dpif-netlink: Drop oversized packets instead of assert-failing.

A packet sent to a Netlink datapath has to fit within a Netlink attribute.
Until now, this was only checked in an assertion inside the Netlink code,
which meant that trying to send a too-large packet (approximate 64 kB or
larger) would assert-fail.  It's better to just drop those packets, which
this commit does.

Reported-by: Shuping Cui <scui@redhat.com>
Reported-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

lib/dpif-netlink.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc.
+ * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015 Nicira, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -1534,12 +1534,15 @@ dpif_netlink_encode_execute(int dp_ifindex, const struct dpif_execute *d_exec,
     }
 }
 
-#define MAX_OPS 50
-
-static void
+/* Executes, against 'dpif', up to the first 'n_ops' operations in 'ops'.
+ * Returns the number actually executed (at least 1, if 'n_ops' is
+ * positive). */
+static size_t
 dpif_netlink_operate__(struct dpif_netlink *dpif,
                        struct dpif_op **ops, size_t n_ops)
 {
+    enum { MAX_OPS = 50 };
+
     struct op_auxdata {
         struct nl_transaction txn;
 
@@ -1553,13 +1556,12 @@ dpif_netlink_operate__(struct dpif_netlink *dpif,
     struct nl_transaction *txnsp[MAX_OPS];
     size_t i;
 
-    ovs_assert(n_ops <= MAX_OPS);
+    n_ops = MIN(n_ops, MAX_OPS);
     for (i = 0; i < n_ops; i++) {
         struct op_auxdata *aux = &auxes[i];
         struct dpif_op *op = ops[i];
         struct dpif_flow_put *put;
         struct dpif_flow_del *del;
-        struct dpif_execute *execute;
         struct dpif_flow_get *get;
         struct dpif_netlink_flow flow;
 
@@ -1592,9 +1594,24 @@ dpif_netlink_operate__(struct dpif_netlink *dpif,
             break;
 
         case DPIF_OP_EXECUTE:
-            execute = &op->u.execute;
-            dpif_netlink_encode_execute(dpif->dp_ifindex, execute,
-                                        &aux->request);
+            /* Can't execute a packet that won't fit in a Netlink attribute. */
+            if (OVS_UNLIKELY(nl_attr_oversized(
+                                 ofpbuf_size(op->u.execute.packet)))) {
+                /* Report an error immediately if this is the first operation.
+                 * Otherwise the easiest thing to do is to postpone to the next
+                 * call (when this will be the first operation). */
+                if (i == 0) {
+                    VLOG_ERR_RL(&error_rl,
+                                "dropping oversized %"PRIu32"-byte packet",
+                                ofpbuf_size(op->u.execute.packet));
+                    op->error = ENOBUFS;
+                    return 1;
+                }
+                n_ops = i;
+            } else {
+                dpif_netlink_encode_execute(dpif->dp_ifindex, &op->u.execute,
+                                            &aux->request);
+            }
             break;
 
         case DPIF_OP_FLOW_GET:
@@ -1678,6 +1695,8 @@ dpif_netlink_operate__(struct dpif_netlink *dpif,
         ofpbuf_uninit(&aux->request);
         ofpbuf_uninit(&aux->reply);
     }
+
+    return n_ops;
 }
 
 static void
@@ -1686,8 +1705,7 @@ dpif_netlink_operate(struct dpif *dpif_, struct dpif_op **ops, size_t n_ops)
     struct dpif_netlink *dpif = dpif_netlink_cast(dpif_);
 
     while (n_ops > 0) {
-        size_t chunk = MIN(n_ops, MAX_OPS);
-        dpif_netlink_operate__(dpif, ops, chunk);
+        size_t chunk = dpif_netlink_operate__(dpif, ops, n_ops);
         ops += chunk;
         n_ops -= chunk;
     }