[SRU] [X/B/C/D] [PATCH v2 0/1] openvswitch: fix kernel buffer overflow

Andrea Righi andrea.righi at canonical.com
Fri Apr 5 07:31:52 UTC 2019

Buglink: https://bugs.launchpad.net/bugs/1813244


 * Flow action buffer can be incorrectly resized to contain the newly added
   action entries: the buffer is always resized multiplying the previous size
   by 2, but this might be not enough if the requested size is bigger than
   previous_size*2, causing a buffer overflow

 * The fix correctly resizes the buffer to prevent the buffer overflow
   and potential memory corruptions

 * This bug can be triggered potentially on any architecture, but it is very
   likely to happen on i386 running the following test case

[Test Case]

 * run this openvswitch test case:


 * Instead of resizing the buffer by a factor of 2, use
   max(current_size * 2, current_size + requested_size)

[Regression Potential]

 * Fix has been tested on the affected platform and verified using slub_debug.
   It is an upstream fix and also a very small patch (one-liner basically), so
   backport changes are minimal.

Changes in v2:
 - fix has been merged upstream (add reference to the proper sha1)

Andrea Righi (1):
 openvswitch: fix flow actions reallocation

 net/openvswitch/flow_netlink.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

More information about the kernel-team mailing list