Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix crash due to multiple tnl push action
During slow path packet processing, if the action is to output to a tunnel port, the slow path processing of the encapsulated packet continues on the underlay bridge and additional actions (e.g. optional VLAN encapsulation, bond link selection and finally output to port) are collected there. To prepare for a continuation of the processing of the original packet (e.g. output to other tunnel ports in a flooding scenario), the “tunnel_push” action and the actions of the underlay bridge are encapsulated in a clone() action to preserve the original packet. If the underlay bridge decides to drop the tunnel packet (for example if both bonded ports are down simultaneously), the clone(tunnel_push)) actions previously generated as part of translation of the output to tunnel port are discarded and a stand-alone tunnel_push action is added instead. Thus the tunnel header is pushed on to the original packet. This is the bug. Consequences: If packet processing continues with sending to further tunnel ports, multiple tunnel header pushes will happen on the original packet as typically the tunnels all traverse the same underlay bond which is down. The packet may not have enough headroom to accommodate all the tunnel headers. OVS crashes if it runs out of space while trying to push the tunnel headers. Even in case there is enough headroom, the packet will not be freed since the accumulated action list contains only the tunnel header push action without any output port action. Thus, we either have a crash or a packet buffer leak. Signed-off-by: Anju Thomas <anju.thomas@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
- Loading branch information
