From: Simon Horman <horms@kernel.org>
To: Aaron Conole <aconole@redhat.com>
Cc: netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Pravin B Shelar <pshelar@ovn.org>,
dev@openvswitch.org, Ilya Maximets <i.maximets@ovn.org>,
Eelco Chaudron <echaudro@redhat.com>,
Shuah Khan <shuah@kernel.org>,
linux-kselftest@vger.kernel.org, Andy Zhou <azhou@ovn.org>
Subject: Re: [PATCH net v2 1/2] net: openvswitch: limit the number of recursions from action sets
Date: Thu, 8 Feb 2024 11:29:45 +0000 [thread overview]
Message-ID: <20240208112945.GG1435458@kernel.org> (raw)
In-Reply-To: <20240207132416.1488485-2-aconole@redhat.com>
On Wed, Feb 07, 2024 at 08:24:15AM -0500, Aaron Conole wrote:
> The ovs module allows for some actions to recursively contain an action
> list for complex scenarios, such as sampling, checking lengths, etc.
> When these actions are copied into the internal flow table, they are
> evaluated to validate that such actions make sense, and these calls
> happen recursively.
>
> The ovs-vswitchd userspace won't emit more than 16 recursion levels
> deep. However, the module has no such limit and will happily accept
> limits larger than 16 levels nested. Prevent this by tracking the
> number of recursions happening and manually limiting it to 16 levels
> nested.
>
> The initial implementation of the sample action would track this depth
> and prevent more than 3 levels of recursion, but this was removed to
> support the clone use case, rather than limited at the current userspace
> limit.
>
> Fixes: 798c166173ff ("openvswitch: Optimize sample action for the clone use cases")
> Signed-off-by: Aaron Conole <aconole@redhat.com>
> ---
> v1->v2: Switch to tracking the stack depth by using a depth argument rather than
> a per-cpu counter.
Thanks for the update.
Reviewed-by: Simon Horman <horms@kernel.org>
next prev parent reply other threads:[~2024-02-08 11:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-07 13:24 [PATCH net v2 0/2] net: openvswitch: limit the recursions from action sets Aaron Conole
2024-02-07 13:24 ` [PATCH net v2 1/2] net: openvswitch: limit the number of " Aaron Conole
2024-02-08 11:29 ` Simon Horman [this message]
2024-02-07 13:24 ` [PATCH net v2 2/2] selftests: openvswitch: Add validation for the recursion test Aaron Conole
2024-02-08 11:30 ` Simon Horman
2024-02-09 21:00 ` [PATCH net v2 0/2] net: openvswitch: limit the recursions from action sets patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240208112945.GG1435458@kernel.org \
--to=horms@kernel.org \
--cc=aconole@redhat.com \
--cc=azhou@ovn.org \
--cc=davem@davemloft.net \
--cc=dev@openvswitch.org \
--cc=echaudro@redhat.com \
--cc=edumazet@google.com \
--cc=i.maximets@ovn.org \
--cc=kuba@kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pshelar@ovn.org \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.