From: Simon Horman <simon.horman@netronome.com>
To: Xidong Wang <wangxidong_97@163.com>
Cc: Pravin B Shelar <pshelar@ovn.org>,
"David S . Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
netdev@vger.kernel.org, dev@openvswitch.org,
linux-kernel@vger.kernel.org
Subject: Re: [ovs-dev] [PATCH 1/1] openvswitch: fix infoleak in conntrack
Date: Tue, 16 Jun 2020 10:42:39 +0200 [thread overview]
Message-ID: <20200616084237.GA28981@netronome.com> (raw)
In-Reply-To: <1592273581-31338-1-git-send-email-wangxidong_97@163.com>
On Mon, Jun 15, 2020 at 07:13:01PM -0700, Xidong Wang wrote:
> From: xidongwang <wangxidong_97@163.com>
>
> The stack object “zone_limit” has 3 members. In function
> ovs_ct_limit_get_default_limit(), the member "count" is
> not initialized and sent out via “nla_put_nohdr”.
Hi Xidong,
thanks for your patch.
It appears that the patch is a fix. So I think that subject should be
targeted at the net tree and thus the subject should include
"[PATCH net]". (The other option being to target the net-next tree
in which case the subject should include "[PATCH net-next]".)
Also, as a fix it would be useful to include a fixes tag that references
the patch that introduced the problem. This is to facilitate backporting
to -stable branches of released kernels. In this case the following seems
appropriate.
Fixes: 11efd5cb04a1 ("openvswitch: Support conntrack zone limit")
> Signed-off-by: xidongwang <wangxidong_97@163.com>
> ---
> net/openvswitch/conntrack.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
> index 4340f25..1b7820a 100644
> --- a/net/openvswitch/conntrack.c
> +++ b/net/openvswitch/conntrack.c
> @@ -2020,6 +2020,7 @@ static int ovs_ct_limit_get_default_limit(struct ovs_ct_limit_info *info,
> {
> struct ovs_zone_limit zone_limit;
> int err;
There should be a blank line here.
> + memset(&zone_limit, 0, sizeof(zone_limit));
Moreover, initializing the entire structure to zero only to overwrite
most of its fields immediately below seems a bit inefficient.
Perhaps it would be better to just initialise count.
> zone_limit.zone_id = OVS_ZONE_LIMIT_DEFAULT_ZONE;
> zone_limit.limit = info->default_limit;
zone_limit.count = 0;
> --
> 2.7.4
>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
prev parent reply other threads:[~2020-06-16 8:42 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-16 2:13 [PATCH 1/1] openvswitch: fix infoleak in conntrack Xidong Wang
2020-06-16 7:17 ` Pravin Shelar
2020-06-16 7:44 ` [ovs-dev] " Tonghao Zhang
2020-06-16 8:42 ` Simon Horman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200616084237.GA28981@netronome.com \
--to=simon.horman@netronome.com \
--cc=davem@davemloft.net \
--cc=dev@openvswitch.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pshelar@ovn.org \
--cc=wangxidong_97@163.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.