kernel BUG at include/linux/skbuff.h:1219!
invalid opcode: 0000 [#1] SMP
RIP: 0010:[<ffffffffa01dc89d>] ovs_flow_extract+0x8ed/0xa40 [openvswitch]
Call Trace:
<IRQ>
ovs_dp_process_received_packet+0x44/0x80 [openvswitch]
ovs_vport_receive+0x2e/0x30 [openvswitch]
gre_rcv+0xac/0xd0 [openvswitch]
gre_cisco_rcv+0x1c2/0x310 [openvswitch]
gre_rcv+0x59/0x80 [openvswitch]
ovs_flow_extract call __skb_pull to lead BUG_ON(skb->len < skb->data_len)
if the gre header protocol is not TEB and most part of the packet is in
the nolinear-spatial.
1. gre_rcv: pskb_may_pull(skb, 12)
pull the 12 bytes to linear-spatial(skb->data). The gre header is 8 bytes
only with key.
2. gre_cisco_rcv-->parse_gre_header-->iptunnel_pull_header
{
if (inner_proto == htons(ETH_P_TEB)) {
struct ethhdr *eh;
if (unlikely(!pskb_may_pull(skb, ETH_HLEN)))
return -ENOMEM;
......
}
}
The wrong inner_proto leads no pull the Mac header to linear-spatial
3. finally It made a crash in ovs_flow_extract->__skb_pull
Signed-off-by: wenxu <we...@ucloud.cn>
---
net/openvswitch/vport-gre.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/openvswitch/vport-gre.c b/net/openvswitch/vport-gre.c
index f17ac96..4a993b5 100644
--- a/net/openvswitch/vport-gre.c
+++ b/net/openvswitch/vport-gre.c
@@ -107,6 +107,9 @@ static int gre_rcv(struct sk_buff *skb,
if (unlikely(!vport))
return PACKET_REJECT;
+ if (unlikely(tpi->proto != htons(ETH_P_TEB)))
+ return PACKET_REJECT;
+
key = key_to_tunnel_id(tpi->key, tpi->seq);
ovs_flow_tun_info_init(&tun_info, ip_hdr(skb), 0, 0, key,
filter_tnl_flags(tpi->flags), NULL, 0);
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
