The datapath code expects the RSS hash to always be initialized. This
is enforced by checking in emc_processing() that the hash is valid, and
eventually by computing a new one.
Unfortunately, there is another entry point to the datapath,
dpif_netdev_execute(). A packet generated by OVS (BFD frame,
packet-out from controller) doesn't have a valid RSS hash and so is
allowed to enter the datapath with an uninitialized hash value.
This commit recomputes the hash (if not valid) in dpif_netdev_execute().
The only place where we would use an invalid hash is netdev-vport, in
push_udp_header(). This caused an uninitialized memory read, and a
random value to be assigned to the outer tunnel header source port.
Reported-by: William Tu <u9012...@gmail.com>
Signed-off-by: Daniele Di Proietto <diproiet...@vmware.com>
---
lib/dpif-netdev.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index 33fd228..76a8c6b 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -2364,6 +2364,11 @@ dpif_netdev_execute(struct dpif *dpif, struct
dpif_execute *execute)
ovs_mutex_lock(&dp->port_mutex);
}
+ if (!dp_packet_rss_valid(execute->packet)) {
+ dp_packet_set_rss_hash(execute->packet,
+ flow_hash_5tuple(execute->flow, 0));
+ }
+
pp = execute->packet;
dp_netdev_execute_actions(pmd, &pp, 1, false, execute->actions,
execute->actions_len);
--
2.1.4
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
