android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6d05659b60
android_kernel_xiaomi_sm8450/net
History
Aaron Conole 55cfccb658 net: openvswitch: limit the number of recursions from action sets 
[ Upstream commit 6e2f90d31fe09f2b852de25125ca875aabd81367 ]

The ovs module allows for some actions to recursively contain an action
list for complex scenarios, such as sampling, checking lengths, etc.
When these actions are copied into the internal flow table, they are
evaluated to validate that such actions make sense, and these calls
happen recursively.

The ovs-vswitchd userspace won't emit more than 16 recursion levels
deep.  However, the module has no such limit and will happily accept
limits larger than 16 levels nested.  Prevent this by tracking the
number of recursions happening and manually limiting it to 16 levels
nested.

The initial implementation of the sample action would track this depth
and prevent more than 3 levels of recursion, but this was removed to
support the clone use case, rather than limited at the current userspace
limit.

Fixes: 798c166173 ("openvswitch: Optimize sample action for the clone use cases")
Signed-off-by: Aaron Conole <aconole@redhat.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240207132416.1488485-2-aconole@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-02-23 08:42:23 +01:00
..
6lowpan 6lowpan: iphc: Fix an off-by-one check of array index 2021-09-15 09:50:34 +02:00
9p 9p/net: fix possible memory leak in p9_check_errors() 2024-01-05 15:12:29 +01:00
802 mrp: introduce active flags to prevent UAF when applicant uninit 2023-01-14 10:16:18 +01:00
8021q vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING 2024-02-23 08:41:55 +01:00
appletalk appletalk: Fix Use-After-Free in atalk_ioctl 2023-12-20 15:44:29 +01:00
atm atm: Fix Use-After-Free in do_vcc_ioctl 2023-12-20 15:44:28 +01:00
ax25 net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg 2022-06-22 14:13:17 +02:00
batman-adv net: vlan: introduce skb_vlan_eth_hdr() 2023-12-20 15:44:28 +01:00
bluetooth Bluetooth: L2CAP: Fix possible multiple reject send 2024-02-23 08:42:10 +01:00
bpf bpf: Move skb->len == 0 checks into __bpf_redirect 2023-01-14 10:15:31 +01:00
bpfilter bpfilter: Specify the log level for the kmsg message 2021-07-14 16:56:29 +02:00
bridge netfilter: nf_conntrack_bridge: initialize err to 0 2023-11-28 16:54:54 +00:00
caif net: caif: Fix use-after-free in cfusbl_device_notify() 2023-03-17 08:45:11 +01:00
can can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior 2023-11-08 17:30:51 +01:00
ceph libceph: use kernel_connect() 2023-10-25 11:54:15 +02:00
core tcp: make sure init the accept_queue's spinlocks once 2024-02-23 08:41:55 +01:00
dcb net: dcb: choose correct policy to parse DCB_ATTR_BCN 2023-08-11 11:57:50 +02:00
dccp dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:06:55 +01:00
decnet Remove DECnet support from kernel 2023-06-21 15:45:38 +02:00
dns_resolver keys, dns: Fix size check of V1 server-list header 2024-01-25 14:37:50 -08:00
dsa net: dsa: tag_sja1105: fix MAC DA patching from meta frames 2023-07-27 08:44:10 +02:00
ethernet net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
ethtool ethtool: netlink: Add missing ethnl_ops_begin/complete 2024-01-25 14:37:56 -08:00
hsr hsr: Prevent use after free in prp_create_tagged_frame() 2023-11-20 11:06:55 +01:00
ieee802154 net: ieee802154: fix error return code in dgram_bind() 2022-11-03 23:57:51 +09:00
ife net: sched: ife: fix potential use-after-free 2024-01-05 15:12:24 +01:00
ipv4 inet: read sk->sk_family once in inet_recv_error() 2024-02-23 08:42:20 +01:00
ipv6 ipv6: Ensure natural alignment of const ipv6 loopback and router addresses 2024-02-23 08:42:17 +01:00
iucv net/af_iucv: clean up a try_then_request_module() 2024-02-23 08:42:21 +01:00
kcm kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). 2023-09-19 12:20:30 +02:00
key net: af_key: fix sadb_x_filter validation 2023-08-26 15:26:51 +02:00
l2tp ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() 2023-10-10 21:53:38 +02:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-27 13:53:50 +02:00
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:29:14 +01:00
llc llc: call sock_orphan() at release time 2024-02-23 08:42:17 +01:00
mac80211 wifi: mac80211: mesh_plink: fix matches_local logic 2024-01-05 15:12:23 +01:00
mac802154 mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() 2022-12-14 11:32:01 +01:00
mpls net: mpls: fix stale pointer if allocation fails during device rename 2023-02-22 12:55:58 +01:00
mptcp mptcp: fix uninit-value in mptcp_incoming_options 2024-01-25 14:37:35 -08:00
ncsi net/ncsi: Fix netlink major/minor version numbers 2024-01-25 14:37:44 -08:00
netfilter netfilter: nft_set_rbtree: skip end interval element from gc 2024-02-23 08:42:22 +01:00
netlabel calipso: fix memory leak in netlbl_calipso_add_pass() 2024-01-25 14:37:40 -08:00
netlink netlink: fix potential sleeping issue in mqueue_flush_file 2024-02-23 08:41:56 +01:00
netrom netrom: Deny concurrent connect(). 2023-09-19 12:20:10 +02:00
nfc nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local 2024-01-15 18:48:03 +01:00
nsh net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() 2023-05-30 12:57:52 +01:00
openvswitch net: openvswitch: limit the number of recursions from action sets 2024-02-23 08:42:23 +01:00
packet packet: Move reference count in packet_sock to atomic_long_t 2023-12-13 18:27:03 +01:00
phonet phonet: refcount leak in pep_sock_accep 2022-01-11 15:25:01 +01:00
psample psample: Require 'CAP_NET_ADMIN' when joining "packets" group 2023-12-13 18:27:06 +01:00
qrtr net: qrtr: ns: Return 0 if server port is not present 2024-01-25 14:37:38 -08:00
rds net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv 2024-02-23 08:41:56 +01:00
rfkill net: rfkill: gpio: set GPIO direction 2024-01-05 15:12:28 +01:00
rose net/rose: fix races in rose_kill_by_device() 2024-01-05 15:12:24 +01:00
rxrpc rxrpc: Fix response to PING RESPONSE ACKs to a dead call 2024-02-23 08:42:20 +01:00
sched net: sched: em_text: fix possible memory leak in em_text_destroy() 2024-01-15 18:48:04 +01:00
sctp sctp: update hb timer immediately after users change hb_interval 2023-10-10 21:53:39 +02:00
smc net/smc: fix illegal rmb_desc access in SMC-D connection dump 2024-02-23 08:41:55 +01:00
strparser bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2021-11-18 14:04:27 +01:00
sunrpc SUNRPC: Fix a suspicious RCU usage warning 2024-02-23 08:42:05 +01:00
switchdev net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP 2021-02-07 15:37:12 +01:00
tipc tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() 2024-02-23 08:42:20 +01:00
tls net: tls, update curr on splice as well 2024-01-15 18:48:07 +01:00
unix af_unix: fix lockdep positive in sk_diag_dump_icons() 2024-02-23 08:42:17 +01:00
vmw_vsock virtio/vsock: fix logic which reduces credit update messages 2024-01-25 14:37:45 -08:00
wimax genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
wireless wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update 2024-02-23 08:42:15 +01:00
x25 net/x25: Fix to not accept on connected socket 2023-02-15 17:22:15 +01:00
xdp xsk: Honor SO_BINDTODEVICE on bind 2023-07-27 08:44:09 +02:00
xfrm xfrm: interface: use DEV_STATS_INC() 2023-10-25 11:54:19 +02:00
compat.c net: Return the correct errno code 2021-06-18 10:00:06 +02:00
devres.c net: devres: rename the release callback of devm_register_netdev() 2020-06-30 15:57:34 -07:00
Kconfig Remove DECnet support from kernel 2023-06-21 15:45:38 +02:00
Makefile Remove DECnet support from kernel 2023-06-21 15:45:38 +02:00
socket.c net: Save and restore msg_namelen in sock_sendmsg 2024-01-15 18:48:04 +01:00
sysctl_net.c