utilities: ovn-trace: fix reject action crash

Avoid the following crash in ovn-trace due to a reject action infinite loop: AddressSanitizer:DEADLYSIGNAL ==569410==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc0a991bc4 (pc 0x000000415081 bp 0x7ffc0a993fa0 sp 0x7ffc0a991b30 T0) #0 0x415081 in trace_actions utilities/ovn-trace.c:2617 ovn-org#1 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#2 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#3 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 ovn-org#4 0x416fcf in trace_actions utilities/ovn-trace.c:2640 ovn-org#5 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#6 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#7 0x41788d in execute_next utilities/ovn-trace.c:2307 ovn-org#8 0x41788d in trace_actions utilities/ovn-trace.c:2644 ovn-org#9 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 ovn-org#10 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 ovn-org#11 0x419671 in execute_reject utilities/ovn-trace.c:2049 ovn-org#12 0x419671 in trace_actions utilities/ovn-trace.c:2860 ovn-org#13 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#14 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#15 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 ovn-org#16 0x416fcf in trace_actions utilities/ovn-trace.c:2640 ovn-org#17 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#18 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#19 0x41788d in execute_next utilities/ovn-trace.c:2307 ovn-org#20 0x41788d in trace_actions utilities/ovn-trace.c:2644 ovn-org#21 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 ovn-org#22 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 ovn-org#23 0x419671 in execute_reject utilities/ovn-trace.c:2049 ovn-org#24 0x419671 in trace_actions utilities/ovn-trace.c:2860 ovn-org#25 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#26 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#27 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 ovn-org#28 0x416fcf in trace_actions utilities/ovn-trace.c:2640 ovn-org#29 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#30 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#31 0x41788d in execute_next utilities/ovn-trace.c:2307 ovn-org#32 0x41788d in trace_actions utilities/ovn-trace.c:2644 ovn-org#33 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 ovn-org#34 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 ovn-org#35 0x419671 in execute_reject utilities/ovn-trace.c:2049 ovn-org#36 0x419671 in trace_actions utilities/ovn-trace.c:2860 ovn-org#37 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#38 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#39 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 ovn-org#40 0x416fcf in trace_actions utilities/ovn-trace.c:2640 ovn-org#41 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#42 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#43 0x41788d in execute_next utilities/ovn-trace.c:2307 .... The issue can be triggered with the following reproducer: $ovn-nbctl ls-add sw $ovn-nbctl lsp-add sw p1 $ovn-nbctl lsp-set-addresses p1 "00:00:00:00:00:02 192.168.0.2" $ovn-nbctl lsp-add sw p2 $ovn-nbctl lsp-set-addresses p2 "00:00:00:00:00:03 192.168.0.3" $ovn-nbctl pg-add pg1 p1 p2 $ovn-nbctl acl-add pg1 to-lport 2003 "inport==@pg1 && ip4 && ip4.src == 192.168.0.0/16 && udp && udp.dst == 9000" allow $ovn-nbctl acl-add pg1 to-lport 2001 "inport==@pg1" reject $ovn-trace 'inport == "p2" && eth.src == 00:00:00:00:00:03 && eth.dst == 00:00:00:00:00:02 && ip.ttl==42 && ip4.src == 192.168.0.3' Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2074537 Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Signed-off-by: 0-day Robot <robot@bytheb.org>
ovsrobot · Apr 15, 2022 · b8e7511 · b8e7511
1 parent 9c6d285
commit b8e7511
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/utilities/ovn-trace.c b/utilities/ovn-trace.c
@@ -1802,6 +1802,10 @@ execute_icmp4(const struct ovnact_nest *on,
 {
     struct flow icmp4_flow = *uflow;
 
+    if (loopback && icmp4_flow.tp_src == htons(ICMP4_DST_UNREACH)) {
+        return; /* Avoid recirculation. */
+    }
+
     /* Update fields for ICMP. */
     if (loopback) {
         icmp4_flow.dl_dst = uflow->dl_src;
@@ -1834,6 +1838,10 @@ execute_icmp6(const struct ovnact_nest *on,
 {
     struct flow icmp6_flow = *uflow;
 
+    if (loopback && icmp6_flow.tp_src == htons(ICMP6_DST_UNREACH)) {
+        return; /* Avoid recirculation. */
+    }
+
     /* Update fields for ICMPv6. */
     if (loopback) {
         icmp6_flow.dl_dst = uflow->dl_src;
@@ -1933,6 +1941,11 @@ execute_tcp_reset(const struct ovnact_nest *on,
                   bool loopback, enum ovnact_pipeline pipeline,
                   struct ovs_list *super)
 {
+    struct flow tcp_flow = *uflow;
+    if (loopback && tcp_flow.tcp_flags == htons(TCP_RST)) {
+        return; /* Avoid recirculation. */
+    }
+
     if (get_dl_type(uflow) == htons(ETH_TYPE_IP)) {
         execute_tcp4_reset(on, dp, uflow, table_id, loopback, pipeline, super);
     } else {
@@ -1965,6 +1978,7 @@ execute_sctp4_abort(const struct ovnact_nest *on,
     sctp_flow.nw_ttl = 255;
     sctp_flow.tp_src = uflow->tp_src;
     sctp_flow.tp_dst = uflow->tp_dst;
+    sctp_flow.tcp_flags = htons(TCP_RST);
 
     struct ovntrace_node *node = ovntrace_node_append(
         super, OVNTRACE_NODE_TRANSFORMATION, "sctp_abort");
@@ -2014,6 +2028,11 @@ execute_sctp_abort(const struct ovnact_nest *on,
                    bool loopback, enum ovnact_pipeline pipeline,
                    struct ovs_list *super)
 {
+    struct flow sctp_flow = *uflow;
+    if (loopback && sctp_flow.tcp_flags == htons(TCP_RST)) {
+        return; /* Avoid recirculation. */
+    }
+
     if (get_dl_type(uflow) == htons(ETH_TYPE_IP)) {
         execute_sctp4_abort(on, dp, uflow, table_id, loopback,
                             pipeline, super);