On Sun, Dec 20, 2015 at 9:29 PM, wenxu <wenx05124...@163.com> wrote:
> Hi all,
>
> I meet a crash problem in kernel with openvswitch2.3.0
[...]
> It crashed in ovs_flow_extract with _skb_pull the src&dst mac address
> (BUG_ON(skb->len < skb->data_len);)
> int ovs_flow_extract(struct sk_buff *skb, u16 in_port, struct sw_flow_key
> *key)
> {
> .....
> __skb_pull(skb, 2 * ETH_ALEN);
> .....
> }
Thanks for tracking this down. I agree with your analysis.
> I think ovs should check this mess situation in two ways.
> 1. check the tpi->proto
Your solution looks right to me but we also need to fix the upstream
Linux kernel, which has the same issue. Can you please submit a patch
to fix it there and then backport it to OVS? I should also point out
that this does not affect the current version of either OVS or Linux
as the code has changed and is not vulnerable to this. However, the
older versions are still in use and being maintained.
> 2. add pskb_may_pull before pull like ip_gre did
I don't believe that this is necessary if we have #1. GRE does this
for the Ethernet header if the protocol is set to TEB. Other Ethernet
drivers are also required to enforce this invariant.
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
