Juniper Openstack

vrouter:mpls table overflow and nexthop reference issues

Bug #1446550 reported by Anand H. Krishnan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R1.1
Fix Committed
Critical
Anand H. Krishnan
R2.0
Fix Committed
Critical
Anand H. Krishnan
Juniper Openstack r2.02
R2.1
Fix Committed
Critical
Anand H. Krishnan
Juniper Openstack r2.11 "r2.11"
R2.20
Fix Committed
Critical
Anand H. Krishnan
Juniper Openstack r2.20-fcs
Trunk
Fix Committed
Critical
Anand H. Krishnan
Juniper Openstack r3.0-fcs

Bug Description

Boundary checks allow for one extra label than the maximum, causing memory corruption. Also, when a label is changed, reference to old nexthop is not released. Both needs to be addressed.

Tags: vrouter
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : R1.10

Review in progress for https://review.opencontrail.org/9335
Submitter: Anand H. Krishnan (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/9335
Committed: http://github.org/Juniper/contrail-vrouter/commit/f004b0c4d11a0f364b600b492a06accbd54d0fb2
Submitter: Zuul
Branch: R1.10

commit f004b0c4d11a0f364b600b492a06accbd54d0fb2
Author: Anand H. Krishnan <email address hidden>
Date: Tue Apr 21 17:31:30 2015 +0530

Fix improper boundary checks and reference count leaks

Boundary checks allow for one extra label than the maximum, causing
memory corruption. Also, when a label is changed, reference to old
nexthop has to be released. Two harmless boundary checks in nexthop
subysystem is also addressed.

Change-Id: I7c7e8cd39797d8d203cac8087d5e31cf02438452
Closes-BUG: #1446550

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : R2.0

Review in progress for https://review.opencontrail.org/9440
Submitter: Anand H. Krishnan (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : R2.1

Review in progress for https://review.opencontrail.org/9441
Submitter: Anand H. Krishnan (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/9440
Committed: http://github.org/Juniper/contrail-vrouter/commit/e937aa9b4cace0eac361439403af5fa01355bfe2
Submitter: Zuul
Branch: R2.0

commit e937aa9b4cace0eac361439403af5fa01355bfe2
Author: Anand H. Krishnan <email address hidden>
Date: Mon Apr 20 12:41:11 2015 +0530

Free the defer data in case of errors

To make sure that we flush all the packets that are queued in a flow
entry, we run a defer function. If for any reason this defer was not
scheduled (because the function was called with no hold queue), the
defer data has to be freed.

Closes-BUG: #1436798
(cherry picked from commit 8c30ce9a3e254d45dc4de595cc066f2da21c18d6)

Fix improper boundary checks and reference count leaks

Boundary checks allow for one extra label than the maximum, causing
memory corruption. Also, when a label is changed, reference to old
nexthop has to be released. Two harmless boundary checks in nexthop
subysystem is also addressed.

Closes-BUG: #1446550
Change-Id: I9289265b8a843160fdfe6fffc3e52c131d9b2a4a

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/9441
Committed: http://github.org/Juniper/contrail-vrouter/commit/bec0c7944567d270c722a5285e06cde41ddfb824
Submitter: Zuul
Branch: R2.1

commit bec0c7944567d270c722a5285e06cde41ddfb824
Author: Anand H. Krishnan <email address hidden>
Date: Tue Apr 21 17:31:30 2015 +0530

Fix improper boundary checks and reference count leaks

Boundary checks allow for one extra label than the maximum, causing
memory corruption. Also, when a label is changed, reference to old
nexthop has to be released. Two harmless boundary checks in nexthop
subysystem is also addressed.

Change-Id: I7c7e8cd39797d8d203cac8087d5e31cf02438452
Closes-BUG: #1446550

Ashish Ranjan (aranjan-n)
information type: Proprietary → Public
Revision history for this message
Anand H. Krishnan (anandhk) wrote :

For 2.20/2.30/mainline, the fixes have gone in as part of

https://bugs.launchpad.net/juniperopenstack/+bug/1446170

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.