refs/heads/linux-5.4.y - pub/scm/linux/kernel/git/iwamatsu/linux.git

commit: 09fcd3ad57f0923cd2dd39debc0b691e3e5d4fa1
[log] [tgz]
author: Pablo Neira Ayuso <pablo@netfilter.org>
Wed Jan 08 22:56:33 2025 +0100
committer: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
Wed Jul 02 07:03:17 2025 +0900
tree: a654e1372afcd77f6623e7324270fefec01f0818
parent: 95e37ca9d5e14acd51f4e1b4b6a2c519739e5c46 [diff]

netfilter: conntrack: clamp maximum hashtable size to INT_MAX

commit b541ba7d1f5a5b7b3e2e22dc9e40e18a7d6dbc13 upstream.

Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it
is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when
resizing hashtable because __GFP_NOWARN is unset. See:

  0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls")

Note: hashtable resize is only possible from init_netns.

Fixes: 9cc1c73ad666 ("netfilter: conntrack: avoid integer overflow when resizing")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://nvd.nist.gov/vuln/detail/CVE-2025-21648
[iwamatsu: Adjust context]
Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>

net/netfilter/nf_conntrack_core.c[diff]

1 file changed

tree: a654e1372afcd77f6623e7324270fefec01f0818