ACK: [SRU] [Trusty] [PATCH 0/1] openvswitch: fix kernel buffer overflow
Khaled Elmously
khalid.elmously at canonical.com
Mon Apr 15 03:28:16 UTC 2019
On 2019-04-09 12:28:08 , Andrea Righi wrote:
> Buglink: https://bugs.launchpad.net/bugs/1813244
>
> [Impact]
>
> * Flow action buffer can be incorrectly resized to contain the newly added
> action entries: the buffer is always resized multiplying the previous size
> by 2, but this might be not enough if the requested size is bigger than
> previous_size*2, causing a buffer overflow
>
> * The fix correctly resizes the buffer to prevent the buffer overflow
> and potential memory corruptions
>
> * This bug can be triggered potentially on any architecture, but it is very
> likely to happen on i386 running the following test case
>
> [Test Case]
>
> * run this openvswitch test case:
> https://launchpadlibrarian.net/416589265/lp1262692
>
> [Fix]
>
> * Instead of resizing the buffer by a factor of 2, use
> max(current_size * 2, current_size + requested_size)
>
> [Regression Potential]
>
> * Fix has been tested on the affected platform and verified using slub_debug.
> It is an upstream fix and also a very small patch (one-liner basically), so
> backport changes are minimal.
>
> Andrea Righi (1):
> openvswitch: fix flow actions reallocation
>
> net/openvswitch/flow_netlink.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>
Acked-by: Khalid Elmously <khalid.elmously at canonical.com>
More information about the kernel-team
mailing list