/ovn-ic.c b/ic/ovn-ic.c index dc9bcc64e..923969fff 100644 --- a/ic/ovn-ic.c +++ b/ic/ovn-ic.c @@ -907,6 +907,7 @@ get_nexthop_from_lport_addresses(int family, const struct lport_addresses *laddr, struct v46_ip *nexthop) { + memset(nexthop, 0, sizeof *nexthop); nexthop->family = family; if (family == AF_INET) { if (!laddr->n_ipv4_addrs) {