All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

  1. 10 Mar, 2016 3 commits
  2. 08 Mar, 2016 1 commit
  3. 07 Mar, 2016 1 commit
    • William Tu's avatar
      ofp-util: Fix use-after-free in group append. · 23fba242
      William Tu authored
      Upstream commit ef5774e3.
      It is possible for ofpbuf_put() to realloc a newly allocated address,
      casuing the previously referenced pointer, ogds, points to old/free'd
      address. The issue is generated by forcing ofpbuf_put() to use newly
      allocated buffer and valgrind reports invalid write. The similiar syndrome
      is reported at:
      Invalid write of size 2
          ofputil_append_ofp15_group_desc_reply (ofp-util.c:8367)
          ofputil_append_group_desc_reply (ofp-util.c:8392)
          append_group_desc (ofproto.c:6262)
          handle_group_request (ofproto.c:6230)
          handle_group_desc_stats_request (ofproto.c:6269)
          handle_openflow__ (ofproto.c:7337)
          handle_openflow (ofproto.c:7403)
          ofconn_run (connmgr.c:1379)
          connmgr_run (connmgr.c:323)
          ofproto_run (ofproto.c:1762)
          bridge_run__ (bridge.c:2885)
          bridge_run (bridge.c:2940)
          main (ovs-vswitchd.c:120)
      Address 0x7cb1020 is 144 bytes inside a block of size 1,144 free'd
          free (vg_replace_malloc.c:530)
          ofpbuf_resize__ (ofpbuf.c:246)
          ofpbuf_put (ofpbuf.c:386)
          nx_put_header__ (nx-match.c:1241)
          nxm_put__ (nx-match.c:697)
          oxm_put_field_array (nx-match.c:1226)
          ofputil_put_group_prop_ntr_selection_method (ofp-util.c:8305)
          ofputil_append_ofp15_group_desc_reply (ofp-util.c:8364)
          ofputil_append_group_desc_reply (ofp-util.c:8392)
          append_group_desc (ofproto.c:6262)
      Signed-off-by: default avatarWilliam Tu <>
      Signed-off-by: default avatarJoe Stringer <>
  4. 03 Mar, 2016 2 commits
    • Joe Stringer's avatar
      ofp-actions: Prevent integer overflow in decode. · 1fce5274
      Joe Stringer authored
      Upstream commit 5308056f.
      When decoding a variable-length action, if the length of the action
      exceeds the length storable in a uint16_t then something has gone
      terribly wrong. Assert that this is not the case.
      Signed-off-by: default avatarJoe Stringer <>
      Acked-by: default avatarJarno Rajahalme <>
    • Joe Stringer's avatar
      ofp-actions: Fix use-after-free in bundle action. · 0bdf8e23
      Joe Stringer authored
      Upstream commit 19b58f3c.
      If the actions list in an incoming flow mod is long enough, and there is
      a bundle() action with 3 or more slaves, then it is possible for a
      reallocation to occur after placing the ofpact_bundle into the ofpacts
      buffer, while slave ports into the buffer. If the memory freed by this
      reallocation is then passed to another thread, then that thread may
      modify the value that bundle->n_slaves points to. If this occurs quickly
      enough before the main thread finishes copying all of the slaves, then
      the iteration may continue beyond the originally intended number of
      slaves, copying (and swapping) an undetermined number of 2-byte chunks
      from the openflow message. Finally, the length of the ofpact will be
      updated based on how much data was written to the buffer, which may be
      significantly longer than intended.
      In many cases, the freed memory may not be allocated to another thread
      and be left untouched. In some milder bug cases, this will lead to
      'bundle' actions using more memory than required. In more serious cases,
      this length may then exceed the maximum length of an OpenFlow action,
      which is then stored (truncated) into the 16-bit length field in the
      ofpact header. Later execution of ofpacts_verify() would then use this
      length to iterate through the ofpacts, and may dereference memory in
      unintended ways, causing crashes or infinite loops by attempting to
      parse/validate arbitrary data as ofpact objects.
      Fix the issue by updating 'bundle' within the iteration, immediately
      after (potentially) expanding the bundle.
      Thanks to Jarno Rajahalme for his keen pair of eyes on finding this
      VMWare-BZ: #1614715
      Fixes: f25d0cf3 ("Introduce ofpacts, an abstraction of OpenFlow actions.")
      Signed-off-by: default avatarJoe Stringer <>
      Acked-by: default avatarJarno Rajahalme <>
  5. 16 Feb, 2016 2 commits
  6. 05 Feb, 2016 4 commits
  7. 03 Feb, 2016 2 commits
    • Daniele Di Proietto's avatar
      bridge: Do not add bridges with '/' in name. · 3661c068
      Daniele Di Proietto authored
      This effectively stops vswitchd from creating bridges with '/' in the
      name. OVS used to print a warning but the bridge was created anyway.
      This restriction is implemented because the bridge name is part of a
      filesystem path.
      This check is no substitute for Mandatory Access Control, but it
      certainly helps to catch the error early.
      Signed-off-by: default avatarDaniele Di Proietto <>
      [ added a test]
      Acked-by: default avatarBen Pfaff <>
    • Ben Pfaff's avatar
      ofproto: Detect and handle errors in ofproto_port_add(). · 4034cac0
      Ben Pfaff authored
      The update_port() function called in ofproto_port_add() can encounter
      errors that prevent a port from being added, but nothing was checking for
      the error and in fact update_port() didn't even pass the error along to
      its caller.  This commit fixes the problem.
      The scenario that led me to examine this code can be triggered as follows
      from the sandbox, as long as you change --enable-dummy=override to
      --enable-dummy=system in ovs-sandbox:
      ovs-vsctl add-br br0
      ovs-vsctl add-port br0 tun0 \
          -- set interface tun0 type=stt options:remote_ip=
      ovs-vsctl add-port br0 tun1 \
          -- set interface tun1 type=stt options:remote_ip=
      The second add-port will fail due to the duplicate tunnel options, but
      ofproto_port_add() will not return the error.  Instead, it will report to
      the caller that it succeeded and tell it that it has ofp_port OFPP_NONE
      (65535), which is invalid and it obviously does not.  The result is that
      you get bizarre log messages like this:
          tunnel|WARN|tun1: attempting to add tunnel port with same config as port 'tun0' (::->, key=0, dp port=7471, pkt mark=0)
          ofproto|WARN|br0: could not add port tun1 (File exists)
          bridge|INFO|bridge br0: added interface tun1 on port 65535
          ofproto|WARN|br0: cannot configure bfd on nonexistent port 65535
          ofproto|WARN|br0: cannot configure LLDP on nonexistent port 65535
          ofproto|WARN|br0: cannot get STP status on nonexistent port 65535
          ofproto|WARN|br0: cannot get RSTP status on nonexistent port 65535
          ofproto|WARN|br0: cannot get STP stats on nonexistent port 65535
          ofproto|WARN|br0: cannot get STP stats on nonexistent port 65535
      VMware-BZ: #1598643
      Signed-off-by: default avatarBen Pfaff <>
      Acked-by: default avatarJustin Pettit <>
  8. 01 Feb, 2016 1 commit
  9. 28 Jan, 2016 1 commit
  10. 27 Jan, 2016 1 commit
  11. 25 Jan, 2016 1 commit
    • Ben Pfaff's avatar
      ofproto-dpif-xlate: Fix recirculation for resubmit to current table. · 9cd7938f
      Ben Pfaff authored
      When recirculation defers actions for processing later, it decides
      based on the actions being saved whether it needs to record the table
      and cookie from which they originated.  Until now, it was thought that
      this was only important for actions that send packets to the controller
      (because those actions send the table ID and cookie).  This overlooked
      a special case of the "resubmit" action which also depends on the
      current table ID, which meant that this special case malfunctioned if
      it came after recirculation.  This commit fixes the problem.
      This is a backport of a fix orginally committed on master.  That fix
      was able to add a test, but branch-2.4 lacks the "debug_recirc" feature
      needed for the test.
      Found while testing another feature under development.
      Signed-off-by: default avatarBen Pfaff <>
      Acked-by: default avatarJarno Rajahalme <>
  12. 19 Jan, 2016 1 commit
    • Ben Pfaff's avatar
      ofproto: Fix memory leak and memory exhaustion bugs in group_mod. · a7a43b43
      Ben Pfaff authored
      In handle_group_mod() cases where adding a group failed, nothing freed the
      list of buckets, causing a leak.  The same was true in every case of
      modifying a group.  This commit fixes the problem by changing add_group()
      to never steal or free the buckets (modify_group() already acted this way)
      and then making handle_group_mod() always free the buckets when it's done.
      This approach might at first raise objections, because it makes add_group()
      copy the buckets instead of just take the existing ones.  On branch-2.5
      and master, there's a good reason for that--please see the original commit
      for explanation.  On this backport to branch-2.4, though, we just use this
      approach to avoid having to carefully write a new version for the backport.
      Found by pain and suffering.
      Signed-off-by: default avatarBen Pfaff <>
      Acked-by: default avatarJarno Rajahalme <>
  13. 11 Jan, 2016 2 commits
  14. 06 Jan, 2016 1 commit
  15. 04 Jan, 2016 4 commits
  16. 23 Dec, 2015 1 commit
  17. 22 Dec, 2015 2 commits
  18. 21 Dec, 2015 2 commits
  19. 11 Dec, 2015 4 commits
    • Daniele Di Proietto's avatar
      odp-util: Correctly [de]serialize mask for ND attributes. · 442baef5
      Daniele Di Proietto authored
      When converting between ODP attributes and struct flow_wildcards, we
      check that all the prerequisites are exact matched on the mask.
      For ND(ICMPv6) attributes, an exact match on tp_src and tp_dst
      (which in this context are the icmp type and code) shold look like
      htons(0xff), not htons(0xffff).  Fix this in two places.
      The consequences were that the ODP mask wouldn't include the ND
      attributes and the flow would be deleted by the revalidation.
      Signed-off-by: default avatarDaniele Di Proietto <>
      Acked-by: default avatarJarno Rajahalme <>
    • Daniele Di Proietto's avatar
      odp-util: Return exact mask if netlink mask attribute is missing. · f5d5eae4
      Daniele Di Proietto authored
      In the ODP context an empty mask netlink attribute usually means that
      the flow should be an exact match.
      odp_flow_key_to_mask() instead returns a struct flow_wildcards
      with matches only on recirc_id and vlan_tci.
      A more appropriate behavior is to handle a missing (zero length) netlink
      mask specially (like we do in userspace and Linux datapath) and create
      an exact match flow_wildcards from the original flow.
      This fixes a bug in revalidate_ukey(): every flow created with
      megaflows disabled would be revalidated away, because the mask would
      seem too generic. (Another possible fix would be to handle the special
      case of a missing mask in revalidate_ukey(), but this seems a more
      generic solution).
      Signed-off-by: default avatarDaniele Di Proietto <>
      Acked-by: default avatarJarno Rajahalme <>
    • Daniele Di Proietto's avatar
      tnl-ports: Generate mask with correct prerequisites. · ed24b01f
      Daniele Di Proietto authored
      We should match on the transport ports only if the tunnel has a UDP
      header.  It doesn't make sense to match on transport port for GRE
      Also, to match on fragment bits we should use FLOW_NW_FRAG_MASK instead
      of 0xFF.  FLOW_NW_FRAG_MASK is what we get if we convert to the ODP
      netlink format and back.
      Adding the correct masks in the tunnel router classifier helps in making
      sure that the translation generates masks that respect prerequisites.
      If the mask has some fields that do not respect prerequisites, the flow
      will get deleted by revalidation, because translating to ODP format and
      back will generate a more generic mask, which will be perceived as too
      generic (compared with the one generated by the translation).
      Signed-off-by: default avatarDaniele Di Proietto <>
      Acked-by: default avatarJarno Rajahalme <>
    • Daniele Di Proietto's avatar
      ofproto-dpif-xlate: Fix revalidation in execute_controller_action(). · ce4b834e
      Daniele Di Proietto authored
      If there's no actual packet (e.g. during revalidation),
      execute_controller_action() exits right away, without calling
      commit_odp_actions() might have an influence on slow_path reason
      (which is included in the generated ODP actions), meaning that the
      revalidation will not generate the same actions than the original
      Fix the problem by making execute_controller_action() call
      commit_odp_actions() even without a packet.
      Signed-off-by: default avatarDaniele Di Proietto <>
      Acked-by: default avatarJarno Rajahalme <>
  20. 08 Dec, 2015 1 commit
  21. 07 Dec, 2015 1 commit
  22. 04 Dec, 2015 1 commit
  23. 02 Dec, 2015 1 commit
    • Gurucharan Shetty's avatar
      debian: Skip systemctl redirect. · 98b2943e
      Gurucharan Shetty authored
      After some experimentation on Ubuntu15.04, I see the
      following behavior.
      1. If you install openvswitch-switch with 'apt-get install',
      then you automatically get a upstart and systemd config files
      for openvswitch. The integration with 'interfaces' fails
      because both the upstart and systemd jobs do not have logic
      to handle it.
      The above behavior will likely get fixed soon in upstream
      2. If you install openvswitch-switch via the packages
      created from the openvswitch repo, there is no systemd or
      upstart conf files installed. But systemd notices this
      and creates a runtime openvswitch conf file which does
      nothing but call back the sysv startup script.
      In the above case when you call
      "/etc/init.d/openvswitch-switch start", it inturn calls
      "/bin/systemctl start openvswitch-switch.service" and
      that inturn again calls "/etc/init.d/openvswitch-switch start".
      But the above for some reason simply hangs. It looks like a call
      to ifup when invoked in this manner does not return.
      I am not sure why this is happening.
      We can avoid the above behavior completely by skipping the
      systemctl redirect as done in this commit. This should fix
      both 1. and 2. above.
      Signed-off-by: default avatarGurucharan Shetty <>
      Acked-by: default avatarBen Pfaff <>