Re: [PATCH net] openvswitch: validate MPLS set/set_masked payload length
From: Ilya Maximets
Date: Thu Mar 19 2026 - 07:14:27 EST
On 3/19/26 9:02 AM, Yang Yang wrote:
> validate_set() accepted OVS_KEY_ATTR_MPLS as variable-sized payload for
> SET/SET_MASKED actions. In action handling, OVS expects fixed-size
> MPLS key data (struct ovs_key_mpls).
>
> Use the already normalized key_len (masked case included) and reject
> non-matching MPLS action key sizes.
>
> Reject invalid MPLS action payload lengths early.
>
> Fixes: fbdcdd78da7c ("Change in Openvswitch to support MPLS label depth of 3 in ingress direction")
> Reported-by: Yifan Wu <yifanwucs@xxxxxxxxx>
> Reported-by: Juefei Pu <tomapufckgml@xxxxxxxxx>
> Tested-by: Ao Zhou <n05ec@xxxxxxxxxx>
> Co-developed-by: Yuan Tan <tanyuan98@xxxxxxxxxxx>
> Signed-off-by: Yuan Tan <tanyuan98@xxxxxxxxxxx>
> Suggested-by: Xin Liu <bird@xxxxxxxxxx>
> Signed-off-by: Yang Yang <n05ec@xxxxxxxxxx>
> ---
>
> net/openvswitch/flow_netlink.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
> index 67fbf6e48a301..45444b81e9b97 100644
> --- a/net/openvswitch/flow_netlink.c
> +++ b/net/openvswitch/flow_netlink.c
> @@ -2953,6 +2953,8 @@ static int validate_set(const struct nlattr *a,
> case OVS_KEY_ATTR_MPLS:
> if (!eth_p_mpls(eth_type))
> return -EINVAL;
> + if (key_len != sizeof(struct ovs_key_mpls))
> + return -EINVAL;
> break;
>
> case OVS_KEY_ATTR_SCTP:
Yeah, the check was not adjusted on the actions side when support for
multiple labels was added for the match. Thanks for fixing this!
I ran OVS testsuite with this as well, and it works fine.
Reviewed-by: Ilya Maximets <i.maximets@xxxxxxx>