lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Nov 2017 23:53:31 +0530 From: Pravin Shelar <pshelar@....org> To: zhangliping <zhanglkk1990@....com> Cc: Pravin Shelar <pshelar@...ira.com>, "David S. Miller" <davem@...emloft.net>, Linux Kernel Network Developers <netdev@...r.kernel.org>, zhangliping <zhangliping02@...du.com> Subject: Re: [PATCH net] openvswitch: fix the incorrect flow action alloc size On Sat, Nov 25, 2017 at 7:32 PM, zhangliping <zhanglkk1990@....com> wrote: > From: zhangliping <zhangliping02@...du.com> > > If we want to add a datapath flow, which has more than 500 vxlan outputs' > action, we will get the following error reports: > openvswitch: netlink: Flow action size 32832 bytes exceeds max > openvswitch: netlink: Flow action size 32832 bytes exceeds max > openvswitch: netlink: Actions may not be safe on all matching packets > ... ... > > It seems that we can simply enlarge the MAX_ACTIONS_BUFSIZE to fix it, but > this is not the root cause. For example, for a vxlan output action, we need > about 60 bytes for the nlattr, but after it is converted to the flow > action, it only occupies 24 bytes. This means that we can still support > more than 1000 vxlan output actions for a single datapath flow under the > the current 32k max limitation. > > So even if the nla_len(attr) is larger than MAX_ACTIONS_BUFSIZE, we > shouldn't report EINVAL and keep it move on, as the judgement can be > done by the reserve_sfa_size. > > Signed-off-by: zhangliping <zhangliping02@...du.com> Thanks for the patch. Acked-by: Pravin B Shelar <pshelar@....org>
Powered by blists - more mailing lists