lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 9 Jan 2017 14:20:48 -0500
From:   Uri Foox <uri@...y.com>
To:     Joe Stringer <joe@....org>
Cc:     Pravin B Shelar <pshelar@....org>, netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH stable 4.1] openvswitch: gre: filter gre packets

On Mon, Jan 9, 2017 at 2:07 PM, Uri Foox <uri@...y.com> wrote:
> This patch was marked Not Applicable and so was
> https://patchwork.ozlabs.org/patch/559944/ which is the same thing from a
> year ago. Why are both of these not applicable?
>
> On Mon, Jan 9, 2017 at 1:48 PM, Joe Stringer <joe@....org> wrote:
>>
>> On 8 January 2017 at 06:14, Pravin B Shelar <pshelar@....org> wrote:
>> > OVS can only process L2 packets. But OVS GRE receive handler
>> > can accept IP-GRE packets. When such packet is processed by
>> > OVS datapath it can trigger following assert failure due
>> > to insufficient linear data in skb. Following patch filters
>> > received packets to avoid this issue.
>> >
>> > [68240.441681] ------------[ cut here ]------------
>> > [68240.496918] kernel BUG at
>> > /build/linux-lts-trusty-D60X6T/linux-lts-trusty-3.13.0/include/linux/skbuff.h:1486!
>> > [68240.615520] invalid opcode: 0000 [#1] SMP
>> > [68241.953939] RIP: [<ffffffffa052b4fe>] __skb_pull.part.7+0x4/0x6
>> > [openvswitch]
>> > [68243.099945] Call Trace:
>> > [68243.129188]  <IRQ>
>> > [68243.152204]  [<ffffffffa0524e64>] ovs_flow_extract+0x664/0x720
>> > [openvswitch]
>> > [68243.314912]  [<ffffffffa0523a80>]
>> > ovs_dp_process_received_packet+0x60/0x130 [openvswitch]
>> > [68243.481559]  [<ffffffffa0529e3a>] ovs_vport_receive+0x2a/0x30
>> > [openvswitch]
>> > [68243.564884]  [<ffffffffa052b374>] gre_rcv+0xa4/0xb8 [openvswitch]
>> > [68243.637802]  [<ffffffffa03e2795>] gre_cisco_rcv+0x75/0xbc [gre]
>> > [68243.708621]  [<ffffffffa03e22f5>] gre_rcv+0x65/0x90 [gre]
>> > [68243.773214]  [<ffffffff816941d8>] ip_local_deliver_finish+0xa8/0x220
>> > [68243.849244]  [<ffffffff816944db>] ip_local_deliver+0x4b/0x90
>> > [68243.916951]  [<ffffffff81693ed1>] ip_rcv_finish+0x121/0x380
>> > [68243.983627]  [<ffffffff816947a6>] ip_rcv+0x286/0x380
>> > [68244.043023]  [<ffffffff8165b80a>]
>> > __netif_receive_skb_core+0x61a/0x760
>> > [68244.121122]  [<ffffffff8165b971>] __netif_receive_skb+0x21/0x70
>> > [68244.191942]  [<ffffffff8165c131>] process_backlog+0xb1/0x190
>> > [68244.259642]  [<ffffffff8165ca09>] net_rx_action+0x139/0x280
>> > [68244.326305]  [<ffffffff8107367d>] __do_softirq+0xed/0x360
>> > [68244.390887]  [<ffffffff81073c8e>] irq_exit+0x11e/0x140
>> > [68244.452358]  [<ffffffff8177d873>] do_IRQ+0x63/0xe0
>> > [68244.509674]  [<ffffffff817728ad>] common_interrupt+0x6d/0x6d
>> > [68245.392237] RIP  [<ffffffffa052b4fe>] __skb_pull.part.7+0x4/0x6
>> > [openvswitch]
>> > [68245.520082] ---[ end trace 383bac9f3e676970 ]---
>> >
>> > Fixes: aa310701e7 ("openvswitch: Add gre tunnel support.")
>> > Reported-by: Uri Foox <uri@...y.com>
>> > CC: Joe Stringer <joe@....org>
>> > Signed-off-by: Pravin B Shelar <pshelar@....org>
>>
>> Acked-by: Joe Stringer <joe@....org>
>

This patch was marked Not Applicable and so was
https://patchwork.ozlabs.org/patch/559944/ which is the same thing
from a year ago. Why are both of these not applicable? This is a real
issue and has caused downtime for multiple people.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ