From 69929d4c49e182f8526d42c43b37b460d562d3a0 Mon Sep 17 00:00:00 2001 From: Eelco Chaudron Date: Tue, 24 Nov 2020 07:34:44 -0500 Subject: net: openvswitch: fix TTL decrement action netlink message format Currently, the openvswitch module is not accepting the correctly formated netlink message for the TTL decrement action. For both setting and getting the dec_ttl action, the actions should be nested in the OVS_DEC_TTL_ATTR_ACTION attribute as mentioned in the openvswitch.h uapi. When the original patch was sent, it was tested with a private OVS userspace implementation. This implementation was unfortunately not upstreamed and reviewed, hence an erroneous version of this patch was sent out. Leaving the patch as-is would cause problems as the kernel module could interpret additional attributes as actions and vice-versa, due to the actions not being encapsulated/nested within the actual attribute, but being concatinated after it. Fixes: 744676e77720 ("openvswitch: add TTL decrement action") Signed-off-by: Eelco Chaudron Link: https://lore.kernel.org/r/160622121495.27296.888010441924340582.stgit@wsfd-netdev64.ntdv.lab.eng.bos.redhat.com Signed-off-by: Jakub Kicinski --- net/openvswitch/actions.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'net/openvswitch/actions.c') diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c index b87bfc82f44f..5829a020b81c 100644 --- a/net/openvswitch/actions.c +++ b/net/openvswitch/actions.c @@ -958,14 +958,13 @@ static int dec_ttl_exception_handler(struct datapath *dp, struct sk_buff *skb, { /* The first action is always 'OVS_DEC_TTL_ATTR_ARG'. */ struct nlattr *dec_ttl_arg = nla_data(attr); - int rem = nla_len(attr); if (nla_len(dec_ttl_arg)) { - struct nlattr *actions = nla_next(dec_ttl_arg, &rem); + struct nlattr *actions = nla_data(dec_ttl_arg); if (actions) - return clone_execute(dp, skb, key, 0, actions, rem, - last, false); + return clone_execute(dp, skb, key, 0, nla_data(actions), + nla_len(actions), last, false); } consume_skb(skb); return 0; -- cgit From 43c13605bad44b8abbc9776d6e63f62ccb7a47d6 Mon Sep 17 00:00:00 2001 From: Davide Caratti Date: Thu, 3 Dec 2020 10:46:06 +0100 Subject: net: openvswitch: ensure LSE is pullable before reading it when openvswitch is configured to mangle the LSE, the current value is read from the packet dereferencing 4 bytes at mpls_hdr(): ensure that the label is contained in the skb "linear" area. Found by code inspection. Fixes: d27cf5c59a12 ("net: core: add MPLS update core helper and use in OvS") Signed-off-by: Davide Caratti Link: https://lore.kernel.org/r/aa099f245d93218b84b5c056b67b6058ccf81a66.1606987185.git.dcaratti@redhat.com Signed-off-by: Jakub Kicinski --- net/openvswitch/actions.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'net/openvswitch/actions.c') diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c index 5829a020b81c..c3a664871cb5 100644 --- a/net/openvswitch/actions.c +++ b/net/openvswitch/actions.c @@ -199,6 +199,9 @@ static int set_mpls(struct sk_buff *skb, struct sw_flow_key *flow_key, __be32 lse; int err; + if (!pskb_may_pull(skb, skb_network_offset(skb) + MPLS_HLEN)) + return -ENOMEM; + stack = mpls_hdr(skb); lse = OVS_MASKED(stack->label_stack_entry, *mpls_lse, *mask); err = skb_mpls_update_lse(skb, lse); -- cgit From 09d6217254c004f6237cc2c2bfe604af58e9a8c5 Mon Sep 17 00:00:00 2001 From: Eelco Chaudron Date: Mon, 7 Dec 2020 05:08:39 -0500 Subject: net: openvswitch: fix TTL decrement exception action execution Currently, the exception actions are not processed correctly as the wrong dataset is passed. This change fixes this, including the misleading comment. In addition, a check was added to make sure we work on an IPv4 packet, and not just assume if it's not IPv6 it's IPv4. This was all tested using OVS with patch, https://patchwork.ozlabs.org/project/openvswitch/list/?series=21639, applied and sending packets with a TTL of 1 (and 0), both with IPv4 and IPv6. Fixes: 69929d4c49e1 ("net: openvswitch: fix TTL decrement action netlink message format") Signed-off-by: Eelco Chaudron Link: https://lore.kernel.org/r/160733569860.3007.12938188180387116741.stgit@wsfd-netdev64.ntdv.lab.eng.bos.redhat.com Signed-off-by: Jakub Kicinski --- net/openvswitch/actions.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'net/openvswitch/actions.c') diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c index c3a664871cb5..e8902a7e60f2 100644 --- a/net/openvswitch/actions.c +++ b/net/openvswitch/actions.c @@ -959,16 +959,13 @@ static int dec_ttl_exception_handler(struct datapath *dp, struct sk_buff *skb, struct sw_flow_key *key, const struct nlattr *attr, bool last) { - /* The first action is always 'OVS_DEC_TTL_ATTR_ARG'. */ - struct nlattr *dec_ttl_arg = nla_data(attr); + /* The first attribute is always 'OVS_DEC_TTL_ATTR_ACTION'. */ + struct nlattr *actions = nla_data(attr); - if (nla_len(dec_ttl_arg)) { - struct nlattr *actions = nla_data(dec_ttl_arg); + if (nla_len(actions)) + return clone_execute(dp, skb, key, 0, nla_data(actions), + nla_len(actions), last, false); - if (actions) - return clone_execute(dp, skb, key, 0, nla_data(actions), - nla_len(actions), last, false); - } consume_skb(skb); return 0; } @@ -1212,7 +1209,7 @@ static int execute_dec_ttl(struct sk_buff *skb, struct sw_flow_key *key) return -EHOSTUNREACH; key->ip.ttl = --nh->hop_limit; - } else { + } else if (skb->protocol == htons(ETH_P_IP)) { struct iphdr *nh; u8 old_ttl; -- cgit