Received: by 10.223.176.5 with SMTP id f5csp990358wra; Fri, 2 Feb 2018 09:20:16 -0800 (PST) X-Google-Smtp-Source: AH8x227WJx8kViNeC398ldkKPtngMNrhkXXBSNgzHFuoJy7WgerNzHfHZIBdyMpBy0jMLrLYHMKn X-Received: by 10.98.58.5 with SMTP id h5mr40235717pfa.169.1517592016512; Fri, 02 Feb 2018 09:20:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517592016; cv=none; d=google.com; s=arc-20160816; b=nKDlY1oXWq0BYMmP5zk7CIC8ddNpDqMl7keZZ7YiEwPuKCHpmXdtCm6Cy1U88hgMEz vUqsIMPHMrW5j19LyOIwdGvwSuz1So/ulxwUwL0MvCP+Z4hJVDOgcODP6boH13p9ZjMN +pPuuNv0TuJvQtgqTPIMBAm//5s1XWNmYXolcqgMWnyeNK5BCVSsEUEoLj9ACPcm/As5 gUyxP0fWZ7i8Q0T84KgQuF0slddu7IbPQPdR9RMD8kiBLeNI6ApKZQ3/LLSjAPV6a6yy onXC4rbN+YvqFYMM+ka/hu7VLPBefB0G3zd+BP59lFR6oafKEpoggFxwToalOlIbh8Ji brDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=Jl+qC5b4m7mjdkvXMkb/AQ45FvhSxi7dnPxBTOHMD/4=; b=lQ2GzFOHtE6NIxhH47TcS/uNBrcU1hUsos1yFJ2MqcgWPbq5tSVyW53x2yYEnHO5oo j5+2CD4VHXkCahgc5TqQhV+cRzNfICbToonPAbk6MrXMzRPm58+64p5kBpdzxhFyWhS2 SdSMo1YW0qhC++RvRuQwgbu0w6Gr/NPkMf5XsWGlWWxwz6AqZ4O3Rap+Njs196vH53UI YzEjEJT6RsAwrD6UWz4O+MAD7OFwIDSOjXNlcnb4Ri3MMF22ndFHNARjgHj5dqvPYMob JPTrHhc9/WLokO2h97QkYc7yhSLx10mfGGn3MCC6bqLsNdT4kQPkOhRFiFDXTuOWVrIz SFng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f30-v6si45646plj.658.2018.02.02.09.20.01; Fri, 02 Feb 2018 09:20:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752737AbeBBRTV (ORCPT + 99 others); Fri, 2 Feb 2018 12:19:21 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:38822 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753432AbeBBRLz (ORCPT ); Fri, 2 Feb 2018 12:11:55 -0500 Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id C5E6FF09; Fri, 2 Feb 2018 17:11:54 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, zhangliping , Pravin B Shelar , "David S. Miller" , Sasha Levin Subject: [PATCH 4.14 067/156] openvswitch: fix the incorrect flow action alloc size Date: Fri, 2 Feb 2018 17:57:28 +0100 Message-Id: <20180202140843.335166031@linuxfoundation.org> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180202140840.242829545@linuxfoundation.org> References: <20180202140840.242829545@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: zhangliping [ Upstream commit 67c8d22a73128ff910e2287567132530abcf5b71 ] If we want to add a datapath flow, which has more than 500 vxlan outputs' action, we will get the following error reports: openvswitch: netlink: Flow action size 32832 bytes exceeds max openvswitch: netlink: Flow action size 32832 bytes exceeds max openvswitch: netlink: Actions may not be safe on all matching packets ... ... It seems that we can simply enlarge the MAX_ACTIONS_BUFSIZE to fix it, but this is not the root cause. For example, for a vxlan output action, we need about 60 bytes for the nlattr, but after it is converted to the flow action, it only occupies 24 bytes. This means that we can still support more than 1000 vxlan output actions for a single datapath flow under the the current 32k max limitation. So even if the nla_len(attr) is larger than MAX_ACTIONS_BUFSIZE, we shouldn't report EINVAL and keep it move on, as the judgement can be done by the reserve_sfa_size. Signed-off-by: zhangliping Acked-by: Pravin B Shelar Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- net/openvswitch/flow_netlink.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) --- a/net/openvswitch/flow_netlink.c +++ b/net/openvswitch/flow_netlink.c @@ -1903,14 +1903,11 @@ int ovs_nla_put_mask(const struct sw_flo #define MAX_ACTIONS_BUFSIZE (32 * 1024) -static struct sw_flow_actions *nla_alloc_flow_actions(int size, bool log) +static struct sw_flow_actions *nla_alloc_flow_actions(int size) { struct sw_flow_actions *sfa; - if (size > MAX_ACTIONS_BUFSIZE) { - OVS_NLERR(log, "Flow action size %u bytes exceeds max", size); - return ERR_PTR(-EINVAL); - } + WARN_ON_ONCE(size > MAX_ACTIONS_BUFSIZE); sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL); if (!sfa) @@ -1983,12 +1980,15 @@ static struct nlattr *reserve_sfa_size(s new_acts_size = ksize(*sfa) * 2; if (new_acts_size > MAX_ACTIONS_BUFSIZE) { - if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) + if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) { + OVS_NLERR(log, "Flow action size exceeds max %u", + MAX_ACTIONS_BUFSIZE); return ERR_PTR(-EMSGSIZE); + } new_acts_size = MAX_ACTIONS_BUFSIZE; } - acts = nla_alloc_flow_actions(new_acts_size, log); + acts = nla_alloc_flow_actions(new_acts_size); if (IS_ERR(acts)) return (void *)acts; @@ -2660,7 +2660,7 @@ int ovs_nla_copy_actions(struct net *net { int err; - *sfa = nla_alloc_flow_actions(nla_len(attr), log); + *sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE)); if (IS_ERR(*sfa)) return PTR_ERR(*sfa);