!4868 net: openvswitch: limit the number of recursions from action sets (318b96bd) · Commits · EulixOS / Software / Kernel

net/openvswitch/flow_netlink.c

+33 −16

Original line number	Diff line number	Diff line
		@@ -47,6 +47,7 @@ struct ovs_len_tbl {

		#define OVS_ATTR_NESTED -1
		#define OVS_ATTR_VARIABLE -2
		#define OVS_COPY_ACTIONS_MAX_DEPTH 16

		static bool actions_may_change_flow(const struct nlattr *actions)
		{
		@@ -2514,13 +2515,15 @@ static int __ovs_nla_copy_actions(struct net net, const struct nlattr attr,
		const struct sw_flow_key *key,
		struct sw_flow_actions **sfa,
		__be16 eth_type, __be16 vlan_tci,
		u32 mpls_label_count, bool log);
		u32 mpls_label_count, bool log,
		u32 depth);

		static int validate_and_copy_sample(struct net net, const struct nlattr attr,
		const struct sw_flow_key *key,
		struct sw_flow_actions **sfa,
		__be16 eth_type, __be16 vlan_tci,
		u32 mpls_label_count, bool log, bool last)
		u32 mpls_label_count, bool log, bool last,
		u32 depth)
		{
		const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
		const struct nlattr probability, actions;
		@@ -2571,7 +2574,8 @@ static int validate_and_copy_sample(struct net net, const struct nlattr attr,
		return err;

		err = __ovs_nla_copy_actions(net, actions, key, sfa,
		eth_type, vlan_tci, mpls_label_count, log);
		eth_type, vlan_tci, mpls_label_count, log,
		depth + 1);

		if (err)
		return err;
		@@ -2586,7 +2590,8 @@ static int validate_and_copy_dec_ttl(struct net *net,
		const struct sw_flow_key *key,
		struct sw_flow_actions **sfa,
		__be16 eth_type, __be16 vlan_tci,
		u32 mpls_label_count, bool log)
		u32 mpls_label_count, bool log,
		u32 depth)
		{
		const struct nlattr *attrs[OVS_DEC_TTL_ATTR_MAX + 1];
		int start, action_start, err, rem;
		@@ -2619,7 +2624,8 @@ static int validate_and_copy_dec_ttl(struct net *net,
		return action_start;

		err = __ovs_nla_copy_actions(net, actions, key, sfa, eth_type,
		vlan_tci, mpls_label_count, log);
		vlan_tci, mpls_label_count, log,
		depth + 1);
		if (err)
		return err;

		@@ -2633,7 +2639,8 @@ static int validate_and_copy_clone(struct net *net,
		const struct sw_flow_key *key,
		struct sw_flow_actions **sfa,
		__be16 eth_type, __be16 vlan_tci,
		u32 mpls_label_count, bool log, bool last)
		u32 mpls_label_count, bool log, bool last,
		u32 depth)
		{
		int start, err;
		u32 exec;
		@@ -2653,7 +2660,8 @@ static int validate_and_copy_clone(struct net *net,
		return err;

		err = __ovs_nla_copy_actions(net, attr, key, sfa,
		eth_type, vlan_tci, mpls_label_count, log);
		eth_type, vlan_tci, mpls_label_count, log,
		depth + 1);
		if (err)
		return err;

		@@ -3022,7 +3030,7 @@ static int validate_and_copy_check_pkt_len(struct net *net,
		struct sw_flow_actions **sfa,
		__be16 eth_type, __be16 vlan_tci,
		u32 mpls_label_count,
		bool log, bool last)
		bool log, bool last, u32 depth)
		{
		const struct nlattr acts_if_greater, acts_if_lesser_eq;
		struct nlattr *a[OVS_CHECK_PKT_LEN_ATTR_MAX + 1];
		@@ -3070,7 +3078,8 @@ static int validate_and_copy_check_pkt_len(struct net *net,
		return nested_acts_start;

		err = __ovs_nla_copy_actions(net, acts_if_lesser_eq, key, sfa,
		eth_type, vlan_tci, mpls_label_count, log);
		eth_type, vlan_tci, mpls_label_count, log,
		depth + 1);

		if (err)
		return err;
		@@ -3083,7 +3092,8 @@ static int validate_and_copy_check_pkt_len(struct net *net,
		return nested_acts_start;

		err = __ovs_nla_copy_actions(net, acts_if_greater, key, sfa,
		eth_type, vlan_tci, mpls_label_count, log);
		eth_type, vlan_tci, mpls_label_count, log,
		depth + 1);

		if (err)
		return err;
		@@ -3111,12 +3121,16 @@ static int __ovs_nla_copy_actions(struct net net, const struct nlattr attr,
		const struct sw_flow_key *key,
		struct sw_flow_actions **sfa,
		__be16 eth_type, __be16 vlan_tci,
		u32 mpls_label_count, bool log)
		u32 mpls_label_count, bool log,
		u32 depth)
		{
		u8 mac_proto = ovs_key_mac_proto(key);
		const struct nlattr *a;
		int rem, err;

		if (depth > OVS_COPY_ACTIONS_MAX_DEPTH)
		return -EOVERFLOW;

		nla_for_each_nested(a, attr, rem) {
		/* Expected argument lengths, (u32)-1 for variable length. */
		static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
		@@ -3311,7 +3325,7 @@ static int __ovs_nla_copy_actions(struct net net, const struct nlattr attr,
		err = validate_and_copy_sample(net, a, key, sfa,
		eth_type, vlan_tci,
		mpls_label_count,
		log, last);
		log, last, depth);
		if (err)
		return err;
		skip_copy = true;
		@@ -3382,7 +3396,7 @@ static int __ovs_nla_copy_actions(struct net net, const struct nlattr attr,
		err = validate_and_copy_clone(net, a, key, sfa,
		eth_type, vlan_tci,
		mpls_label_count,
		log, last);
		log, last, depth);
		if (err)
		return err;
		skip_copy = true;
		@@ -3396,7 +3410,8 @@ static int __ovs_nla_copy_actions(struct net net, const struct nlattr attr,
		eth_type,
		vlan_tci,
		mpls_label_count,
		log, last);
		log, last,
		depth);
		if (err)
		return err;
		skip_copy = true;
		@@ -3406,7 +3421,8 @@ static int __ovs_nla_copy_actions(struct net net, const struct nlattr attr,
		case OVS_ACTION_ATTR_DEC_TTL:
		err = validate_and_copy_dec_ttl(net, a, key, sfa,
		eth_type, vlan_tci,
		mpls_label_count, log);
		mpls_label_count, log,
		depth);
		if (err)
		return err;
		skip_copy = true;
		@@ -3446,7 +3462,8 @@ int ovs_nla_copy_actions(struct net net, const struct nlattr attr,

		(*sfa)->orig_len = nla_len(attr);
		err = __ovs_nla_copy_actions(net, attr, key, sfa, key->eth.type,
		key->eth.vlan.tci, mpls_label_count, log);
		key->eth.vlan.tci, mpls_label_count, log,
		0);
		if (err)
		ovs_nla_free_flow_actions(*sfa);