From patchwork Mon Sep 23 23:44:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Darrell Ball X-Patchwork-Id: 1166249 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="H5EcRcfb"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46cgsq0NKSz9s4Y for ; Tue, 24 Sep 2019 09:45:02 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id D614ED4B; Mon, 23 Sep 2019 23:44:59 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 3B2FCCCE for ; Mon, 23 Sep 2019 23:44:58 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f194.google.com (mail-pf1-f194.google.com [209.85.210.194]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E96F3844 for ; Mon, 23 Sep 2019 23:44:57 +0000 (UTC) Received: by mail-pf1-f194.google.com with SMTP id q7so10230333pfh.8 for ; Mon, 23 Sep 2019 16:44:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=7V1lcSXOjZJsPds+dljzWqplCspa/nSyIc+f0SYpQdU=; b=H5EcRcfbiyG7EzmqX+FjnrRMfnNk9XK/SKAnLsufjMNewYxRMOrEnbNFyo1PviSNOQ 6krur4qVNmN5oyuUg2u97WfUw5ebrDZqBjssl1rPOICM3zCnEDU5Az9MCE1jK0mc8Bhs WRsOSnM5Op6Z6ea+T0+dXrk4Q2hYAzncM5Y+XLLH+Ug9WuhViUP9+DlzwUYwhSQp9I+L cyeJpZlCYERvNLO9FBQKGiqjcQvpcG8D/2xO8MMLMWCWzR6SG/QXe/bnexT00d/R+j96 82kO7hnkEPWnK7fZVLmt46GBzqUqUS2abULLVf9xoWfwhEpbSLrOoCaahXdByQDQY4Sl FZgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=7V1lcSXOjZJsPds+dljzWqplCspa/nSyIc+f0SYpQdU=; b=s5JlNL5ff6m0TnE0ZjzJ0AUzS4GjPhW82P5UAKzNfPWZFYeAaD9nuQUCkEstVLw1q+ pfuZyvaSZICgQ/E9Lh4VZWsFcSNr6m+EFLh+CGv1EBr7VpsaKkWZ9YnvdCGAcFRrz6hs 2OUEHE9aLZL/3xzJ2WRbHO6fLOuf9eXmm5MS0Wdc+sKhpyOzVPThxRws1xyC9GLVpc1j lzNtK0YP1HUauC5UFmN4zpuBjFTesjzfGtitMgY7xAvxzHoSFhUq5XOmVeImfMxPvNzu 31mDrW3xaCH9aaA/TfDMHOG6eO35HvmXfmHnYDf6CCWxxqrtNJhaTpYSWxP1fzvXCVCR KAlQ== X-Gm-Message-State: APjAAAVVdlFCF9OLFVlP7tOk6UNnEKMXdHBIzk9oCiupXHp2j8dyg7jB XdHmtZFwnpzYRhQI2uhh7+M= X-Google-Smtp-Source: APXvYqyGt6SyXFnZDy9gCDGuj/vwvHE4CiG/lUCQRGUCoWUYDihRc6IPzbPvOSJenQ7pHGizemBuyA== X-Received: by 2002:a17:90a:ca05:: with SMTP id x5mr2136910pjt.66.1569282297510; Mon, 23 Sep 2019 16:44:57 -0700 (PDT) Received: from ubuntu.localdomain ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id m24sm9843387pgj.71.2019.09.23.16.44.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 23 Sep 2019 16:44:56 -0700 (PDT) From: Darrell Ball To: dlu998@gmail.com, dev@openvswitch.org Date: Mon, 23 Sep 2019 16:44:33 -0700 Message-Id: <1569282273-15175-1-git-send-email-dlu998@gmail.com> X-Mailer: git-send-email 1.9.1 X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [patch v1] conntrack: Fix 'check_orig_tuple()' Valgrind false positive. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Valgrind reported that 'pkt->md.ct_orig_tuple.ipv4.ipv4_proto' is uninitialized in 'check_orig_tuple()', if 'ct_state' is zero. Although this is true, the check is superceded, as even if it succeeds the check for natted packets based on 'ct_state' is an ORed condition and is intended to catch this case. The check is '!(pkt->md.ct_state & (CS_SRC_NAT | CS_DST_NAT))' which filters out all packets excepted natted ones. Move this check up to prevent the Valgrind complaint, which also helps performance and also remove recenlty added redundant check adding extra cycles. Fixes: f44733c527da ("conntrack: Validate accessing of conntrack data in pkt_metadata.") CC: Yifeng Sun Signed-off-by: Darrell Ball --- lib/conntrack.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/conntrack.c b/lib/conntrack.c index fd71e6c..b56ef06 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -1005,11 +1005,11 @@ check_orig_tuple(struct conntrack *ct, struct dp_packet *pkt, struct conn **conn, const struct nat_action_info_t *nat_action_info) { - if ((ctx_in->key.dl_type == htons(ETH_TYPE_IP) && + if (!(pkt->md.ct_state & (CS_SRC_NAT | CS_DST_NAT)) || + (ctx_in->key.dl_type == htons(ETH_TYPE_IP) && !pkt->md.ct_orig_tuple.ipv4.ipv4_proto) || (ctx_in->key.dl_type == htons(ETH_TYPE_IPV6) && !pkt->md.ct_orig_tuple.ipv6.ipv6_proto) || - !(pkt->md.ct_state & (CS_SRC_NAT | CS_DST_NAT)) || nat_action_info) { return false; } @@ -1142,8 +1142,7 @@ process_one(struct conntrack *ct, struct dp_packet *pkt, handle_nat(pkt, conn, zone, ctx->reply, ctx->icmp_related); } - } else if (pkt->md.ct_state - && check_orig_tuple(ct, pkt, ctx, now, &conn, nat_action_info)) { + } else if (check_orig_tuple(ct, pkt, ctx, now, &conn, nat_action_info)) { create_new_conn = conn_update_state(ct, pkt, ctx, conn, now); } else { if (ctx->icmp_related) {