Description of problem: Originally reported upstream at: https://patchwork.ozlabs.org/patch/1243716/ Version-Release number of selected component (if applicable): ovn2.12, ovn2.13 How reproducible: Compile OVN with address sanitizer. Run MLD unit test. Steps to Reproduce: 1. clone ovs & ovn 2. build ovs with address sanitizer 3. build ovn with address sanitizer 4. run ovn MLD unit test: make check TESTSUITEFLAGS="-k mld" 5. check address sanitizer generated file: $ less tests/testsuite.dir/116/asan.* Actual results: Address sanitizer reports buffer overrun. Expected results: There should be no buffer overrun. Additional info:
Fix posted upstream for review by Ben Pfaff: https://patchwork.ozlabs.org/patch/1243716/
reproduced on commit 2c9cdc64590cddc47cc25cd803248c045f868e65: clone repo: git://pkgs.devel.redhat.com/rpms/ovn2.13 reset to commit: git reset 2c9cdc64590cddc47cc25cd803248c045f868e65 --hard rhpkg prep yum install libasan cd ovn-2.13.0/ovs-8ae6a5f98c3ad57d10220596054f6a0c4d6ea358 ./configure CFLAGS="-fsanitize=address" make -j 10 cd .. ./configure CFLAGS="-fsanitize=address" --with-ovs-source=/root/ovn2.13/ovn-2.13.0/ovs-8ae6a5f98c3ad57d10220596054f6a0c4d6ea358/ make -j 10 make check TESTSUITEFLAGS="-k mld" AddressSanitizer in tests/testsuite.dir/116/asan.29550: ==29550==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fc1b5f409b6 at pc 0x000000674d88 2 bp 0x7fc1b5f40680 sp 0x7fc1b5f40670 READ of size 1 at 0x7fc1b5f409b6 thread T1 (ovn_pinctrl0) #0 0x674d81 in packet_rh_present (/root/ovn2.13/ovn-2.13.0/controller/ovn-controller+0x674d81) #1 0x6757c8 in packet_set_ipv6 (/root/ovn2.13/ovn-2.13.0/controller/ovn-controller+0x6757c8) #2 0x43b885 in pinctrl_compose_ipv6 (/root/ovn2.13/ovn-2.13.0/controller/ovn-controller+0x43b885) #3 0x43f908 in ip_mcast_querier_send_mld (/root/ovn2.13/ovn-2.13.0/controller/ovn-controller+0x433 f908) #4 0x4401b2 in ip_mcast_querier_send (/root/ovn2.13/ovn-2.13.0/controller/ovn-controller+0x4401b22 ) #5 0x4402d3 in ip_mcast_querier_run (/root/ovn2.13/ovn-2.13.0/controller/ovn-controller+0x4402d3) #6 0x43424a in pinctrl_handler (/root/ovn2.13/ovn-2.13.0/controller/ovn-controller+0x43424a) #7 0x639b40 in ovsthread_wrapper (/root/ovn2.13/ovn-2.13.0/controller/ovn-controller+0x639b40) #8 0x7fc1b939d2dd in start_thread (/lib64/libpthread.so.0+0x82dd) #9 0x7fc1b8b43132 in __GI___clone (/lib64/libc.so.6+0xfc132) Address 0x7fc1b5f409b6 is located in stack of thread T1 (ovn_pinctrl0) at offset 326 in frame #0 0x43f6e5 in ip_mcast_querier_send_mld (/root/ovn2.13/ovn-2.13.0/controller/ovn-controller+0x433 f6e5) verified on commit 523f20f0752bba1dcee38d895e573ec526eb5bf6: set /bin/sh './tests/testsuite' -C tests AUTOTEST_PATH=/root/ovn2.13/ovn-2.13.0/openvswitch-2.13.0//utilities:/root/ovn2.13/ovn-2.13.0/openvswitch-2.13.0//vswitchd:/root/ovn2.13/ovn-2.13.0/openvswitch-2.13.0//ovsdb:/root/ovn2.13/ovn-2.13.0/openvswitch-2.13.0//vtep:tests:::controller-vtep:northd:utilities:controller:ic; \ "$@" -k mld || (test X'' = Xyes && "$@" --recheck) ## ---------------------- ## ## ovn 2.13.0 test suite. ## ## ---------------------- ## 116: ovn -- MLD snoop/querier/relay ok ## ------------- ## ## Test results. ## ## ------------- ## 1 test was successful. make[2]: Leaving directory '/root/ovn2.13/ovn-2.13.0' make[1]: Leaving directory '/root/ovn2.13/ovn-2.13.0' [root@hp-dl380pg8-12 ovn-2.13.0]# git log -1 commit 523f20f0752bba1dcee38d895e573ec526eb5bf6 (HEAD -> rhel8, origin/fast-datapath-rhel-8) Author: Numan Siddique <nusiddiq> Date: Fri Mar 13 01:08:26 2020 +0530 Rebase to ovn2.13-2.13.0-4.el7fdn Squashed commit of the following: commit 03e2ace701b7412e71face1de2ca3f577b9436a6 Author: Numan Siddique <nusiddiq> Date: Fri Mar 13 01:05:21 2020 +0530 Backport "ovn-northd: Add lflows to by pass the svc monitor packets from conntrack". Resolves: #1813046 Signed-off-by: Numan Siddique <nusiddiq>
Verified on the latest commit: [root@hp-dl380pg8-13 ovn2.13]# git log --oneline -1 . b601c51 (HEAD -> rhel8, origin/fast-datapath-rhel-8) Rebase to ovn2.13-2.13.0-18.el7fdn make tests/atlocal make[2]: Entering directory '/root/ovn2.13/ovn-2.13.0' make[2]: 'tests/atlocal' is up to date. make[2]: Leaving directory '/root/ovn2.13/ovn-2.13.0' make check-local make[2]: Entering directory '/root/ovn2.13/ovn-2.13.0' set /bin/sh './tests/testsuite' -C tests AUTOTEST_PATH=/root/ovn2.13/ovn-2.13.0/openvswitch-2.13.0//utilities:/root/ovn2.13/ovn-2.13.0/openvswitch-2.13.0//vswitchd:/root/ovn2.13/ovn-2.13.0/openvswitch-2.13.0//ovsdb:/root/ovn2.13/ovn-2.13.0/openvswitch-2.13.0//vtep:tests:::controller-vtep:northd:utilities:controller:ic; \ "$@" -k mld || (test X'' = Xyes && "$@" --recheck) ## ---------------------- ## ## ovn 2.13.0 test suite. ## ## ---------------------- ## 116: ovn -- MLD snoop/querier/relay ok ## ------------- ## ## Test results. ## ## ------------- ## 1 test was successful. make[2]: Leaving directory '/root/ovn2.13/ovn-2.13.0' make[1]: Leaving directory '/root/ovn2.13/ovn-2.13.0'
All these bugs have been verified and have shipped in FDP 20.G or earlier.