linux/net/openvswitch
Andrea Righi f28cd2af22 openvswitch: fix flow actions reallocation
The flow action buffer can be resized if it's not big enough to contain
all the requested flow actions. However, this resize doesn't take into
account the new requested size, the buffer is only increased by a factor
of 2x. This might be not enough to contain the new data, causing a
buffer overflow, for example:

[   42.044472] =============================================================================
[   42.045608] BUG kmalloc-96 (Not tainted): Redzone overwritten
[   42.046415] -----------------------------------------------------------------------------

[   42.047715] Disabling lock debugging due to kernel taint
[   42.047716] INFO: 0x8bf2c4a5-0x720c0928. First byte 0x0 instead of 0xcc
[   42.048677] INFO: Slab 0xbc6d2040 objects=29 used=18 fp=0xdc07dec4 flags=0x2808101
[   42.049743] INFO: Object 0xd53a3464 @offset=2528 fp=0xccdcdebb

[   42.050747] Redzone 76f1b237: cc cc cc cc cc cc cc cc                          ........
[   42.051839] Object d53a3464: 6b 6b 6b 6b 6b 6b 6b 6b 0c 00 00 00 6c 00 00 00  kkkkkkkk....l...
[   42.053015] Object f49a30cc: 6c 00 0c 00 00 00 00 00 00 00 00 03 78 a3 15 f6  l...........x...
[   42.054203] Object acfe4220: 20 00 02 00 ff ff ff ff 00 00 00 00 00 00 00 00   ...............
[   42.055370] Object 21024e91: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   42.056541] Object 070e04c3: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   42.057797] Object 948a777a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   42.059061] Redzone 8bf2c4a5: 00 00 00 00                                      ....
[   42.060189] Padding a681b46e: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ

Fix by making sure the new buffer is properly resized to contain all the
requested data.

BugLink: https://bugs.launchpad.net/bugs/1813244
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-03-28 17:15:44 -07:00
..
actions.c OVS: remove use of VLAN_TAG_PRESENT 2018-11-08 19:49:31 -08:00
conntrack.c netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h 2019-02-27 10:54:08 +01:00
conntrack.h openvswitch: Support conntrack zone limit 2018-05-25 16:45:19 -04:00
datapath.c net: openvswitch: fix missing checks for nla_nest_start 2019-03-16 11:43:14 -07:00
datapath.h openvswitch: Support conntrack zone limit 2018-05-25 16:45:19 -04:00
dp_notify.c
flow_netlink.c openvswitch: fix flow actions reallocation 2019-03-28 17:15:44 -07:00
flow_netlink.h openvswitch: convert to kvmalloc 2019-03-12 10:04:02 -07:00
flow_table.c openvswitch: convert to kvmalloc 2019-03-12 10:04:02 -07:00
flow_table.h openvswitch: convert to kvmalloc 2019-03-12 10:04:02 -07:00
flow.c openvswitch: Fix IPv6 later frags parsing 2019-01-04 13:00:02 -08:00
flow.h openvswitch: convert to kvmalloc 2019-03-12 10:04:02 -07:00
Kconfig netfilter: nat: merge nf_nat_ipv4,6 into nat core 2019-02-27 10:49:55 +01:00
Makefile
meter.c openvswitch: meter: Use struct_size() in kzalloc() 2019-01-16 21:10:47 -08:00
meter.h
vport-geneve.c net: core: dev: Add extack argument to dev_change_flags() 2018-12-06 13:26:07 -08:00
vport-gre.c net: core: dev: Add extack argument to dev_change_flags() 2018-12-06 13:26:07 -08:00
vport-internal_dev.c net: ovs: fix return type of ndo_start_xmit function 2018-09-28 10:25:11 -07:00
vport-internal_dev.h
vport-netdev.c openvswitch: remove BUG_ON from get_dpdev 2018-11-08 17:14:59 -08:00
vport-netdev.h
vport-vxlan.c net: core: dev: Add extack argument to dev_change_flags() 2018-12-06 13:26:07 -08:00
vport.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
vport.h