On 11/26/21 23:16, Mike Pattrick wrote: > Currently, ovs-ofctl and other associated tools will validate the size > of flow actions. However, there are some code paths that do not validate > the size correctly. > > When adding more than 1000 logical switch ports to an OVS bridge in OVN, > OVN will happily create a flow with potentially unlimited actions. This > can cause OVS to call abort() when it attempts to re-serialize the flow > actions.
Hello, Mike. This Looks like a tricky issue. Could you, please, include a unit test for this case? Best regards, Ilya Maximets. > > This change will validate the size with every call to ofpacts_verify, > which should cover all remaining code paths. > > Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2020770 > Signed-off-by: Mike Pattrick <[email protected]> > --- > lib/ofp-actions.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c > index ecf914eac..74b8b65ac 100644 > --- a/lib/ofp-actions.c > +++ b/lib/ofp-actions.c > @@ -8749,6 +8749,10 @@ ofpacts_verify(const struct ofpact ofpacts[], size_t > ofpacts_len, > const struct ofpact *a; > enum ovs_instruction_type inst; > > + if (ofpacts_len > ROUND_DOWN(UINT16_MAX, OFP_ACTION_ALIGN)) { > + return OFPERR_OFPBAC_BAD_LEN; > + } > + > inst = OVSINST_OFPIT13_METER; > OFPACT_FOR_EACH (a, ofpacts, ofpacts_len) { > enum ovs_instruction_type next; > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
