[SRU] [X/B/C/D] [PATCH 0/1] openvswitch: fix kernel buffer overflow
Andrea Righi
andrea.righi at canonical.com
Mon Apr 1 14:36:39 UTC 2019
Buglink: https://bugs.launchpad.net/bugs/1813244
[Impact]
* Flow action buffer can be incorrectly resized to contain the newly added
action entries: the buffer is always resized multiplying the previous size
by 2, but this might be not enough if the requested size is bigger than
previous_size*2, causing a buffer overflow
* The fix correctly resizes the buffer to prevent the buffer overflow
* This bug can be triggered potentially on any architecture, but it is very
likely to happen on i386 running the following test case
[Test Case]
* run this openvswitch test case:
https://launchpadlibrarian.net/416589265/lp1262692
[Fix]
* Instead of resizing the buffer by a factor of 2, use
max(current_size * 2, current_size + requested_size)
[Regression Potential]
* Fix has been tested on the affected platform and verified using slub_debug.
The patch has been queued up for -stable by David Miller, it will be
included upstream for the next merge window. It is also a very small patch
(one-liner basically), so backport changes are minimal.
Andrea Righi (1):
UBUNTU: SAUCE: openvswitch: fix flow actions reallocation
net/openvswitch/flow_netlink.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
More information about the kernel-team
mailing list