lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 14 Dec 2022 16:20:21 +0100
From:   Eelco Chaudron <echaudro@...hat.com>
To:     netdev@...r.kernel.org
Cc:     dev@...nvswitch.org, i.maximets@....org, edumazet@...gle.com,
        kuba@...nel.org, pabeni@...hat.com, davem@...emloft.net
Subject: Re: [ovs-dev] [PATCH net] openvswitch: Fix flow lookup to use
 unmasked key



On 14 Dec 2022, at 16:14, Eelco Chaudron wrote:

> The commit mentioned below causes the ovs_flow_tbl_lookup() function
> to be called with the masked key. However, it's supposed to be called
> with the unmasked key.
>
> This change reverses the commit below, but rather than having the key
> on the stack, it's allocated.
>
> Fixes: 190aa3e77880 ("openvswitch: Fix Frame-size larger than 1024 bytes warning.")
>
> Signed-off-by: Eelco Chaudron <echaudro@...hat.com>

Please ignore this version, as I sent out out without doing a stg refresh :(

> ---
>  net/openvswitch/datapath.c |   25 ++++++++++++++++---------
>  1 file changed, 16 insertions(+), 9 deletions(-)
>
> diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
> index 861dfb8daf4a..23b233caa7fd 100644
> --- a/net/openvswitch/datapath.c
> +++ b/net/openvswitch/datapath.c
> @@ -948,6 +948,7 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
>  	struct sw_flow_mask mask;
>  	struct sk_buff *reply;
>  	struct datapath *dp;
> +	struct sw_flow_key *key;
>  	struct sw_flow_actions *acts;
>  	struct sw_flow_match match;
>  	u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
> @@ -975,24 +976,26 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
>  	}
>
>  	/* Extract key. */
> -	ovs_match_init(&match, &new_flow->key, false, &mask);
> +	key = kzalloc(sizeof(*key), GFP_KERNEL);
> +	if (!key) {
> +		error = -ENOMEN;
> +		goto err_kfree_key;
> +	}
> +
> +	ovs_match_init(&match, key, false, &mask);
>  	error = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY],
>  				  a[OVS_FLOW_ATTR_MASK], log);
>  	if (error)
>  		goto err_kfree_flow;
>
> +	ovs_flow_mask_key(&new_flow->key, key, true, &mask);
> +
>  	/* Extract flow identifier. */
>  	error = ovs_nla_get_identifier(&new_flow->id, a[OVS_FLOW_ATTR_UFID],
> -				       &new_flow->key, log);
> +				       key, log);
>  	if (error)
>  		goto err_kfree_flow;
>
> -	/* unmasked key is needed to match when ufid is not used. */
> -	if (ovs_identifier_is_key(&new_flow->id))
> -		match.key = new_flow->id.unmasked_key;
> -
> -	ovs_flow_mask_key(&new_flow->key, &new_flow->key, true, &mask);
> -
>  	/* Validate actions. */
>  	error = ovs_nla_copy_actions(net, a[OVS_FLOW_ATTR_ACTIONS],
>  				     &new_flow->key, &acts, log);
> @@ -1019,7 +1022,7 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
>  	if (ovs_identifier_is_ufid(&new_flow->id))
>  		flow = ovs_flow_tbl_lookup_ufid(&dp->table, &new_flow->id);
>  	if (!flow)
> -		flow = ovs_flow_tbl_lookup(&dp->table, &new_flow->key);
> +		flow = ovs_flow_tbl_lookup(&dp->table, key);
>  	if (likely(!flow)) {
>  		rcu_assign_pointer(new_flow->sf_acts, acts);
>
> @@ -1089,6 +1092,8 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
>
>  	if (reply)
>  		ovs_notify(&dp_flow_genl_family, reply, info);
> +
> +	kfree(key);
>  	return 0;
>
>  err_unlock_ovs:
> @@ -1098,6 +1103,8 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
>  	ovs_nla_free_flow_actions(acts);
>  err_kfree_flow:
>  	ovs_flow_free(new_flow, false);
> +err_kfree_key:
> +	kfree(key);
>  error:
>  	return error;
>  }
>
> _______________________________________________
> dev mailing list
> dev@...nvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Powered by blists - more mailing lists