From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jesse Gross <jesse@nicira.com>,
Pravin B Shelar <pshelar@nicira.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.1 18/29] openvswitch: Zero flows on allocation.
Date: Thu, 1 Oct 2015 11:31:54 +0200 [thread overview]
Message-ID: <20151001093146.503717823@linuxfoundation.org> (raw)
In-Reply-To: <20151001093145.730759857@linuxfoundation.org>
4.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jesse Gross <jesse@nicira.com>
[ Upstream commit ae5f2fb1d51fa128a460bcfbe3c56d7ab8bf6a43 ]
When support for megaflows was introduced, OVS needed to start
installing flows with a mask applied to them. Since masking is an
expensive operation, OVS also had an optimization that would only
take the parts of the flow keys that were covered by a non-zero
mask. The values stored in the remaining pieces should not matter
because they are masked out.
While this works fine for the purposes of matching (which must always
look at the mask), serialization to netlink can be problematic. Since
the flow and the mask are serialized separately, the uninitialized
portions of the flow can be encoded with whatever values happen to be
present.
In terms of functionality, this has little effect since these fields
will be masked out by definition. However, it leaks kernel memory to
userspace, which is a potential security vulnerability. It is also
possible that other code paths could look at the masked key and get
uninitialized data, although this does not currently appear to be an
issue in practice.
This removes the mask optimization for flows that are being installed.
This was always intended to be the case as the mask optimizations were
really targetting per-packet flow operations.
Fixes: 03f0d916 ("openvswitch: Mega flow implementation")
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/openvswitch/datapath.c | 4 ++--
net/openvswitch/flow_table.c | 23 ++++++++++++-----------
net/openvswitch/flow_table.h | 2 +-
3 files changed, 15 insertions(+), 14 deletions(-)
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -906,7 +906,7 @@ static int ovs_flow_cmd_new(struct sk_bu
if (error)
goto err_kfree_flow;
- ovs_flow_mask_key(&new_flow->key, &key, &mask);
+ ovs_flow_mask_key(&new_flow->key, &key, true, &mask);
/* Extract flow identifier. */
error = ovs_nla_get_identifier(&new_flow->id, a[OVS_FLOW_ATTR_UFID],
@@ -1033,7 +1033,7 @@ static struct sw_flow_actions *get_flow_
struct sw_flow_key masked_key;
int error;
- ovs_flow_mask_key(&masked_key, key, mask);
+ ovs_flow_mask_key(&masked_key, key, true, mask);
error = ovs_nla_copy_actions(a, &masked_key, &acts, log);
if (error) {
OVS_NLERR(log,
--- a/net/openvswitch/flow_table.c
+++ b/net/openvswitch/flow_table.c
@@ -56,20 +56,21 @@ static u16 range_n_bytes(const struct sw
}
void ovs_flow_mask_key(struct sw_flow_key *dst, const struct sw_flow_key *src,
- const struct sw_flow_mask *mask)
+ bool full, const struct sw_flow_mask *mask)
{
- const long *m = (const long *)((const u8 *)&mask->key +
- mask->range.start);
- const long *s = (const long *)((const u8 *)src +
- mask->range.start);
- long *d = (long *)((u8 *)dst + mask->range.start);
+ int start = full ? 0 : mask->range.start;
+ int len = full ? sizeof *dst : range_n_bytes(&mask->range);
+ const long *m = (const long *)((const u8 *)&mask->key + start);
+ const long *s = (const long *)((const u8 *)src + start);
+ long *d = (long *)((u8 *)dst + start);
int i;
- /* The memory outside of the 'mask->range' are not set since
- * further operations on 'dst' only uses contents within
- * 'mask->range'.
+ /* If 'full' is true then all of 'dst' is fully initialized. Otherwise,
+ * if 'full' is false the memory outside of the 'mask->range' is left
+ * uninitialized. This can be used as an optimization when further
+ * operations on 'dst' only use contents within 'mask->range'.
*/
- for (i = 0; i < range_n_bytes(&mask->range); i += sizeof(long))
+ for (i = 0; i < len; i += sizeof(long))
*d++ = *s++ & *m++;
}
@@ -473,7 +474,7 @@ static struct sw_flow *masked_flow_looku
u32 hash;
struct sw_flow_key masked_key;
- ovs_flow_mask_key(&masked_key, unmasked, mask);
+ ovs_flow_mask_key(&masked_key, unmasked, false, mask);
hash = flow_hash(&masked_key, &mask->range);
head = find_bucket(ti, hash);
hlist_for_each_entry_rcu(flow, head, flow_table.node[ti->node_ver]) {
--- a/net/openvswitch/flow_table.h
+++ b/net/openvswitch/flow_table.h
@@ -86,5 +86,5 @@ struct sw_flow *ovs_flow_tbl_lookup_ufid
bool ovs_flow_cmp(const struct sw_flow *, const struct sw_flow_match *);
void ovs_flow_mask_key(struct sw_flow_key *dst, const struct sw_flow_key *src,
- const struct sw_flow_mask *mask);
+ bool full, const struct sw_flow_mask *mask);
#endif /* flow_table.h */
next prev parent reply other threads:[~2015-10-01 9:32 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-01 9:31 [PATCH 4.1 00/29] 4.1.10-stable review Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 01/29] ip6_gre: release cached dst on tunnel removal Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 02/29] vxlan: re-ignore EADDRINUSE from igmp_join Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 03/29] cls_u32: complete the check for non-forced case in u32_destroy() Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 04/29] usbnet: Get EVENT_NO_RUNTIME_PM bit before it is cleared Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 05/29] sock, diag: fix panic in sock_diag_put_filterinfo Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 06/29] ipv6: fix exthdrs offload registration in out_rt path Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 07/29] net: fec: clear receive interrupts before processing a packet Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 08/29] net: eth: altera: fix napi poll_list corruption Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 09/29] net/ipv6: Correct PIM6 mrt_lock handling Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 10/29] net: dsa: bcm_sf2: Fix ageing conditions and operation Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 11/29] ipv6: fix multipath route replace error recovery Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 12/29] net: dsa: bcm_sf2: Fix 64-bits register writes Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 13/29] netlink, mmap: transform mmap skb into full skb on taps Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 14/29] sctp: fix race on protocol/netns initialization Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 16/29] net/mlx4_en: really allow to change RSS key Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 17/29] macvtap: fix TUNSETSNDBUF values > 64k Greg Kroah-Hartman
2015-10-01 9:31 ` Greg Kroah-Hartman [this message]
2015-10-01 9:31 ` [PATCH 4.1 19/29] tcp: add proper TS val into RST packets Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 20/29] net: revert "net_sched: move tp->root allocation into fw_init()" Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 21/29] fib_rules: fix fib rule dumps across multiple skbs Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 22/29] net: dsa: bcm_sf2: Do not override speed settings Greg Kroah-Hartman
2015-10-02 0:47 ` Ben Hutchings
2015-10-02 1:22 ` David Miller
2015-10-03 11:38 ` Greg KH
2015-10-01 9:31 ` [PATCH 4.1 23/29] net: phy: fixed_phy: handle link-down case Greg Kroah-Hartman
2015-10-01 9:32 ` [PATCH 4.1 24/29] of_mdio: add new DT property managed to specify the PHY management type Greg Kroah-Hartman
2015-10-01 9:32 ` [PATCH 4.1 25/29] mvneta: use inband status only when explicitly enabled Greg Kroah-Hartman
2015-10-01 9:32 ` [PATCH 4.1 26/29] netlink: Fix autobind race condition that leads to zero port ID Greg Kroah-Hartman
2015-10-01 9:32 ` [PATCH 4.1 27/29] netlink: Replace rhash_portid with bound Greg Kroah-Hartman
2015-10-01 9:32 ` [PATCH 4.1 28/29] zram: fix possible use after free in zcomp_create() Greg Kroah-Hartman
2015-10-01 9:32 ` [PATCH 4.1 29/29] hp-wmi: limit hotkey enable Greg Kroah-Hartman
[not found] ` <20151001093146.372268230@linuxfoundation.org>
2015-10-01 23:13 ` [PATCH 4.1 15/29] bridge: fix igmpv3 / mldv2 report parsing Linus Lüssing
2015-10-02 1:29 ` [PATCH 4.1 00/29] 4.1.10-stable review Guenter Roeck
2015-10-02 6:23 ` Sudip Mukherjee
[not found] ` <560e9a58.e127b40a.bc060.fffffb97@mx.google.com>
2015-10-02 15:04 ` Kevin Hilman
2015-10-02 15:41 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151001093146.503717823@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=jesse@nicira.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pshelar@nicira.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).