[{"id":3677265,"web_url":"http://patchwork.ozlabs.org/comment/3677265/","msgid":"<2f3d5e0c-481c-4d0e-997a-65fabc3d84c0@ovn.org>","list_archive_url":null,"date":"2026-04-14T15:31:21","subject":"Re: [ovs-dev] [PATCH v3 net] openvswitch: limit vport upcall\n portids to the number of CPUs","submitter":{"id":76798,"url":"http://patchwork.ozlabs.org/api/people/76798/","name":"Ilya Maximets","email":"i.maximets@ovn.org"},"content":"On 4/13/26 5:55 AM, Weiming Shi wrote:\n> The vport netlink reply helpers allocate a fixed-size skb with\n> nlmsg_new(NLMSG_DEFAULT_SIZE, ...) but serialize the full upcall PID\n> array via ovs_vport_get_upcall_portids(). Since\n> ovs_vport_set_upcall_portids() accepts any non-zero multiple of\n> sizeof(u32) with no upper bound, a CAP_NET_ADMIN user can install a PID\n> array large enough to overflow the reply buffer, causing nla_put() to\n> fail with -EMSGSIZE and hitting BUG_ON(err < 0). On systems with\n> unprivileged user namespaces enabled (e.g., Ubuntu default), this is\n> reachable via unshare -Urn since OVS vport mutation operations use\n> GENL_UNS_ADMIN_PERM.\n> \n> kernel BUG at net/openvswitch/datapath.c:2414!\n> Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\n> CPU: 1 UID: 0 PID: 65 Comm: poc Not tainted 7.0.0-rc7-00195-geb216e422044 #1\n> RIP: 0010:ovs_vport_cmd_set+0x34c/0x400\n> Call Trace:\n> \n> genl_family_rcv_msg_doit (net/netlink/genetlink.c:1116)\n> genl_rcv_msg (net/netlink/genetlink.c:1194)\n> netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n> genl_rcv (net/netlink/genetlink.c:1219)\n> netlink_unicast (net/netlink/af_netlink.c:1344)\n> netlink_sendmsg (net/netlink/af_netlink.c:1894)\n> __sys_sendto (net/socket.c:2206)\n> __x64_sys_sendto (net/socket.c:2209)\n> do_syscall_64 (arch/x86/entry/syscall_64.c:63)\n> entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n> \n> Kernel panic - not syncing: Fatal exception\n> \n> Reject attempts to set more PIDs than num_possible_cpus() in\n\nAny reason not to use nr_cpu_ids? If not, then its better to switch to\nthat to be consistent with the per-cpu dispatch configuration.\n\n> ovs_vport_set_upcall_portids(), and pre-compute the worst-case reply\n> size in ovs_vport_cmd_msg_size() based on that bound, similar to the\n> existing ovs_dp_cmd_msg_size().\n> \n> Fixes: 5cd667b0a456 (\"openvswitch: Allow each vport to have an array of 'port_id's.\")\n> Reported-by: Xiang Mei \n> Signed-off-by: Weiming Shi \n> ---\n> v3:\n> - Cap PID array at num_possible_cpus() in ovs_vport_set_upcall_portids().\n> - Add ovs_vport_cmd_msg_size() for worst-case reply allocation.\n> - Keep BUG_ON()s, fix Fixes tag.\n> v2:\n> - Dynamically size reply skb instead of using fixed NLMSG_DEFAULT_SIZE.\n> - Drop WARN_ON_ONCE; use plain error returns instead.\n> \n> net/openvswitch/datapath.c | 23 +++++++++++++++++++++--\n> net/openvswitch/vport.c | 3 +++\n> 2 files changed, 24 insertions(+), 2 deletions(-)\n> \n> diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c\n> index e209099218b4..4049bfa1c4df 100644\n> --- a/net/openvswitch/datapath.c\n> +++ b/net/openvswitch/datapath.c\n> @@ -2184,9 +2184,28 @@ static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,\n> \treturn err;\n> }\n> \n> +static size_t ovs_vport_cmd_msg_size(void)\n> +{\n> +\tsize_t msgsize = NLMSG_ALIGN(sizeof(struct ovs_header));\n> +\n> +\tmsgsize += nla_total_size(sizeof(u32)); /* OVS_VPORT_ATTR_PORT_NO */\n> +\tmsgsize += nla_total_size(sizeof(u32)); /* OVS_VPORT_ATTR_TYPE */\n> +\tmsgsize += nla_total_size(IFNAMSIZ);\n> +\tmsgsize += nla_total_size(sizeof(u32)); /* OVS_VPORT_ATTR_IFINDEX */\n> +\tmsgsize += nla_total_size(sizeof(s32)); /* OVS_VPORT_ATTR_NETNSID */\n> +\tmsgsize += nla_total_size_64bit(sizeof(struct ovs_vport_stats));\n> +\tmsgsize += nla_total_size(nla_total_size_64bit(sizeof(u64)) +\n> +\t\t\t\t nla_total_size_64bit(sizeof(u64)));\n> +\tmsgsize += nla_total_size(num_possible_cpus() * sizeof(u32));\n> +\tmsgsize += nla_total_size(nla_total_size(sizeof(u16)) +\n> +\t\t\t\t nla_total_size(nla_total_size(0)));\n\nPlease, add comments about which attributes are included for each line where\nit is not obvious. Plain u16 or u64, for example, are not obvious. Put them\non separate lines when they do not fit. E.g.:\n\n\t/* OVS_VPORT_ATTR_OPTIONS(OVS_TUNNEL_ATTR_DST_PORT +\n\t * OVS_TUNNEL_ATTR_EXTENSION(OVS_VXLAN_EXT_GBP))\n\t */\n\tmsgsize += nla_total_size(nla_total_size(sizeof(u16)) +\n\t\t\t\t nla_total_size(nla_total_size(0)));\n\nBest regards, Ilya Maximets.","headers":{"Return-Path":"","X-Original-To":["incoming@patchwork.ozlabs.org","dev@openvswitch.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","ovs-dev@lists.linuxfoundation.org"],"Authentication-Results":["legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org\n (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)","smtp3.osuosl.org;\n dmarc=none (p=none dis=none) header.from=ovn.org"],"Received":["from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fw7Y00WJKz1yCv\n\tfor ; Wed, 15 Apr 2026 01:31:32 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id 6649C84D3A;\n\tTue, 14 Apr 2026 15:31:30 +0000 (UTC)","from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id P1fq5sA3n3jq; Tue, 14 Apr 2026 15:31:28 +0000 (UTC)","from lists.linuxfoundation.org (lf-lists.osuosl.org\n [IPv6:2605:bc80:3010:104::8cd3:938])\n\tby smtp1.osuosl.org (Postfix) with ESMTPS id 755AE84D27;\n\tTue, 14 Apr 2026 15:31:28 +0000 (UTC)","from lf-lists.osuosl.org (localhost [127.0.0.1])\n\tby lists.linuxfoundation.org (Postfix) with ESMTP id 5AA22C054A;\n\tTue, 14 Apr 2026 15:31:28 +0000 (UTC)","from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])\n by lists.linuxfoundation.org (Postfix) with ESMTP id 927E3C0549\n for ; Tue, 14 Apr 2026 15:31:27 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp3.osuosl.org (Postfix) with ESMTP id 811576ED68\n for ; Tue, 14 Apr 2026 15:31:27 +0000 (UTC)","from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id plImMTEe9Ofy for ;\n Tue, 14 Apr 2026 15:31:26 +0000 (UTC)","from mail-wm1-f68.google.com (mail-wm1-f68.google.com\n [209.85.128.68])\n by smtp3.osuosl.org (Postfix) with ESMTPS id 8249D61BC3\n for ; Tue, 14 Apr 2026 15:31:26 +0000 (UTC)","by mail-wm1-f68.google.com with SMTP id\n 5b1f17b1804b1-488af9fdaa7so40150185e9.1\n for ; Tue, 14 Apr 2026 08:31:26 -0700 (PDT)","from [192.168.88.241] (89-24-32-159.nat.epc.tmcz.cz. [89.24.32.159])\n by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-488d5d9fa22sm120779635e9.7.2026.04.14.08.31.21\n (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);\n Tue, 14 Apr 2026 08:31:23 -0700 (PDT)"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections -\n client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver= ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp1.osuosl.org 755AE84D27","OpenDKIM Filter v2.11.0 smtp3.osuosl.org 8249D61BC3"],"Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=209.85.128.68;\n helo=mail-wm1-f68.google.com; envelope-from=i.maximets.ovn@gmail.com;\n receiver=","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp3.osuosl.org 8249D61BC3","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776180684; x=1776785484;\n h=content-transfer-encoding:in-reply-to:autocrypt:from\n :content-language:references:to:subject:cc:user-agent:mime-version\n :date:message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=5Pj9b0fM9cmpNeFlYwGUH1VTF02ayW3JaE8vvtW+Z3I=;\n b=NmvETloAtS7hYHWZrnVMYsBoWf6d//hKFW4LMN8P0cDfbHiLRY+8wk1hdN38OOeMOS\n yk/R4GxR4mlcs6+9Fo/JNBqTISPAWl4n6j3Cl5Ew1IBWFq10XO+Ii+I9RHUT8EMmW3xd\n O9V5ltPsBK5ZdHTZ9q4gHA+PiROcFKW06Ye4AyiCio/NnqmYpYS+7XvuFZyMO1iBPAa1\n fHxrjwt5gLM8URrBZdvYmUk1iu0iCQoDtSjXxNZMW/W7q5LVsrRPLpsBk7wL3+bA6WaZ\n Tle6nh6z5ZKGv/+HEiZz2JjOBxKioIBrenbiQQnqWxgixr3AlWjIuWbzYrandnjXn4Vd\n MJZg==","X-Forwarded-Encrypted":"i=1;\n AFNElJ+oKLW1gxdi8zDsk6nsUnFLdY5mYt9b7Vo5QToq+MgBiDcs5j3ndy+9tqnkxqXh0eyPXIc=@openvswitch.org","X-Gm-Message-State":"AOJu0Yw7Y5F2lkxAgYov/pX+xJBxqE9wv3YqXTLidrHDTk+7bOvPQhzn\n 1kvOwYa+o3TzCDeSGZC1JzbSXOFNGu+xE8Pqc84O0dnZMqRch3zB0yqB","X-Gm-Gg":"AeBDievyEMT1CMzZJLrj6x9k9d3ZlV9F7gdi6wAw/lTU0LqCIWV6qrrxUMlNMuotRvx\n wVdMCB6Fc41QzlP2tJsGR1U1w2+vd3Duj415sdDUYGmuUKaEOZgJSzsJA0Y7Q/QF8w5hMnJNyxg\n 10WwNf/XGD5BlSc2QJVlh4feS0wRZB+s+1/RuikMUgwFYhmOa2P9/3b9DUi6efBOk5wgheCCmoD\n lLmQ3rDUgjNlYa3cW8Hx9XBvyac5ylUGO3v0g11NP9nmcU9uMZsEP3T9XL0tVQIqE7hRiDzd9Uo\n eiAJtzsv24csQW7Q+e0LL71EJyEGTj4dMVtFPuopHtvqJn8Zi7Go2Ry9s5wpVZ4GLzgCXBs1NYW\n JNsyPcoD6zbslNcmGUfa8V2Hzlc4JNzBA7vPHb3wR5/Cca4wG5KInGsjHmVMfpkZ3mx7Q8onTfI\n fNKwcjpu1/CM8P3agpRAciEOArcPMNbsI0zWMGPG/ztV1nYJ0PvetX1Mw=","X-Received":"by 2002:a05:600c:450a:b0:488:a882:b7 with SMTP id\n 5b1f17b1804b1-488d6ad17e6mr236089985e9.29.1776180684163;\n Tue, 14 Apr 2026 08:31:24 -0700 (PDT)","Message-ID":"<2f3d5e0c-481c-4d0e-997a-65fabc3d84c0@ovn.org>","Date":"Tue, 14 Apr 2026 17:31:21 +0200","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Cc":"i.maximets@ovn.org, Simon Horman ,\n Thomas Graf , Pravin B Shelar ,\n Alex Wang , netdev@vger.kernel.org, dev@openvswitch.org,\n linux-kernel@vger.kernel.org, Xiang Mei ","To":"Weiming Shi , Aaron Conole ,\n Eelco Chaudron , \"David S . Miller\"\n , Eric Dumazet ,\n Jakub Kicinski , Paolo Abeni ","References":"<20260413035514.2113886-3-bestswngs@gmail.com>","Content-Language":"en-US","From":"Ilya Maximets ","Autocrypt":"addr=i.maximets@ovn.org; keydata=\n xsFNBF77bOMBEADVZQ4iajIECGfH3hpQMQjhIQlyKX4hIB3OccKl5XvB/JqVPJWuZQRuqNQG\n /B70MP6km95KnWLZ4H1/5YOJK2l7VN7nO+tyF+I+srcKq8Ai6S3vyiP9zPCrZkYvhqChNOCF\n pNqdWBEmTvLZeVPmfdrjmzCLXVLi5De9HpIZQFg/Ztgj1AZENNQjYjtDdObMHuJQNJ6ubPIW\n cvOOn4WBr8NsP4a2OuHSTdVyAJwcDhu+WrS/Bj3KlQXIdPv3Zm5x9u/56NmCn1tSkLrEgi0i\n /nJNeH5QhPdYGtNzPixKgPmCKz54/LDxU61AmBvyRve+U80ukS+5vWk8zvnCGvL0ms7kx5sA\n tETpbKEV3d7CB3sQEym8B8gl0Ux9KzGp5lbhxxO995KWzZWWokVUcevGBKsAx4a/C0wTVOpP\n FbQsq6xEpTKBZwlCpxyJi3/PbZQJ95T8Uw6tlJkPmNx8CasiqNy2872gD1nN/WOP8m+cIQNu\n o6NOiz6VzNcowhEihE8Nkw9V+zfCxC8SzSBuYCiVX6FpgKzY/Tx+v2uO4f/8FoZj2trzXdLk\n BaIiyqnE0mtmTQE8jRa29qdh+s5DNArYAchJdeKuLQYnxy+9U1SMMzJoNUX5uRy6/3KrMoC/\n 7zhn44x77gSoe7XVM6mr/mK+ViVB7v9JfqlZuiHDkJnS3yxKPwARAQABzSJJbHlhIE1heGlt\n ZXRzIDxpLm1heGltZXRzQG92bi5vcmc+wsGUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB\n Ah4BAheAFiEEh+ma1RKWrHCY821auffsd8gpv5YFAmfB9JAFCQyI7q0ACgkQuffsd8gpv5YQ\n og/8DXt1UOznvjdXRHVydbU6Ws+1iUrxlwnFH4WckoFgH4jAabt25yTa1Z4YX8Vz0mbRhTPX\n M/j1uORyObLem3of4YCd4ymh7nSu++KdKnNsZVHxMcoiic9ILPIaWYa8kTvyIDT2AEVfn9M+\n vskM0yDbKa6TAHgr/0jCxbS+mvN0ZzDuR/LHTgy3e58097SWJohj0h3Dpu+XfuNiZCLCZ1/G\n AbBCPMw+r7baH/0evkX33RCBZwvh6tKu+rCatVGk72qRYNLCwF0YcGuNBsJiN9Aa/7ipkrA7\n Xp7YvY3Y1OrKnQfdjp3mSXmknqPtwqnWzXvdfkWkZKShu0xSk+AjdFWCV3NOzQaH3CJ67NXm\n aPjJCIykoTOoQ7eEP6+m3WcgpRVkn9bGK9ng03MLSymTPmdINhC5pjOqBP7hLqYi89GN0MIT\n Ly2zD4m/8T8wPV9yo7GRk4kkwD0yN05PV2IzJECdOXSSStsf5JWObTwzhKyXJxQE+Kb67Wwa\n LYJgltFjpByF5GEO4Xe7iYTjwEoSSOfaR0kokUVM9pxIkZlzG1mwiytPadBt+VcmPQWcO5pi\n WxUI7biRYt4aLriuKeRpk94ai9+52KAk7Lz3KUWoyRwdZINqkI/aDZL6meWmcrOJWCUMW73e\n 4cMqK5XFnGqolhK4RQu+8IHkSXtmWui7LUeEvO/OwU0EXvts4wEQANCXyDOic0j2QKeyj/ga\n OD1oKl44JQfOgcyLVDZGYyEnyl6b/tV1mNb57y/YQYr33fwMS1hMj9eqY6tlMTNz+ciGZZWV\n YkPNHA+aFuPTzCLrapLiz829M5LctB2448bsgxFq0TPrr5KYx6AkuWzOVq/X5wYEM6djbWLc\n VWgJ3o0QBOI4/uB89xTf7mgcIcbwEf6yb/86Cs+jaHcUtJcLsVuzW5RVMVf9F+Sf/b98Lzrr\n 2/mIB7clOXZJSgtV79Alxym4H0cEZabwiXnigjjsLsp4ojhGgakgCwftLkhAnQT3oBLH/6ix\n 87ahawG3qlyIB8ZZKHsvTxbWte6c6xE5dmmLIDN44SajAdmjt1i7SbAwFIFjuFJGpsnfdQv1\n OiIVzJ44kdRJG8kQWPPua/k+AtwJt/gjCxv5p8sKVXTNtIP/sd3EMs2xwbF8McebLE9JCDQ1\n RXVHceAmPWVCq3WrFuX9dSlgf3RWTqNiWZC0a8Hn6fNDp26TzLbdo9mnxbU4I/3BbcAJZI9p\n 9ELaE9rw3LU8esKqRIfaZqPtrdm1C+e5gZa2gkmEzG+WEsS0MKtJyOFnuglGl1ZBxR1uFvbU\n VXhewCNoviXxkkPk/DanIgYB1nUtkPC+BHkJJYCyf9Kfl33s/bai34aaxkGXqpKv+CInARg3\n fCikcHzYYWKaXS6HABEBAAHCwXwEGAEIACYCGwwWIQSH6ZrVEpascJjzbVq59+x3yCm/lgUC\n Z8H0qQUJDIjuxgAKCRC59+x3yCm/loAdD/wJCOhPp9711J18B9c4f+eNAk5vrC9Cj3RyOusH\n Hebb9HtSFm155Zz3xiizw70MSyOVikjbTocFAJo5VhkyuN0QJIP678SWzriwym+EG0B5P97h\n FSLBlRsTi4KD8f1Ll3OT03lD3o/5Qt37zFgD4mCD6OxAShPxhI3gkVHBuA0GxF01MadJEjMu\n jWgZoj75rCLG9sC6L4r28GEGqUFlTKjseYehLw0s3iR53LxS7HfJVHcFBX3rUcKFJBhuO6Ha\n /GggRvTbn3PXxR5UIgiBMjUlqxzYH4fe7pYR7z1m4nQcaFWW+JhY/BYHJyMGLfnqTn1FsIwP\n dbhEjYbFnJE9Vzvf+RJcRQVyLDn/TfWbETf0bLGHeF2GUPvNXYEu7oKddvnUvJK5U/BuwQXy\n TRFbae4Ie96QMcPBL9ZLX8M2K4XUydZBeHw+9lP1J6NJrQiX7MzexpkKNy4ukDzPrRE/ruui\n yWOKeCw9bCZX4a/uFw77TZMEq3upjeq21oi6NMTwvvWWMYuEKNi0340yZRrBdcDhbXkl9x/o\n skB2IbnvSB8iikbPng1ihCTXpA2yxioUQ96Akb+WEGopPWzlxTTK+T03G2ljOtspjZXKuywV\n Wu/eHyqHMyTu8UVcMRR44ki8wam0LMs+fH4dRxw5ck69AkV+JsYQVfI7tdOu7+r465LUfg==","In-Reply-To":"<20260413035514.2113886-3-bestswngs@gmail.com>","Subject":"Re: [ovs-dev] [PATCH v3 net] openvswitch: limit vport upcall\n portids to the number of CPUs","X-BeenThere":"ovs-dev@openvswitch.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"ovs-dev-bounces@openvswitch.org","Sender":"\"dev\" "}}]