首頁 探索 說明
登入
GfA
/
linux_kernel
5
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
瀏覽代碼

openvswitch: Serialize nested ct actions if provided

If userspace provides a ct action with no nested mark or label, then the
storage for these fields is zeroed. Later when actions are requested,
such zeroed fields are serialized even though userspace didn't
originally specify them. Fix the behaviour by ensuring that no action is
serialized in this case, and reject actions where userspace attempts to
set these fields with mask=0. This should make netlink marshalling
consistent across deserialization/reserialization.

Reported-by: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Joe Stringer 9 年之前
父節點
4f0909ee3d
當前提交
e754ec69ab
共有 1 個文件被更改,包括 10 次插入4 次删除
統一視圖 顯示文件統計
  1. 10 4
      net/openvswitch/conntrack.c

+ 10 - 4
net/openvswitch/conntrack.c
查看文件 

@@ -224,9 +224,6 @@ static int ovs_ct_set_labels(struct sk_buff *skb, struct sw_flow_key *key,
 
 	struct nf_conn *ct;
 
 	struct nf_conn *ct;
 
 	int err;
 
 	int err;
 
 
 
-	if (!IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS))
 
-		return -ENOTSUPP;
 
-
 
 	/* The connection could be invalid, in which case set_label is no-op.*/
 
 	/* The connection could be invalid, in which case set_label is no-op.*/
 
 	ct = nf_ct_get(skb, &ctinfo);
 
 	ct = nf_ct_get(skb, &ctinfo);
 
 	if (!ct)
 
 	if (!ct)
 
@@ -587,6 +584,10 @@ static int parse_ct(const struct nlattr *attr, struct ovs_conntrack_info *info,
 
 		case OVS_CT_ATTR_MARK: {
 
 		case OVS_CT_ATTR_MARK: {
 
 			struct md_mark *mark = nla_data(a);
 
 			struct md_mark *mark = nla_data(a);
 
 
 
+			if (!mark->mask) {
 
+				OVS_NLERR(log, "ct_mark mask cannot be 0");
 
+				return -EINVAL;
 
+			}
 
 			info->mark = *mark;
 
 			info->mark = *mark;
 
 			break;
 
 			break;
 
 		}
 
 		}
 
@@ -595,6 +596,10 @@ static int parse_ct(const struct nlattr *attr, struct ovs_conntrack_info *info,
 
 		case OVS_CT_ATTR_LABELS: {
 
 		case OVS_CT_ATTR_LABELS: {
 
 			struct md_labels *labels = nla_data(a);
 
 			struct md_labels *labels = nla_data(a);
 
 
 
+			if (!labels_nonzero(&labels->mask)) {
 
+				OVS_NLERR(log, "ct_labels mask cannot be 0");
 
+				return -EINVAL;
 
+			}
 
 			info->labels = *labels;
 
 			info->labels = *labels;
 
 			break;
 
 			break;
 
 		}
 
 		}
 
@@ -705,11 +710,12 @@ int ovs_ct_action_to_attr(const struct ovs_conntrack_info *ct_info,
 
 	if (IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES) &&
 
 	if (IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES) &&
 
 	    nla_put_u16(skb, OVS_CT_ATTR_ZONE, ct_info->zone.id))
 
 	    nla_put_u16(skb, OVS_CT_ATTR_ZONE, ct_info->zone.id))
 
 		return -EMSGSIZE;
 
 		return -EMSGSIZE;
 
-	if (IS_ENABLED(CONFIG_NF_CONNTRACK_MARK) &&
 
+	if (IS_ENABLED(CONFIG_NF_CONNTRACK_MARK) && ct_info->mark.mask &&
 
 	    nla_put(skb, OVS_CT_ATTR_MARK, sizeof(ct_info->mark),
 
 	    nla_put(skb, OVS_CT_ATTR_MARK, sizeof(ct_info->mark),
 
 		    &ct_info->mark))
 
 		    &ct_info->mark))
 
 		return -EMSGSIZE;
 
 		return -EMSGSIZE;
 
 	if (IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS) &&
 
 	if (IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS) &&
 
+	    labels_nonzero(&ct_info->labels.mask) &&
 
 	    nla_put(skb, OVS_CT_ATTR_LABELS, sizeof(ct_info->labels),
 
 	    nla_put(skb, OVS_CT_ATTR_LABELS, sizeof(ct_info->labels),
 
 		    &ct_info->labels))
 
 		    &ct_info->labels))
 
 		return -EMSGSIZE;
 
 		return -EMSGSIZE;