[ovs-git] Open vSwitch: datapath: Avoid accesses past the end of skbuff data in actions. (master)
dev at openvswitch.org
dev at openvswitch.org
Fri Aug 27 20:22:57 UTC 2010
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Open vSwitch".
The branch, master has been updated
via ca78c6b69c01508713b8a8e50065843fcaf53936 (commit)
via 59a18f80dd0732dbe09231ff9001c54b3a5fca16 (commit)
via 7d0ab001dbc7bd4285aaf1dbcb881312ec32608c (commit)
via 4c1ad233122408d073dd2265e9998ee87036b5ef (commit)
from 6699af68e60e0d03671d1424a5f53258928b16d4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ca78c6b69c01508713b8a8e50065843fcaf53936
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=ca78c6b69c01508713b8a8e50065843fcaf53936
Author: Ben Pfaff <blp at nicira.com>
datapath: Avoid accesses past the end of skbuff data in actions.
Some of the flow actions that modify skbuff data did not check that the
skbuff was long enough before doing so. This commit fixes that problem.
Previously, the strategy for avoiding this was to only indicate the layer-3
nw_proto field in the flow if the corresponding layer-4 header was fully
present, so that if, for example, nw_proto was IPPROTO_TCP, this meant
that a TCP header was present. The original motivation for this patch was
to add corresponding code to only indicate a layer-2 dl_type if the
corresponding layer-3 header was fully present. But I'm now convinced that
this approach is conceptually wrong, because the meaning of a layer-N
header should not be affected by the meaning of a layer-(N+1) header.
This commit switches to a new approach. Now, when a header is missing, its
fields in the flow are simply zeroed and have no effect on the "type" field
for the outer header. Responsibility for ensuring that a header is fully
present is now shifted to the actions that wish to modify that header.
Signed-off-by: Ben Pfaff <blp at nicira.com>
commit 59a18f80dd0732dbe09231ff9001c54b3a5fca16
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=59a18f80dd0732dbe09231ff9001c54b3a5fca16
Author: Ben Pfaff <blp at nicira.com>
datapath: Fix default value of skb transport_header.
This commit started out as simply better documenting flow_extract(),
but then I realized that nothing cares about transport_header in the
non-IP case, so don't bother with it at all.
Signed-off-by: Ben Pfaff <blp at nicira.com>
commit 7d0ab001dbc7bd4285aaf1dbcb881312ec32608c
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=7d0ab001dbc7bd4285aaf1dbcb881312ec32608c
Author: Ben Pfaff <blp at nicira.com>
datapath: Avoid pskb_may_pull() checks where not needed.
These calls to pskb_may_pull() can be reduced to checks on skb->len because
in these contexts those headers will already have been pulled into the
skb linear area if it is there at all.
Signed-off-by: Ben Pfaff <blp at nicira.com>
commit 4c1ad233122408d073dd2265e9998ee87036b5ef
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=4c1ad233122408d073dd2265e9998ee87036b5ef
Author: Ben Pfaff <blp at nicira.com>
datapath: Report memory allocation errors in flow_extract().
Until now flow_extract() has simply returned a bogus flow when memory
allocation errors occurred. This fixes the problem by propagating the
error to the caller.
Signed-off-by: Ben Pfaff <blp at nicira.com>
-----------------------------------------------------------------------
Summary of changes:
datapath/actions.c | 112 ++++++++++++++++++++++++++++++++------------------
datapath/datapath.c | 12 +++++-
datapath/flow.c | 107 ++++++++++++++++++++++++++++++++-----------------
lib/dpif-netdev.c | 20 ++++++---
lib/flow.c | 32 ++++++++-------
5 files changed, 182 insertions(+), 101 deletions(-)
hooks/post-receive
--
Open vSwitch
More information about the git
mailing list