APPLIED: [SRU] [X/B/C/D] [PATCH v2 0/1] openvswitch: fix kernel buffer overflow
Juerg Haefliger
juerg.haefliger at canonical.com
Mon Apr 8 15:27:01 UTC 2019
Applied to Xenial/Bionic/Cosmic master-next.
Thanks!
...Juerg
> Buglink: https://bugs.launchpad.net/bugs/1813244
>
> [Impact]
>
> * Flow action buffer can be incorrectly resized to contain the newly added
> action entries: the buffer is always resized multiplying the previous size
> by 2, but this might be not enough if the requested size is bigger than
> previous_size*2, causing a buffer overflow
>
> * The fix correctly resizes the buffer to prevent the buffer overflow
> and potential memory corruptions
>
> * This bug can be triggered potentially on any architecture, but it is very
> likely to happen on i386 running the following test case
>
> [Test Case]
>
> * run this openvswitch test case:
> https://launchpadlibrarian.net/416589265/lp1262692
>
> [Fix]
>
> * Instead of resizing the buffer by a factor of 2, use
> max(current_size * 2, current_size + requested_size)
>
> [Regression Potential]
>
> * Fix has been tested on the affected platform and verified using slub_debug.
> It is an upstream fix and also a very small patch (one-liner basically), so
> backport changes are minimal.
>
> Changes in v2:
> - fix has been merged upstream (add reference to the proper sha1)
>
> Andrea Righi (1):
> openvswitch: fix flow actions reallocation
>
> net/openvswitch/flow_netlink.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190408/ac771679/attachment.sig>
More information about the kernel-team
mailing list