| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Nov 2017 18:40:06 -0500 (EST) From: David Miller <davem@...emloft.net> To: zhanglkk1990@....com Cc: pshelar@...ira.com, netdev@...r.kernel.org, zhangliping02@...du.com Subject: Re: [PATCH net] openvswitch: fix the incorrect flow action alloc size From: zhangliping <zhanglkk1990@....com> Date: Sat, 25 Nov 2017 22:02:12 +0800 > From: zhangliping <zhangliping02@...du.com> > > If we want to add a datapath flow, which has more than 500 vxlan outputs' > action, we will get the following error reports: > openvswitch: netlink: Flow action size 32832 bytes exceeds max > openvswitch: netlink: Flow action size 32832 bytes exceeds max > openvswitch: netlink: Actions may not be safe on all matching packets > ... ... > > It seems that we can simply enlarge the MAX_ACTIONS_BUFSIZE to fix it, but > this is not the root cause. For example, for a vxlan output action, we need > about 60 bytes for the nlattr, but after it is converted to the flow > action, it only occupies 24 bytes. This means that we can still support > more than 1000 vxlan output actions for a single datapath flow under the > the current 32k max limitation. > > So even if the nla_len(attr) is larger than MAX_ACTIONS_BUFSIZE, we > shouldn't report EINVAL and keep it move on, as the judgement can be > done by the reserve_sfa_size. > > Signed-off-by: zhangliping <zhangliping02@...du.com> Applied, thanks.
Powered by blists - more mailing lists