[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20211005135020.214291-9-sashal@kernel.org>
Date: Tue, 5 Oct 2021 09:49:48 -0400
From: Sasha Levin <sashal@...nel.org>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc: Jozsef Kadlecsik <kadlec@...filter.org>,
syzbot+3493b1873fb3ea827986@...kaller.appspotmail.com,
syzbot+2b8443c35458a617c904@...kaller.appspotmail.com,
syzbot+ee5cb15f4a0e85e0d54e@...kaller.appspotmail.com,
Pablo Neira Ayuso <pablo@...filter.org>,
Sasha Levin <sashal@...nel.org>, fw@...len.de,
davem@...emloft.net, kuba@...nel.org, vvs@...tuozzo.com,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org
Subject: [PATCH AUTOSEL 5.14 09/40] netfilter: ipset: Fix oversized kvmalloc() calls
From: Jozsef Kadlecsik <kadlec@...filter.org>
[ Upstream commit 7bbc3d385bd813077acaf0e6fdb2a86a901f5382 ]
The commit
commit 7661809d493b426e979f39ab512e3adf41fbcc69
Author: Linus Torvalds <torvalds@...ux-foundation.org>
Date: Wed Jul 14 09:45:49 2021 -0700
mm: don't allow oversized kvmalloc() calls
limits the max allocatable memory via kvmalloc() to MAX_INT. Apply the
same limit in ipset.
Reported-by: syzbot+3493b1873fb3ea827986@...kaller.appspotmail.com
Reported-by: syzbot+2b8443c35458a617c904@...kaller.appspotmail.com
Reported-by: syzbot+ee5cb15f4a0e85e0d54e@...kaller.appspotmail.com
Signed-off-by: Jozsef Kadlecsik <kadlec@...filter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@...filter.org>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
net/netfilter/ipset/ip_set_hash_gen.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 6186358eac7c..6e391308431d 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -130,11 +130,11 @@ htable_size(u8 hbits)
{
size_t hsize;
- /* We must fit both into u32 in jhash and size_t */
+ /* We must fit both into u32 in jhash and INT_MAX in kvmalloc_node() */
if (hbits > 31)
return 0;
hsize = jhash_size(hbits);
- if ((((size_t)-1) - sizeof(struct htable)) / sizeof(struct hbucket *)
+ if ((INT_MAX - sizeof(struct htable)) / sizeof(struct hbucket *)
< hsize)
return 0;
--
2.33.0
Powered by blists - more mailing lists