Commit b064d0d8 authored by Hannes Frederic Sowa's avatar Hannes Frederic Sowa Committed by David S. Miller

ovs: limit ovs recursions in ovs_execute_actions to not corrupt stack

It was seen that defective configurations of openvswitch could overwrite
the STACK_END_MAGIC and cause a hard crash of the kernel because of too
many recursions within ovs.

This problem arises due to the high stack usage of openvswitch. The rest
of the kernel is fine with the current limit of 10 (RECURSION_LIMIT).

We use the already existing recursion counter in ovs_execute_actions to
implement an upper bound of 5 recursions.

Cc: Pravin Shelar <pshelar@ovn.org>
Cc: Simon Horman <simon.horman@netronome.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Simon Horman <simon.horman@netronome.com>
Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 60a6531b
...@@ -1160,17 +1160,26 @@ int ovs_execute_actions(struct datapath *dp, struct sk_buff *skb, ...@@ -1160,17 +1160,26 @@ int ovs_execute_actions(struct datapath *dp, struct sk_buff *skb,
const struct sw_flow_actions *acts, const struct sw_flow_actions *acts,
struct sw_flow_key *key) struct sw_flow_key *key)
{ {
int level = this_cpu_read(exec_actions_level); static const int ovs_recursion_limit = 5;
int err; int err, level;
level = __this_cpu_inc_return(exec_actions_level);
if (unlikely(level > ovs_recursion_limit)) {
net_crit_ratelimited("ovs: recursion limit reached on datapath %s, probable configuration error\n",
ovs_dp_name(dp));
kfree_skb(skb);
err = -ENETDOWN;
goto out;
}
this_cpu_inc(exec_actions_level);
err = do_execute_actions(dp, skb, key, err = do_execute_actions(dp, skb, key,
acts->actions, acts->actions_len); acts->actions, acts->actions_len);
if (!level) if (level == 1)
process_deferred_actions(dp); process_deferred_actions(dp);
this_cpu_dec(exec_actions_level); out:
__this_cpu_dec(exec_actions_level);
return err; return err;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment