git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Ilya Maximets <i.maximets@ovn.org>
	Thu, 7 May 2026 12:04:26 +0000 (14:04 +0200)
committer	Jakub Kicinski <kuba@kernel.org>
	Fri, 8 May 2026 22:32:59 +0000 (15:32 -0700)
commit	f2ab4fd02777c4081be38c35f939e4dc529b8952
tree	09c43fb192fbbd8eb55d91f14808b637f2cef004	tree \| snapshot
parent	4908f1395fb1b832ceec11584af649874a2732ea	commit \| diff

net: nsh: fix incorrect header length macros

NSH header length is a 6-bit field that encodes the total length of
the header in 4-byte words.  So the maximum length is 0b111111 * 4,
which is 252 and not 256.  The maximum context length is the same
number minus the length of the base header (8), so 244.

These macros are used to validate push_nsh() action in openvswitch.
Miscalculation here doesn't cause any real issues.  In the worst case
the oversized context is truncated while building the header, so we'll
construct and send a broken packet, which is not a big problem, as any
receiver should validate the fields.  No invalid memory accesses will
happen during the header push.  But we should fix the macros to reject
the incorrect actions in the first place.

Using previously defined values and calculating the length instead
of defining numbers directly, so it's easier to understand where they
come from and harder to make a mistake.

Fixes: 1f0b7744c505 ("net: add NSH header structures and helpers")
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Reviewed-by: Aaron Conole <aconole@redhat.com>
Link: https://patch.msgid.link/20260507120434.2962505-1-i.maximets@ovn.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>