mir/openvswitch
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-10-15 14:17:18 +00:00
Code Issues Releases Wiki Activity

dpif: Use separate OVS_PACKET_ATTR_PROBE for packet messges

Browse Source 
User space is currently sending a OVS_FLOW_ATTR_PROBE for both flow
and packet messages. This leads to an out-of-bounds access in
ovs_packet_cmd_execute() because OVS_FLOW_ATTR_PROBE >
OVS_PACKET_ATTR_MAX.

Introduce a new OVS_PACKET_ATTR_PROBE with the same numeric value
as OVS_FLOW_ATTR_PROBE to grow the range of accepted packet attributes
while maintaining binary compatibility with existing OVS binaries.

Fixes: 9233ce ("datapath: Add support for OVS_FLOW_ATTR_PROBE.")
Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Thomas Graf <tgraf@noironetworks.com>
Acked-by: Jesse Gross <jesse@nicira.com>
This commit is contained in:
Thomas Graf
2015-01-15 00:17:31 +01:00
parent afc3987b51
commit 2e460098bf
4 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
AUTHORS
View File

@@ -301,6 +301,7 @@ Roger Leigh rleigh@codelibre.net
Rogério Vinhal Nunes Rogério Vinhal Nunes
Roman Sokolkov rsokolkov@gmail.com Roman Sokolkov rsokolkov@gmail.com
Ronaldo A. Ferreira ronaldof@CS.Princeton.EDU Ronaldo A. Ferreira ronaldof@CS.Princeton.EDU
Sander Eikelenboom linux@eikelenboom.it
Saul St. John sstjohn@cs.wisc.edu Saul St. John sstjohn@cs.wisc.edu
Scott Hendricks shendricks@nicira.com Scott Hendricks shendricks@nicira.com
Sean Brady sbrady@gtfservices.com Sean Brady sbrady@gtfservices.com

3
datapath/datapath.c
View File

@@ -531,7 +531,7 @@ static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
struct vport *input_vport; struct vport *input_vport;
int len; int len;
int err; int err;
bool log = !a[OVS_FLOW_ATTR_PROBE]; bool log = !a[OVS_PACKET_ATTR_PROBE];
err = -EINVAL; err = -EINVAL;
if (!a[OVS_PACKET_ATTR_PACKET] || !a[OVS_PACKET_ATTR_KEY] || if (!a[OVS_PACKET_ATTR_PACKET] || !a[OVS_PACKET_ATTR_KEY] ||
@@ -618,6 +618,7 @@ static const struct nla_policy packet_policy[OVS_PACKET_ATTR_MAX + 1] = {
[OVS_PACKET_ATTR_PACKET] = { .len = ETH_HLEN }, [OVS_PACKET_ATTR_PACKET] = { .len = ETH_HLEN },
[OVS_PACKET_ATTR_KEY] = { .type = NLA_NESTED }, [OVS_PACKET_ATTR_KEY] = { .type = NLA_NESTED },
[OVS_PACKET_ATTR_ACTIONS] = { .type = NLA_NESTED }, [OVS_PACKET_ATTR_ACTIONS] = { .type = NLA_NESTED },
[OVS_PACKET_ATTR_PROBE] = { .type = NLA_FLAG },
}; };
static struct genl_ops dp_packet_genl_ops[] = { static struct genl_ops dp_packet_genl_ops[] = {

4
datapath/linux/compat/include/linux/openvswitch.h
View File

@@ -197,6 +197,10 @@ enum ovs_packet_attr {
OVS_PACKET_ATTR_USERDATA, /* OVS_ACTION_ATTR_USERSPACE arg. */ OVS_PACKET_ATTR_USERDATA, /* OVS_ACTION_ATTR_USERSPACE arg. */
OVS_PACKET_ATTR_EGRESS_TUN_KEY, /* Nested OVS_TUNNEL_KEY_ATTR_* OVS_PACKET_ATTR_EGRESS_TUN_KEY, /* Nested OVS_TUNNEL_KEY_ATTR_*
attributes. */ attributes. */
OVS_PACKET_ATTR_UNUSED1,
OVS_PACKET_ATTR_UNUSED2,
OVS_PACKET_ATTR_PROBE, /* Packet operation is a feature probe,
error logging should be suppressed. */
__OVS_PACKET_ATTR_MAX __OVS_PACKET_ATTR_MAX
}; };

2
lib/dpif-netlink.c
View File

@@ -1530,7 +1530,7 @@ dpif_netlink_encode_execute(int dp_ifindex, const struct dpif_execute *d_exec,
nl_msg_put_unspec(buf, OVS_PACKET_ATTR_ACTIONS, nl_msg_put_unspec(buf, OVS_PACKET_ATTR_ACTIONS,
d_exec->actions, d_exec->actions_len); d_exec->actions, d_exec->actions_len);
if (d_exec->probe) { if (d_exec->probe) {
nl_msg_put_flag(buf, OVS_FLOW_ATTR_PROBE); nl_msg_put_flag(buf, OVS_PACKET_ATTR_PROBE);
} }
} }