GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/1.2/patches/2222580/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2222580,
    "url": "http://patchwork.ozlabs.org/api/1.2/patches/2222580/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/openvswitch/patch/20260413035514.2113886-3-bestswngs@gmail.com/",
    "project": {
        "id": 47,
        "url": "http://patchwork.ozlabs.org/api/1.2/projects/47/?format=api",
        "name": "Open vSwitch",
        "link_name": "openvswitch",
        "list_id": "ovs-dev.openvswitch.org",
        "list_email": "ovs-dev@openvswitch.org",
        "web_url": "http://openvswitch.org/",
        "scm_url": "git@github.com:openvswitch/ovs.git",
        "webscm_url": "https://github.com/openvswitch/ovs",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260413035514.2113886-3-bestswngs@gmail.com>",
    "list_archive_url": null,
    "date": "2026-04-13T03:55:16",
    "name": "[ovs-dev,v3,net] openvswitch: limit vport upcall portids to the number of CPUs",
    "commit_ref": null,
    "pull_url": null,
    "state": "changes-requested",
    "archived": false,
    "hash": "5e491aacb5c88fb8aa31a87ffc841f5f01a7a252",
    "submitter": {
        "id": 92941,
        "url": "http://patchwork.ozlabs.org/api/1.2/people/92941/?format=api",
        "name": "Weiming Shi",
        "email": "bestswngs@gmail.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/openvswitch/patch/20260413035514.2113886-3-bestswngs@gmail.com/mbox/",
    "series": [
        {
            "id": 499640,
            "url": "http://patchwork.ozlabs.org/api/1.2/series/499640/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/openvswitch/list/?series=499640",
            "date": "2026-04-13T03:55:16",
            "name": "[ovs-dev,v3,net] openvswitch: limit vport upcall portids to the number of CPUs",
            "version": 3,
            "mbox": "http://patchwork.ozlabs.org/series/499640/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2222580/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2222580/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<ovs-dev-bounces@openvswitch.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "dev@openvswitch.org"
        ],
        "Delivered-To": [
            "patchwork-incoming@legolas.ozlabs.org",
            "ovs-dev@lists.linuxfoundation.org"
        ],
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=rGRQltAD;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org\n (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)",
            "smtp3.osuosl.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key)\n header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20251104\n header.b=rGRQltAD",
            "smtp4.osuosl.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com",
            "smtp4.osuosl.org;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.a=rsa-sha256 header.s=20251104 header.b=rGRQltAD"
        ],
        "Received": [
            "from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fvD9z2Jqrz1xtJ\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 13 Apr 2026 13:56:53 +1000 (AEST)",
            "from localhost (localhost [127.0.0.1])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id 082D761AD4;\n\tMon, 13 Apr 2026 03:56:51 +0000 (UTC)",
            "from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id 3PPOvfEfxhfT; Mon, 13 Apr 2026 03:56:49 +0000 (UTC)",
            "from lists.linuxfoundation.org (lf-lists.osuosl.org\n [IPv6:2605:bc80:3010:104::8cd3:938])\n\tby smtp3.osuosl.org (Postfix) with ESMTPS id D228D61AAF;\n\tMon, 13 Apr 2026 03:56:49 +0000 (UTC)",
            "from lf-lists.osuosl.org (localhost [127.0.0.1])\n\tby lists.linuxfoundation.org (Postfix) with ESMTP id 9A1B6C054A;\n\tMon, 13 Apr 2026 03:56:49 +0000 (UTC)",
            "from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n by lists.linuxfoundation.org (Postfix) with ESMTP id BE387C0549\n for <dev@openvswitch.org>; Mon, 13 Apr 2026 03:56:48 +0000 (UTC)",
            "from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id 9DE974266F\n for <dev@openvswitch.org>; Mon, 13 Apr 2026 03:56:48 +0000 (UTC)",
            "from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id TpIOlHZb_Jtm for <dev@openvswitch.org>;\n Mon, 13 Apr 2026 03:56:48 +0000 (UTC)",
            "from mail-dy1-x1334.google.com (mail-dy1-x1334.google.com\n [IPv6:2607:f8b0:4864:20::1334])\n by smtp4.osuosl.org (Postfix) with ESMTPS id CD3E34266E\n for <dev@openvswitch.org>; Mon, 13 Apr 2026 03:56:47 +0000 (UTC)",
            "by mail-dy1-x1334.google.com with SMTP id\n 5a478bee46e88-2d7bdb5ffffso2971953eec.1\n for <dev@openvswitch.org>; Sun, 12 Apr 2026 20:56:47 -0700 (PDT)",
            "from efaec68ba852.tailc0aff1.ts.net ([206.206.192.132])\n by smtp.gmail.com with ESMTPSA id\n 5a478bee46e88-2d55faa556esm17556759eec.8.2026.04.12.20.56.45\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Sun, 12 Apr 2026 20:56:45 -0700 (PDT)"
        ],
        "X-Virus-Scanned": [
            "amavis at osuosl.org",
            "amavis at osuosl.org"
        ],
        "X-Comment": "SPF check N/A for local connections -\n client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN> ",
        "DKIM-Filter": [
            "OpenDKIM Filter v2.11.0 smtp3.osuosl.org D228D61AAF",
            "OpenDKIM Filter v2.11.0 smtp4.osuosl.org CD3E34266E"
        ],
        "Received-SPF": "Pass (mailfrom) identity=mailfrom;\n client-ip=2607:f8b0:4864:20::1334; helo=mail-dy1-x1334.google.com;\n envelope-from=bestswngs@gmail.com; receiver=<UNKNOWN>",
        "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp4.osuosl.org CD3E34266E",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1776052607; x=1776657407; darn=openvswitch.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=ksse4B43hM7NUUjw8ChXIOrvUMR9FRTyaZM0w6KrO/M=;\n b=rGRQltADbUHnrjQaGBDDpHADXl0hbZ6aI+sVKHwNgfQmGQWQLPLtNFjDtYGuLLdDbi\n YtNX5BRz/FMYTsWqQi4yE78QYVT2+/BupzaK1DueIbHUdlz0TkO1QiisteeGDoXNyYvI\n FDU/2w5ThXClaOhqIm1NQvZo3ZPtTVDLZaObcOI8SksxbIsT7p/a+8JkYcE+obrnxBhW\n Y8bbEYEvrSI3M6Uio3qzvm10r8EYX8LJv7FtmOT/UgYFkEjJLkOK3AsKlOuvns8L2eXD\n tvzGBnrWN1g1BEn6p6oDRM6InIYeqTD2mXu+l9xb6tTIT6ZCPL6NzlmRUaCl12p0DhxY\n 3zqA==",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776052607; x=1776657407;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=ksse4B43hM7NUUjw8ChXIOrvUMR9FRTyaZM0w6KrO/M=;\n b=a8vaVlugybmod7qDn9y79g1PZ/khzRbBUadWyKCbC6WYypPO4LkLn3Qxa/wuAhttGa\n 4769eezClNCsAj9wBLQAv1EbnGykzV/qCcsNGTjIwdKuRWpkk7qIfpuLTfuSTSDhNodi\n ivCT6SYSE/i5sT5sm3oIpWb5VHBlWhhjbZbduBn4Plde4yEDx+CXYn1gHSdOVk+y0uXk\n rWeaqYKhEHcqKNvH1cQ8YA1FRTU74dBjN7/tIM1+uPZpZiyS4Ia3+2ui4ZLPMVLJaos4\n 9mDQv1ZekNLQENBE7uglFa/z9FdVbb2fJFN2bCvybslLYMfyL4kz6DeDY8DKUMvDQHVs\n f1KA==",
        "X-Forwarded-Encrypted": "i=1;\n AFNElJ9WjvRDPWzMyHcuyig939w3TLzjf61lso/Lg29LzsqpG0xSByDsBu74sz1tN/h+TxxdzxA=@openvswitch.org",
        "X-Gm-Message-State": "AOJu0Yz2ibnTcMuaf8zgjyoND3+oxYeSbpBq9ph7znl/7gN1Vs2ocQZD\n NInLv5pAiORYYq6aXauys4R3aCJqllRV84zHR0ghZNXO1iq4+sG9UnVn",
        "X-Gm-Gg": "AeBDiesA177DiVknqoUhJA12uDInk2iXpGy78PIOOi4YGnqEowAWBhVxLpdPGQOVSsF\n q2os6lRNYj0tru3ReuKamy/rGo9nPu4k7AlmVvMvjnzgAzc0RDL5HHb05U+k2pQtMoO8Zp+m2Kt\n PF/lOqPszqOx5YoEvqdf0bK7WLoC9MKKROYuOIYTNNlZx1N2fbGAqGIUOm/ngHS/UQRaQLz7+v4\n ZzvCHDewAczxUgir/sQUu325VifBdhRe8DBUgQBe60Cdvl3sGg4PHcrde2OAONhaUYhvAlOoki3\n 4rWneznKn8wK7Z8gW6AWNYScdLsKU2TSAaVMeFICSq1WkFjMv6IdxBKjYPD4fRmD+s/O8HrKiAn\n I5vcbO8rbHS2+AikRRucYzYTDG80LV1QGdpBkTCRL5NY4p8BpZs4KePc0oNs/pu+po6XFgKCeM3\n XH/BbQaHilAdyVwjWmb4iVkFSnMjDXEkVktasvbsD6+6HcGSHu9A/wp1he+Z8NmgYCDE9ITxaDa\n WcLbX4K4s70ZTrSbVfC",
        "X-Received": "by 2002:a05:7300:730f:b0:2c4:8d51:f983 with SMTP id\n 5a478bee46e88-2d587e7f4e5mr6922857eec.11.1776052606602;\n Sun, 12 Apr 2026 20:56:46 -0700 (PDT)",
        "From": "Weiming Shi <bestswngs@gmail.com>",
        "To": "Aaron Conole <aconole@redhat.com>, Eelco Chaudron <echaudro@redhat.com>,\n Ilya Maximets <i.maximets@ovn.org>,\n \"David S . Miller\" <davem@davemloft.net>,\n Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>,\n Paolo Abeni <pabeni@redhat.com>",
        "Cc": "Simon Horman <horms@kernel.org>, Thomas Graf <tgraf@redhat.com>,\n Pravin B Shelar <pshelar@nicira.com>, Alex Wang <alexw@nicira.com>,\n netdev@vger.kernel.org, dev@openvswitch.org, linux-kernel@vger.kernel.org,\n Xiang Mei <xmei5@asu.edu>, Weiming Shi <bestswngs@gmail.com>",
        "Date": "Sun, 12 Apr 2026 20:55:16 -0700",
        "Message-ID": "<20260413035514.2113886-3-bestswngs@gmail.com>",
        "X-Mailer": "git-send-email 2.43.0",
        "MIME-Version": "1.0",
        "Subject": "[ovs-dev] [PATCH v3 net] openvswitch: limit vport upcall portids to\n the number of CPUs",
        "X-BeenThere": "ovs-dev@openvswitch.org",
        "X-Mailman-Version": "2.1.30",
        "Precedence": "list",
        "List-Id": "<ovs-dev.openvswitch.org>",
        "List-Unsubscribe": "<https://mail.openvswitch.org/mailman/options/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>",
        "List-Archive": "<http://mail.openvswitch.org/pipermail/ovs-dev/>",
        "List-Post": "<mailto:ovs-dev@openvswitch.org>",
        "List-Help": "<mailto:ovs-dev-request@openvswitch.org?subject=help>",
        "List-Subscribe": "<https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Errors-To": "ovs-dev-bounces@openvswitch.org",
        "Sender": "\"dev\" <ovs-dev-bounces@openvswitch.org>"
    },
    "content": "The vport netlink reply helpers allocate a fixed-size skb with\nnlmsg_new(NLMSG_DEFAULT_SIZE, ...) but serialize the full upcall PID\narray via ovs_vport_get_upcall_portids().  Since\novs_vport_set_upcall_portids() accepts any non-zero multiple of\nsizeof(u32) with no upper bound, a CAP_NET_ADMIN user can install a PID\narray large enough to overflow the reply buffer, causing nla_put() to\nfail with -EMSGSIZE and hitting BUG_ON(err < 0).  On systems with\nunprivileged user namespaces enabled (e.g., Ubuntu default), this is\nreachable via unshare -Urn since OVS vport mutation operations use\nGENL_UNS_ADMIN_PERM.\n\n  kernel BUG at net/openvswitch/datapath.c:2414!\n  Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\n  CPU: 1 UID: 0 PID: 65 Comm: poc Not tainted 7.0.0-rc7-00195-geb216e422044 #1\n  RIP: 0010:ovs_vport_cmd_set+0x34c/0x400\n  Call Trace:\n   <TASK>\n   genl_family_rcv_msg_doit (net/netlink/genetlink.c:1116)\n   genl_rcv_msg (net/netlink/genetlink.c:1194)\n   netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n   genl_rcv (net/netlink/genetlink.c:1219)\n   netlink_unicast (net/netlink/af_netlink.c:1344)\n   netlink_sendmsg (net/netlink/af_netlink.c:1894)\n   __sys_sendto (net/socket.c:2206)\n   __x64_sys_sendto (net/socket.c:2209)\n   do_syscall_64 (arch/x86/entry/syscall_64.c:63)\n   entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n   </TASK>\n  Kernel panic - not syncing: Fatal exception\n\nReject attempts to set more PIDs than num_possible_cpus() in\novs_vport_set_upcall_portids(), and pre-compute the worst-case reply\nsize in ovs_vport_cmd_msg_size() based on that bound, similar to the\nexisting ovs_dp_cmd_msg_size().\n\nFixes: 5cd667b0a456 (\"openvswitch: Allow each vport to have an array of 'port_id's.\")\nReported-by: Xiang Mei <xmei5@asu.edu>\nSigned-off-by: Weiming Shi <bestswngs@gmail.com>\n---\nv3:\n - Cap PID array at num_possible_cpus() in ovs_vport_set_upcall_portids().\n - Add ovs_vport_cmd_msg_size() for worst-case reply allocation.\n - Keep BUG_ON()s, fix Fixes tag.\nv2:\n - Dynamically size reply skb instead of using fixed NLMSG_DEFAULT_SIZE.\n - Drop WARN_ON_ONCE; use plain error returns instead.\n\n net/openvswitch/datapath.c | 23 +++++++++++++++++++++--\n net/openvswitch/vport.c    |  3 +++\n 2 files changed, 24 insertions(+), 2 deletions(-)",
    "diff": "diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c\nindex e209099218b4..4049bfa1c4df 100644\n--- a/net/openvswitch/datapath.c\n+++ b/net/openvswitch/datapath.c\n@@ -2184,9 +2184,28 @@ static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,\n \treturn err;\n }\n \n+static size_t ovs_vport_cmd_msg_size(void)\n+{\n+\tsize_t msgsize = NLMSG_ALIGN(sizeof(struct ovs_header));\n+\n+\tmsgsize += nla_total_size(sizeof(u32)); /* OVS_VPORT_ATTR_PORT_NO */\n+\tmsgsize += nla_total_size(sizeof(u32)); /* OVS_VPORT_ATTR_TYPE */\n+\tmsgsize += nla_total_size(IFNAMSIZ);\n+\tmsgsize += nla_total_size(sizeof(u32)); /* OVS_VPORT_ATTR_IFINDEX */\n+\tmsgsize += nla_total_size(sizeof(s32)); /* OVS_VPORT_ATTR_NETNSID */\n+\tmsgsize += nla_total_size_64bit(sizeof(struct ovs_vport_stats));\n+\tmsgsize += nla_total_size(nla_total_size_64bit(sizeof(u64)) +\n+\t\t\t\t  nla_total_size_64bit(sizeof(u64)));\n+\tmsgsize += nla_total_size(num_possible_cpus() * sizeof(u32));\n+\tmsgsize += nla_total_size(nla_total_size(sizeof(u16)) +\n+\t\t\t\t  nla_total_size(nla_total_size(0)));\n+\n+\treturn msgsize;\n+}\n+\n static struct sk_buff *ovs_vport_cmd_alloc_info(void)\n {\n-\treturn nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);\n+\treturn genlmsg_new(ovs_vport_cmd_msg_size(), GFP_KERNEL);\n }\n \n /* Called with ovs_mutex, only via ovs_dp_notify_wq(). */\n@@ -2196,7 +2215,7 @@ struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, struct net *net,\n \tstruct sk_buff *skb;\n \tint retval;\n \n-\tskb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);\n+\tskb = ovs_vport_cmd_alloc_info();\n \tif (!skb)\n \t\treturn ERR_PTR(-ENOMEM);\n \ndiff --git a/net/openvswitch/vport.c b/net/openvswitch/vport.c\nindex 23f629e94a36..ccd43bc47bc6 100644\n--- a/net/openvswitch/vport.c\n+++ b/net/openvswitch/vport.c\n@@ -406,6 +406,9 @@ int ovs_vport_set_upcall_portids(struct vport *vport, const struct nlattr *ids)\n \tif (!nla_len(ids) || nla_len(ids) % sizeof(u32))\n \t\treturn -EINVAL;\n \n+\tif (nla_len(ids) / sizeof(u32) > num_possible_cpus())\n+\t\treturn -EINVAL;\n+\n \told = ovsl_dereference(vport->upcall_portids);\n \n \tvport_portids = kmalloc(sizeof(*vport_portids) + nla_len(ids),\n",
    "prefixes": [
        "ovs-dev",
        "v3",
        "net"
    ]
}