NAK: [SRU] [X/B/C/D] [PATCH 0/1] openvswitch: fix kernel buffer overflow
Kleber Souza
kleber.souza at canonical.com
Tue Apr 23 06:37:00 UTC 2019
On 4/1/19 4:36 PM, Andrea Righi wrote:
> Buglink: https://bugs.launchpad.net/bugs/1813244
>
> [Impact]
>
> * Flow action buffer can be incorrectly resized to contain the newly added
> action entries: the buffer is always resized multiplying the previous size
> by 2, but this might be not enough if the requested size is bigger than
> previous_size*2, causing a buffer overflow
>
> * The fix correctly resizes the buffer to prevent the buffer overflow
>
> * This bug can be triggered potentially on any architecture, but it is very
> likely to happen on i386 running the following test case
>
> [Test Case]
>
> * run this openvswitch test case:
> https://launchpadlibrarian.net/416589265/lp1262692
>
> [Fix]
>
> * Instead of resizing the buffer by a factor of 2, use
> max(current_size * 2, current_size + requested_size)
>
> [Regression Potential]
>
> * Fix has been tested on the affected platform and verified using slub_debug.
> The patch has been queued up for -stable by David Miller, it will be
> included upstream for the next merge window. It is also a very small patch
> (one-liner basically), so backport changes are minimal.
>
> Andrea Righi (1):
> UBUNTU: SAUCE: openvswitch: fix flow actions reallocation
>
> net/openvswitch/flow_netlink.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>
This patch has been re-submitted and already applied, so I'm NAK'ing it.
Thank you,
Kleber
More information about the kernel-team
mailing list