| Message ID | 1441935692-6848-4-git-send-email-joestringer@nicira.com |
|---|---|
| State | Accepted |
| Headers | show |
diff --git a/ofproto/ofproto-dpif-ipfix.c b/ofproto/ofproto-dpif-ipfix.c index 48ff827..9ad8fa2 100644 --- a/ofproto/ofproto-dpif-ipfix.c +++ b/ofproto/ofproto-dpif-ipfix.c @@ -1692,6 +1692,10 @@ dpif_ipfix_bridge_sample(struct dpif_ipfix *di, const struct dp_packet *packet, struct dpif_ipfix_port * tunnel_port = NULL; ovs_mutex_lock(&mutex); + if (!bridge_exporter_enabled(di)) { + ovs_mutex_unlock(&mutex); + return; + } /* Use the sampling probability as an approximation of the number * of matched packets. */ packet_delta_count = UINT32_MAX / di->bridge_exporter.probability;
A divide-by-zero exception like the below could occur when IPFIX configuration is cleared while handling sampled packets from the datapath. While it's not valid to configure the sampling probability of IPFIX to zero via explicitly setting it in OVSDB, it is possible to clear the configuration, which results in a probability of zero. In this case, there is a window during which it is possible for upcalls to find the cleared IPFIX object and attempt to perform sampling using it. Fix the issue by ensuring that the probability is nonzero before using it. "Program terminated with signal SIGFPE, Arithmetic exception." dpif_ipfix_bridge_sample (...) at ../ofproto/ofproto-dpif-ipfix.c:1701 process_upcall (...) at ../ofproto/ofproto-dpif-upcall.c:1145 recv_upcalls (...) at ../ofproto/ofproto-dpif-upcall.c:705 udpif_upcall_handler (...) at ../ofproto/ofproto-dpif-upcall.c:631 ovsthread_wrapper (...) at ../lib/ovs-thread.c:340 start_thread (...) at pthread_create.c:312 clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Signed-off-by: Joe Stringer <joestringer@nicira.com> --- Given that there's a couple of other places in the IPFIX code that check the probability before using it, I'm assuming this isn't an invariant and this is a reasonable place to fix the bug. I haven't looked into whether this kind of bug may affect other sampling implementations in OVS. --- ofproto/ofproto-dpif-ipfix.c | 4 ++++ 1 file changed, 4 insertions(+)