Following a rework in the DPDK cache, the PATH variable is incorrectly
set, resulting in dpdk-testpmd not being available.
Because of this, vhost-user unit tests were skipped in GHA runs.
Fixes: 8893e24d9d09 ("dpdk: Update to use v23.11.")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
The DPDK telemetry library tries to connect to existing socket files so
that it knows whether it can take over them.
As was reported by Christian, following a fix in DPDK that got backported
in v23.11.1, vhost-user unit tests that have both OVS and testpmd running
at the same time reveal a conflict over the telemetry socket.
This conflict shows up as an error message in OVS logs which makes those
tests fail in the CI:
2024-06-06T13:03:38.351Z|00001|dpdk|ERR|TELEMETRY: Socket write base info
to client failed
The EAL file-prefix option affects both the directory where DPDK stores
running files (like the telemetry socket) and how files backing hugepages
are named (when in non --in-memory mode).
Configure (again) this prefix so that testpmd runs in a dedicated directory.
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2024-June/414545.html
Fixes: c488f28a0eaf ("system-dpdk: Don't require hugetlbfs.")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
All information required for checksum offloading can be deduced by
already tracked dp_packet l3_ofs, l4_ofs, inner_l3_ofs and inner_l4_ofs
fields.
Remove DPDK specific l[2-4]_len from generic OVS code.
netdev-dpdk code then fills mbuf specifics step by step:
- outer_l2_len and outer_l3_len are needed for tunneling (and below
features),
- l2_len and l3_len are needed for IP and L4 checksum (and below features),
- l4_len and tso_segsz are needed when doing TSO,
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
In a typical setup like:
guest A <-virtio-> OVS A <-vxlan-> OVS B <-virtio-> guest B
TSO packets from guest A are segmented against the OVS A physical port
mtu adjusted by the vxlan tunnel header size, regardless of guest A
interface mtu.
As an example, let's say guest A and guest B mtu are set to 1500 bytes.
OVS A and OVS B physical ports mtu are set to 1600 bytes.
Guest A will request TCP segmentation for 1448 bytes segments.
On the other hand, OVS A will request 1498 bytes segments to the HW.
This results in OVS B dropping packets because decapsulated packets
are larger than the vhost-user port (serving guest B) mtu.
2024-04-17T14:13:01.239Z|00002|netdev_dpdk(pmd-c03/id:7)|WARN|vhost0:
Too big size 1564 max_packet_len 1518
vhost-user ports expose a guest mtu by filling mbuf->tso_segsz.
Use it as a hint.
This may result in segments (on the wire) slightly shorter than the
optimal size.
Reported-at: https://github.com/openvswitch/ovs-issues/issues/321
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Every L3, L4 checksum offload or TSO requires a (outer) L3 length to be
provided.
This length is computed via dp_packet_l4(pkt) that is always set when
such offloads are requested in OVS.
Getting a th == NULL is a bug in OVS, so an assert() is more appropriate.
Besides, filling l4_len and tso_segsz only matters to TSO, so there is
no need to set it for other L4 checksum offloading requests.
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
If outer checksum is not supported and OVS already set L3/L4 outer
checksums in the packet, no outer mark should be left in ol_flags
(as it confuses some driver, like net/ixgbe).
l2_len must be adjusted to account for the tunnel header.
Fixes: 084c8087292c ("userspace: Support VXLAN and GENEVE TSO.")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Same as the commit 6f93d8e62f13 ("netdev-dpdk: Disable outer UDP checksum
offload for ice/i40e driver."), disable outer UDP checksum and related
offloads for net/iavf.
Fixes: 084c8087292c ("userspace: Support VXLAN and GENEVE TSO.")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
The outer checksum offloading API in DPDK is ambiguous and was
implemented by Intel folks in their drivers with the assumption that
any outer offloading always goes with an inner offloading request.
With net/i40e and net/ice drivers, in the case of encapsulating a ARP
packet in a vxlan tunnel (which results in requesting outer ip checksum
with a tunnel context but no inner offloading request), a Tx failure is
triggered, associated with a port MDD event.
2024-03-27T16:02:07.084Z|00018|dpdk|WARN|ice_interrupt_handler(): OICR:
MDD event
To avoid this situation, if no checksum or segmentation offloading is
requested on the inner part of a packet, fallback to "normal" (non outer)
offloading request.
Reported-at: https://github.com/openvswitch/ovs-issues/issues/321
Fixes: 084c8087292c ("userspace: Support VXLAN and GENEVE TSO.")
Fixes: f81d782c1906 ("netdev-native-tnl: Mark all vxlan/geneve packets as tunneled.")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
The cited commit reserved lower tc priorities for IP ethertypes in order
to give IP traffic higher priority than other management traffic.
In case of of vlan encap traffic, IP traffic will still get lower
priority.
Fix it by also reserving low priority tc prio for vlan.
Fixes: c230c7579c14 ("netdev-offload-tc: Reserve lower tc prios for ip ethertypes")
Signed-off-by: Maor Dickman <maord@nvidia.com>
Acked-by: Roi Dayan <roid@nvidia.com>
Signed-off-by: Simon Horman <horms@ovn.org>
Getting the following message while trying to build a debian package.
debian/openvswitch-switch.init
debian/openvswitch-switch.postinst
See above for files that use tabs for indentation.
Please use spaces instead.
Fix it.
Signed-off-by: Roi Dayan <roid@nvidia.com>
Signed-off-by: Simon Horman <horms@ovn.org>
OVS can parse NSH, but can't compose. Fix that and get rid of plain
hex NSH packets in system tests as they are hard to read or modify.
Tcpdump calls modified to write actual pcaps instead of text output,
so ovs-pcap can be used while checking the results.
While at it, replacing sleeps with more robust waiting for tcpdump
to start listening.
M4 macros are better than shell variables, because we can see the
substitution result in the test log. So, using m4_define and m4_join
extensively.
Acked-by: Simon Horman <horms@ovn.org>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
These tests contain plain hex dumps that are hard to read and modify.
Replace with equivalent calls to ovs-ofctl compose-packet --bare and
ovs-pcap.
Tcpdump calls modified to write actual pcaps instead of text output,
so ovs-pcap can be used while checking the results.
While at it, replacing sleeps with more robust waiting for tcpdump
to start listening.
M4 macros are better than shell variables, because we can see the
substitution result in the test log. So, using m4_define and m4_join
extensively.
Acked-by: Simon Horman <horms@ovn.org>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
We require python 3, so instead of manually parsing bytes on input we
can use built-in bytes.fromhex(). This function ignores whitespaces,
so we can use different input formats - the old style space-separated
bytes as well as pure hex strings provided by ovs-ofctl compose-packet
and ovs-pcap.
Acked-by: Simon Horman <horms@ovn.org>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
When conntrack is reassembling packet fragments, the same reassembly
context can be shared across multiple threads handling different packets
simultaneously. Once a full packet is assembled, it is added to a packet
batch for processing, in the case where there are multiple different pmd
threads accessing conntrack simultaneously, there is a race condition
where the reassembled packet may be added to an arbitrary batch even if
the current batch is available.
When this happens, the packet may be handled incorrectly as it is
inserted into a random openflow execution pipeline, instead of the
pipeline for that packets flow.
This change makes a best effort attempt to try to add the defragmented
packet to the current batch. directly. This should succeed most of the
time.
Fixes: 4ea96698f667 ("Userspace datapath: Add fragmentation handling.")
Reported-at: https://issues.redhat.com/browse/FDP-560
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Acked-by: Paolo Valerio <pvalerio@redhat.com>
Acked-by: Simon Horman <horms@ovn.org>
Signed-off-by: Aaron Conole <aconole@redhat.com>
When conntrack is reassembling packet fragments, the same reassembly
context can be shared across multiple threads handling different packets
simultaneously. Once a full packet is assembled, it is added to a packet
batch for processing, this is most likely the batch that added it in the
first place, but that isn't a guarantee.
The packets in these batches should be segregated by network protocol
version (ipv4 vs ipv6) for conntrack defragmentation to function
appropriately. However, there are conditions where we would add a
reassembled packet of one type to a batch of another.
This change introduces checks to make sure that reassembled or expired
fragments are only added to packet batches of the same type.
Fixes: 4ea96698f667 ("Userspace datapath: Add fragmentation handling.")
Reported-at: https://issues.redhat.com/browse/FDP-560
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Acked-by: Paolo Valerio <pvalerio@redhat.com>
Acked-by: Simon Horman <horms@ovn.org>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Correct spelling of destination in ovs-ctl.in.
Signed-off-by: Jun Gu <jun.gu@easystack.cn>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Simon Horman <horms@ovn.org>
Unlike the C IDL code, the Python version still monitors the
_Server DB with "monitor" instead of "monitor_cond". This results
in receiving an entire Database row every time the "index" value
is updated which includes the 'schema' column. Using "monitor_cond"
will result in "update2" notifications which just include the
changed "index" value.
Unlike the C IDL, the Python IDL requires a SchemaHelper object
to instantiate the IDL, leaving it to the user of the library to
call "get_schema" themselves. Since the Python IDL did not have
support for retrieving the schema automatically and did not have
a state for doing so, instead of transitioning on an error response
from retrieving the _Server schema to requesting the "data" schema,
this moves directly to monitoring the "data" DB.
Signed-off-by: Terry Wilson <twilson@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
There was a Python-only test for ensuring that the library would
work when connecting to an older ovsdb-server that did not support
monitor_cond. This adds a C IDL version of that test.
Signed-off-by: Terry Wilson <twilson@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
'\+' as a one-or-more match is a GNU extension and it doesn't work
in BSD sed. This makes the python vlog test to fail on FreeBSD 14
that recently got python 3.11 in CirrusCI:
| --- - 2024-06-03 10:42:26.363566000 +0000
| +++ /tmp/cirrus-ci-build/tests/testsuite.dir/at-groups/2541/stdout
| @@ -7,31 +7,37 @@
| Traceback (most recent call last):
| File <name>, line <number>, in main
| assert fail
| + ^^^^
Remove the '\+' match to make the line removal work. It doesn't do
much for us as we would remove the same lines either way.
This change makes CirrusCI green again.
Fixes: 9185793e7543 ("tests: Fix compatibility issue with Python 3.13 in vlog.at.")
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
This patch fixes an uninitialized gso_type case in
netdev_linux_prepend_vnet_hdr() by returning an error.
Fixes: 3337e6d91c5b ("userspace: Enable L4 checksum offloading by default.")
Acked-by: Ilya Maximets <i.maximets@ovn.org>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Coverity was flagged that the uninitialized output variable was used
in the ctl_context_init_command() function. This patch initializes
the variable.
In addition it also destroys the ds string in ctl_context_done()
in case it's not cleared properly.
Fixes: 07ff77ccb82a ("db-ctl-base: Make common database command code into library.")
Acked-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Fix the warning from Coverity about potential truncation of the
time_t value when copying to a local variable by changing the
local variable's type to time_t.
Fixes: ccc24fc88d59 ("ofproto-dpif: APIs and CLI option to add/delete static fdb entry.")
Acked-by: Mike Pattrick <mkp@redhat.com>
Acked-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Changed sFlowRcvrTimeout to a uint32_t to avoid time_t warnings
reported by Coverity. A uint32_t is more than large enough as
this is a (seconds) tick counter and OVS is not even using this.
Fixes: c72e245a0e2c ("Add InMon's sFlow Agent library to the build system.")
Acked-by: Ilya Maximets <i.maximets@ovn.org>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
The sFlow library uses a uint32_t to configure timeout ticks, but
stores this value as a time_t. Although this doesn't cause functional
issues, it wastes space and confuses Coverity, potentially indicating
a Y2K38 problem when storing uint32_t values in time_t. This patch
updates the internal data structures to use uint32_t variables.
Fixes: c72e245a0e2c ("Add InMon's sFlow Agent library to the build system.")
Acked-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Coverity has flagged the use of a potentially unsafe function.
Although this is not a concern in this case since it's not used for
encryption, we should replace it with the OVS implementation to
achieve better randomness.
Fixes: c72e245a0e2c ("Add InMon's sFlow Agent library to the build system.")
Acked-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Fix unintentional integer overflow reported by Coverity by adding
the LL suffix to the numerical literals used in the multiplication.
Fixes: 5767a79a4059 ("cfm: Require ccm received in demand mode.")
Acked-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Fix unintentional integer overflow reported by Coverity by adding
the ULL suffix to the numerical literals used in the multiplications.
Fixes: ed2300cca0d3 ("netdev-linux: Refactor put police action netlink message")
Acked-by: Mike Pattrick <mkp@redhat.com>
Acked-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Update the CI and docs to use DPDK 23.11.1.
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
The AVX implementation for calculating checksums was not
handling carry-over addition correctly in some cases.
This patch adds an additional shuffle to add 16-bit padding to
the final part of the calculation to handle such cases. This
commit also adds a unit test to check the checksum carry-bits
issue with actions autovalidator enabled.
Reported-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Emma Finn <emma.finn@intel.com>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Clang's static analyzer noted that the output from
netdev_linux_get_speed_locked can be checked even if this function
doesn't set any values.
Now we always set those values to a sane default in all cases.
Fixes: 19cffe30cfda ("netdev-linux: Avoid deadlock in netdev_get_speed.")
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
When retrieving a list of features supported by a network card, return
with an error code if the request completed without an error but the
list contains zero entries.
In practice this should never happen, but it does contribute to a
detection in Clang's static analyzer.
Fixes: 6c59c195266c ("netdev-linux: Use ethtool to detect offload support.")
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Clang's static analyzer will complain about uninitialized value
dns_failure because we weren't setting a value for dns_failure in all
code paths.
Now we initialize this in the error conditions of inet_parse_passive and
inet_parse_active.
Fixes: 08e9e5337383 ("ovsdb: raft: Fix inability to read the database with DNS host names.")
Fixes: 5f219af8b3c7 ("ovsdb-server: Fix handling of DNS name for listener configuration.")
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Clang's static analyzer will complain about an uninitialized value
because we weren't setting a value for ufid_generated in all code paths.
Now we initialize this on declaration. This patch also corrects the
reverse x-mass of variable declaration.
Fixes: bbe2e3928747 ("dpctl: Fix broken flow deletion via ovs-dpctl due to missing ufid.")
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Clang's static analyzer will complain about uninitialized value 'hlen'
because we weren't properly checking the error code from a function that
would have initialized the value.
Instead, add a check for that return code.
Fixes: 03fc1ad78521 ("userspace: Add SRv6 tunnel support.")
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Clang's static analyzer will complain about a null pointer dereference
because dumps can be set to null and then there is a loop where it could
have been written to. This is a false positive, but only because the
netdev dpif type won't change during this loop.
Instead, return early from the netdev_ports_flow_dump_create function if
dumps is NULL.
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
'pkg_resources' module is deprecated and no longer available in newer
versions of python, so pytest tests are skipped:
DeprecationWarning: pkg_resources is deprecated as an API.
See https://setuptools.pypa.io/en/latest/pkg_resources.html
Unfortunately, there is no direct replacement for it and functionality
is scattered between different packages.
Using a new standard library importlib.metadata to find installed
packages and their versions. Using packaging.requirements to parse
lines from the requirements file and compare versions. This covers
all we need.
The 'packaging' is a project used by pip and a dependency for many
other libraries, so should be available for any supported verison of
python. 'importlib' was introduced in python 3.8. Since we support
older versions of python and 'packaging' is not part of the standard
library, checking that import is possible and falling back to
'pkg_resources' if needed. We may remove the fallback when we stop
supporting python below 3.8.
Even though 'packaging' is a common dependency, added to the test
requirements so it will not be missed in CI.
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
If the python script throws an unexpected exception, the HAVE_PYTEST
variable remains undefined. If at the same time dependencies are not
actually present, pytest tests will fail instead of being skipped.
Define the variable to 'no' on unexpected failures to skip the tests
when dependencies cannot be verified.
The issue can be reproduced on systems with python 3.12+ in case the
deprecated 'pkg_resources' module is not available.
Fixes: 445dceb88461 ("python: Introduce unit tests.")
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Segments list in SRv6 header is 16-bit aligned as most of other fields
in packet headers. A little counter-intuitively, compilers are allowed
to make alignment assumptions based on the pointer type passed to
memcpy(), so they can use copy instructions that require 32-bit alignment
in case of struct in6_addr pointer. Reported by UBsan in Clang 18:
lib/netdev-native-tnl.c:985:16: runtime error: store to misaligned
address 0x7fd9e97351ce for type 'struct in6_addr *', which
requires 4 byte alignment
0x7fd9e97351ce: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
0 0xc1de38 in netdev_srv6_build_header lib/netdev-native-tnl.c:985:9
1 0x6e794b in tnl_port_build_header ofproto/tunnel.c:751:11
2 0x6c9c0a in native_tunnel_output ofproto/ofproto-dpif-xlate.c:3887:11
3 0x6c9c0a in compose_output_action__ ofproto/ofproto-dpif-xlate.c:4502:13
4 0x6b6646 in compose_output_action ofproto/ofproto-dpif-xlate.c:4564:5
5 0x6b6646 in xlate_output_action ofproto/ofproto-dpif-xlate.c:5517:13
6 0x68cfee in do_xlate_actions ofproto/ofproto-dpif-xlate.c:7288:13
7 0x67fed0 in xlate_actions ofproto/ofproto-dpif-xlate.c:8314:13
8 0x6468bd in ofproto_trace__ ofproto/ofproto-dpif-trace.c:782:30
9 0x64484a in ofproto_trace ofproto/ofproto-dpif-trace.c:851:5
10 0x647469 in ofproto_unixctl_trace ofproto/ofproto-dpif-trace.c:490:9
11 0xc33771 in process_command lib/unixctl.c:310:13
12 0xc33771 in run_connection lib/unixctl.c:344:17
13 0xc33771 in unixctl_server_run lib/unixctl.c:395:21
14 0x53e6ef in main vswitchd/ovs-vswitchd.c:131:9
15 0x7f61c7 in __libc_start_call_main (/lib64/libc.so.6+0x2a1c7)
16 0x7f628a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2a28a)
17 0x42ca24 in _start (vswitchd/ovs-vswitchd+0x42ca24)
SUMMARY: UndefinedBehaviorSanitizer:
undefined-behavior lib/netdev-native-tnl.c:985:16
Having misaligned pointers is also generally not allowed in C, let
alone accessing memory through them.
Fix that by using an appropriate ovs_16aligned_in6_addr pointer instead.
Fixes: 7381fd440a88 ("odp: Add SRv6 tunnel actions.")
Fixes: 03fc1ad78521 ("userspace: Add SRv6 tunnel support.")
Reviewed-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
The flow_reval_monitor.py script incorrectly reported the reasons for
FDR_PURGE and FDR_TOO_EXPENSIVE, as their descriptions were swapped.
This patch rectifies the order using a dictionary to avoid similar
problems in the future.
In addition this patch also syncs the delete reason output of the
script, with the comments in the code.
Fixes: 86b9e653ef22 ("revalidator: Add a USDT probe during flow deletion with purge reason.")
Acked-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
This patch attempts to fix a large number of ubsan error messages that
take the following form:
lib/netlink-notifier.c:237:13: runtime error: call to function
route_table_change through pointer to incorrect function type
'void (*)(const void *, void *)'
In Clang 17 the undefined behaviour sanitizer check for function
pointers was enabled by default, whereas it was previously disabled
while compiling C code. These warnings are a false positive in the case
of OVS, as our macros already check to make sure the function parameter
is the correct size.
So that check is disabled in the single function that is causing all of
the errors.
Acked-by: Jakob Meng <jmeng@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Packets that are not encapsulated but metadata of the packet contains
an offload flag set, will call dp_packet_inner_l4 to get TCP, UDP, SCTP
header pointers. dp_packet_inner_l4 for such packets would return NULL
as the inner offsets by-default are configured as UINT16_MAX. On
dereferencing such pointers, segfault is observed.
Add assert check for packets with incorrect header or incorrect offload
flag set.
[i.maximets] Note: segfault was caused by a faulty driver, not OVS logic.
Assertion will allow catching such issues earlier and get more
information from the process instead of letting it crash somewhere later.
Signed-off-by: Amit Prakash Shukla <amitprakashs@marvell.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
In function shash_replace_nocopy, argument to free() is the address
of a global variable (argument passed by function table_print_json__),
which is not memory allocated by malloc().
ovsdb-client -f json monitor Open_vSwitch --timestamp
ASan reports:
=================================================================
==1443083==ERROR: AddressSanitizer: attempting free on address
which was not malloc()-ed: 0x000000535980 in thread T0
0 0xfc9eac in __interceptor_free (/usr/lib64/libasan.so.6)
1 0x4826e4 in json_destroy_object lib/json.c:445
2 0x4826e4 in json_destroy__ lib/json.c:403
3 0x4cc4e4 in table_print lib/table.c:633
4 0x410650 in monitor_print_table ovsdb/ovsdb-client.c:1019
5 0x410650 in monitor_print ovsdb/ovsdb-client.c:1040
6 0x4110cc in monitor_print ovsdb/ovsdb-client.c:1030
7 0x4110cc in do_monitor__ ovsdb/ovsdb-client.c:1503
8 0x40743c in main ovsdb/ovsdb-client.c:283
9 0xf50038 (/usr/lib64/libc.so.6+0x2b038)
10 0xf50110 in __libc_start_main (/usr/lib64/libc.so.6)
11 0x40906c in _start (/usr/local/bin/ovsdb-client)
Fixes: cb139fa8b3a1 ("table: New function table_format() for formatting a table as a string.")
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Acked-by: Simon Horman <horms@ovn.org>
Signed-off-by: Pengfei Sun <sunpengfei16@huawei.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
async_append stores log_fd, it should be destructed before log_fd
is closed.
Fixes: 81d6495fd937 ("vlog: Make thread-safe.")
Acked-by: Simon Horman <horms@ovn.org>
Signed-off-by: Peng He <hepeng.0320@bytedance.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
In case packets are concurrently received in both directions, there's
a chance that the ones in the reverse direction get received right
after the connection gets added to the connection tracker but before
some of the connection's fields are fully initialized.
This could cause OVS to access potentially invalid, as the lookup may
end up retrieving the wrong offsets during CONTAINER_OF(), or
uninitialized memory.
This may happen in case of regular NAT or all-zero SNAT.
Fix it by initializing early the connections fields.
Fixes: 1116459b3ba8 ("conntrack: Remove nat_conn introducing key directionality.")
Reported-at: https://issues.redhat.com/browse/FDP-616
Acked-by: Simon Horman <horms@ovn.org>
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Co-authored-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
