[ovs-git] [openvswitch/ovs] bd42c1: datapath: Backport "openvswitch: Zero flows on all...

GitHub noreply at github.com
Thu Sep 24 03:12:16 UTC 2015


  Branch: refs/heads/branch-2.3
  Home:   https://github.com/openvswitch/ovs
  Commit: bd42c105e718cd90c636298abe3cfb1cc65bd431
      https://github.com/openvswitch/ovs/commit/bd42c105e718cd90c636298abe3cfb1cc65bd431
  Author: Jesse Gross <jesse at nicira.com>
  Date:   2015-09-23 (Wed, 23 Sep 2015)

  Changed paths:
    M datapath/datapath.c
    M datapath/flow_table.c
    M datapath/flow_table.h

  Log Message:
  -----------
  datapath: Backport "openvswitch: Zero flows on allocation."

Upstream commit:
    openvswitch: Zero flows on allocation.

    When support for megaflows was introduced, OVS needed to start
    installing flows with a mask applied to them. Since masking is an
    expensive operation, OVS also had an optimization that would only
    take the parts of the flow keys that were covered by a non-zero
    mask. The values stored in the remaining pieces should not matter
    because they are masked out.

    While this works fine for the purposes of matching (which must always
    look at the mask), serialization to netlink can be problematic. Since
    the flow and the mask are serialized separately, the uninitialized
    portions of the flow can be encoded with whatever values happen to be
    present.

    In terms of functionality, this has little effect since these fields
    will be masked out by definition. However, it leaks kernel memory to
    userspace, which is a potential security vulnerability. It is also
    possible that other code paths could look at the masked key and get
    uninitialized data, although this does not currently appear to be an
    issue in practice.

    This removes the mask optimization for flows that are being installed.
    This was always intended to be the case as the mask optimizations were
    really targetting per-packet flow operations.

    Fixes: 03f0d916 ("openvswitch: Mega flow implementation")
    Signed-off-by: Jesse Gross <jesse at nicira.com>
    Acked-by: Pravin B Shelar <pshelar at nicira.com>
    Signed-off-by: David S. Miller <davem at davemloft.net>

Upstream: ae5f2fb1 ("openvswitch: Zero flows on allocation.")
Signed-off-by: Jesse Gross <jesse at nicira.com>
Acked-by: Pravin B Shelar <pshelar at nicira.com>

Conflicts:
	datapath/datapath.c
	datapath/flow_table.c




More information about the git mailing list