From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Aaron Conole <aconole@redhat.com>,
Simon Horman <horms@kernel.org>, Jakub Kicinski <kuba@kernel.org>,
Sasha Levin <sashal@kernel.org>,
pshelar@ovn.org, davem@davemloft.net, edumazet@google.com,
pabeni@redhat.com, shuah@kernel.org, netdev@vger.kernel.org,
dev@openvswitch.org, linux-kselftest@vger.kernel.org
Subject: [PATCH AUTOSEL 6.7 10/26] selftests: openvswitch: Add validation for the recursion test
Date: Thu, 29 Feb 2024 10:48:29 -0500 [thread overview]
Message-ID: <20240229154851.2849367-10-sashal@kernel.org> (raw)
In-Reply-To: <20240229154851.2849367-1-sashal@kernel.org>
From: Aaron Conole <aconole@redhat.com>
[ Upstream commit bd128f62c365504e1268dc09fcccdfb1f091e93a ]
Add a test case into the netlink checks that will show the number of
nested action recursions won't exceed 16. Going to 17 on a small
clone call isn't enough to exhaust the stack on (most) systems, so
it should be safe to run even on systems that don't have the fix
applied.
Signed-off-by: Aaron Conole <aconole@redhat.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240207132416.1488485-3-aconole@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../selftests/net/openvswitch/openvswitch.sh | 13 ++++
.../selftests/net/openvswitch/ovs-dpctl.py | 71 +++++++++++++++----
2 files changed, 69 insertions(+), 15 deletions(-)
diff --git a/tools/testing/selftests/net/openvswitch/openvswitch.sh b/tools/testing/selftests/net/openvswitch/openvswitch.sh
index f8499d4c87f3f..36e40256ab92a 100755
--- a/tools/testing/selftests/net/openvswitch/openvswitch.sh
+++ b/tools/testing/selftests/net/openvswitch/openvswitch.sh
@@ -502,7 +502,20 @@ test_netlink_checks () {
wc -l) == 2 ] || \
return 1
+ info "Checking clone depth"
ERR_MSG="Flow actions may not be safe on all matching packets"
+ PRE_TEST=$(dmesg | grep -c "${ERR_MSG}")
+ ovs_add_flow "test_netlink_checks" nv0 \
+ 'in_port(1),eth(),eth_type(0x800),ipv4()' \
+ 'clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(clone(drop)))))))))))))))))' \
+ >/dev/null 2>&1 && return 1
+ POST_TEST=$(dmesg | grep -c "${ERR_MSG}")
+
+ if [ "$PRE_TEST" == "$POST_TEST" ]; then
+ info "failed - clone depth too large"
+ return 1
+ fi
+
PRE_TEST=$(dmesg | grep -c "${ERR_MSG}")
ovs_add_flow "test_netlink_checks" nv0 \
'in_port(1),eth(),eth_type(0x0806),arp()' 'drop(0),2' \
diff --git a/tools/testing/selftests/net/openvswitch/ovs-dpctl.py b/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
index b97e621face95..5e0e539a323d5 100644
--- a/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
+++ b/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
@@ -299,7 +299,7 @@ class ovsactions(nla):
("OVS_ACTION_ATTR_PUSH_NSH", "none"),
("OVS_ACTION_ATTR_POP_NSH", "flag"),
("OVS_ACTION_ATTR_METER", "none"),
- ("OVS_ACTION_ATTR_CLONE", "none"),
+ ("OVS_ACTION_ATTR_CLONE", "recursive"),
("OVS_ACTION_ATTR_CHECK_PKT_LEN", "none"),
("OVS_ACTION_ATTR_ADD_MPLS", "none"),
("OVS_ACTION_ATTR_DEC_TTL", "none"),
@@ -465,29 +465,42 @@ class ovsactions(nla):
print_str += "pop_mpls"
else:
datum = self.get_attr(field[0])
- print_str += datum.dpstr(more)
+ if field[0] == "OVS_ACTION_ATTR_CLONE":
+ print_str += "clone("
+ print_str += datum.dpstr(more)
+ print_str += ")"
+ else:
+ print_str += datum.dpstr(more)
return print_str
def parse(self, actstr):
+ totallen = len(actstr)
while len(actstr) != 0:
parsed = False
+ parencount = 0
if actstr.startswith("drop"):
# If no reason is provided, the implicit drop is used (i.e no
# action). If some reason is given, an explicit action is used.
- actstr, reason = parse_extract_field(
- actstr,
- "drop(",
- "([0-9]+)",
- lambda x: int(x, 0),
- False,
- None,
- )
+ reason = None
+ if actstr.startswith("drop("):
+ parencount += 1
+
+ actstr, reason = parse_extract_field(
+ actstr,
+ "drop(",
+ "([0-9]+)",
+ lambda x: int(x, 0),
+ False,
+ None,
+ )
+
if reason is not None:
self["attrs"].append(["OVS_ACTION_ATTR_DROP", reason])
parsed = True
else:
- return
+ actstr = actstr[len("drop"): ]
+ return (totallen - len(actstr))
elif parse_starts_block(actstr, "^(\d+)", False, True):
actstr, output = parse_extract_field(
@@ -504,6 +517,7 @@ class ovsactions(nla):
False,
0,
)
+ parencount += 1
self["attrs"].append(["OVS_ACTION_ATTR_RECIRC", recircid])
parsed = True
@@ -516,12 +530,22 @@ class ovsactions(nla):
for flat_act in parse_flat_map:
if parse_starts_block(actstr, flat_act[0], False):
- actstr += len(flat_act[0])
+ actstr = actstr[len(flat_act[0]):]
self["attrs"].append([flat_act[1]])
actstr = actstr[strspn(actstr, ", ") :]
parsed = True
- if parse_starts_block(actstr, "ct(", False):
+ if parse_starts_block(actstr, "clone(", False):
+ parencount += 1
+ subacts = ovsactions()
+ actstr = actstr[len("clone("):]
+ parsedLen = subacts.parse(actstr)
+ lst = []
+ self["attrs"].append(("OVS_ACTION_ATTR_CLONE", subacts))
+ actstr = actstr[parsedLen:]
+ parsed = True
+ elif parse_starts_block(actstr, "ct(", False):
+ parencount += 1
actstr = actstr[len("ct(") :]
ctact = ovsactions.ctact()
@@ -553,6 +577,7 @@ class ovsactions(nla):
natact = ovsactions.ctact.natattr()
if actstr.startswith("("):
+ parencount += 1
t = None
actstr = actstr[1:]
if actstr.startswith("src"):
@@ -607,15 +632,29 @@ class ovsactions(nla):
actstr = actstr[strspn(actstr, ", ") :]
ctact["attrs"].append(["OVS_CT_ATTR_NAT", natact])
- actstr = actstr[strspn(actstr, ",) ") :]
+ actstr = actstr[strspn(actstr, ", ") :]
self["attrs"].append(["OVS_ACTION_ATTR_CT", ctact])
parsed = True
- actstr = actstr[strspn(actstr, "), ") :]
+ actstr = actstr[strspn(actstr, ", ") :]
+ while parencount > 0:
+ parencount -= 1
+ actstr = actstr[strspn(actstr, " "):]
+ if len(actstr) and actstr[0] != ")":
+ raise ValueError("Action str: '%s' unbalanced" % actstr)
+ actstr = actstr[1:]
+
+ if len(actstr) and actstr[0] == ")":
+ return (totallen - len(actstr))
+
+ actstr = actstr[strspn(actstr, ", ") :]
+
if not parsed:
raise ValueError("Action str: '%s' not supported" % actstr)
+ return (totallen - len(actstr))
+
class ovskey(nla):
nla_flags = NLA_F_NESTED
@@ -2111,6 +2150,8 @@ def main(argv):
ovsflow = OvsFlow()
ndb = NDB()
+ sys.setrecursionlimit(100000)
+
if hasattr(args, "showdp"):
found = False
for iface in ndb.interfaces:
--
2.43.0
next prev parent reply other threads:[~2024-02-29 15:49 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-29 15:48 [PATCH AUTOSEL 6.7 01/26] media: Revert "media: rkisp1: Drop IRQF_SHARED" Sasha Levin
2024-02-29 15:48 ` Sasha Levin
2024-02-29 15:48 ` Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 02/26] media: rkisp1: Fix IRQ handling due to shared interrupts Sasha Levin
2024-02-29 15:48 ` Sasha Levin
2024-02-29 15:48 ` Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 03/26] Revert "drm/msm/gpu: Push gpu lock down past runpm" Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 04/26] HID: logitech-hidpp: Do not flood kernel log Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 05/26] ASoC: cs42l43: Handle error from devm_pm_runtime_enable Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 06/26] wifi: iwlwifi: mvm: use correct address 3 in A-MSDU Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 07/26] arm64: jump_label: use constraints "Si" instead of "i" Sasha Levin
2024-02-29 15:48 ` Sasha Levin
2024-02-29 15:56 ` Mark Rutland
2024-02-29 15:56 ` Mark Rutland
2024-03-18 13:24 ` Sasha Levin
2024-03-18 13:24 ` Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 08/26] perf/arm-cmn: Workaround AmpereOneX errata AC04_MESH_1 (incorrect child count) Sasha Levin
2024-02-29 15:48 ` Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 09/26] btrfs: add and use helper to check if block group is used Sasha Levin
2024-02-29 15:52 ` David Sterba
2024-02-29 15:48 ` Sasha Levin [this message]
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 11/26] net: tls: factor out tls_*crypt_async_wait() Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 12/26] selftests: tls: use exact comparison in recv_partial Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 13/26] ASoC: rt5645: Make LattePanda board DMI match more precise Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 14/26] spi: omap2-mcspi: Revert FIFO support without DMA Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 15/26] spi: intel-pci: Add support for Lunar Lake-M SPI serial flash Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 16/26] regmap: kunit: Ensure that changed bytes are actually different Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 17/26] ASoC: amd: yc: Fix non-functional mic on Lenovo 82UU Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 18/26] x86/xen: Add some null pointer checking to smp.c Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 19/26] MIPS: Clear Cause.BD in instruction_pointer_set Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 20/26] ceph: always queue a writeback when revoking the Fb caps Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 21/26] ceph: add ceph_cap_unlink_work to fire check_caps() immediately Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 22/26] HID: multitouch: Add required quirk for Synaptics 0xcddc device Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 23/26] ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 24/26] ALSA: hda/realtek: cs35l41: Add internal speaker support for ASUS UM3402 with missing DSD Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 25/26] gen_compile_commands: fix invalid escape sequence warning Sasha Levin
2024-02-29 15:48 ` [PATCH AUTOSEL 6.7 26/26] arm64/sve: Lower the maximum allocation for the SVE ptrace regset Sasha Levin
2024-02-29 15:48 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240229154851.2849367-10-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=aconole@redhat.com \
--cc=davem@davemloft.net \
--cc=dev@openvswitch.org \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pshelar@ovn.org \
--cc=shuah@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.