APPLIED[D]: [SRU] [X/B/C/D] [PATCH v2 0/1] openvswitch: fix kernel buffer overflow
Seth Forshee
seth.forshee at canonical.com
Mon Apr 8 12:08:02 UTC 2019
On Fri, Apr 05, 2019 at 09:31:52AM +0200, Andrea Righi wrote:
> Buglink: https://bugs.launchpad.net/bugs/1813244
>
> [Impact]
>
> * Flow action buffer can be incorrectly resized to contain the newly added
> action entries: the buffer is always resized multiplying the previous size
> by 2, but this might be not enough if the requested size is bigger than
> previous_size*2, causing a buffer overflow
>
> * The fix correctly resizes the buffer to prevent the buffer overflow
> and potential memory corruptions
>
> * This bug can be triggered potentially on any architecture, but it is very
> likely to happen on i386 running the following test case
>
> [Test Case]
>
> * run this openvswitch test case:
> https://launchpadlibrarian.net/416589265/lp1262692
>
> [Fix]
>
> * Instead of resizing the buffer by a factor of 2, use
> max(current_size * 2, current_size + requested_size)
>
> [Regression Potential]
>
> * Fix has been tested on the affected platform and verified using slub_debug.
> It is an upstream fix and also a very small patch (one-liner basically), so
> backport changes are minimal.
>
> Changes in v2:
> - fix has been merged upstream (add reference to the proper sha1)
Applied to disco/master-next, thanks!
More information about the kernel-team
mailing list