| From 7bbc3d385bd813077acaf0e6fdb2a86a901f5382 Mon Sep 17 00:00:00 2001 |
| From: Jozsef Kadlecsik <kadlec@netfilter.org> |
| Date: Mon, 6 Sep 2021 18:26:34 +0200 |
| Subject: netfilter: ipset: Fix oversized kvmalloc() calls |
| |
| From: Jozsef Kadlecsik <kadlec@netfilter.org> |
| |
| commit 7bbc3d385bd813077acaf0e6fdb2a86a901f5382 upstream. |
| |
| The commit |
| |
| commit 7661809d493b426e979f39ab512e3adf41fbcc69 |
| Author: Linus Torvalds <torvalds@linux-foundation.org> |
| Date: Wed Jul 14 09:45:49 2021 -0700 |
| |
| mm: don't allow oversized kvmalloc() calls |
| |
| limits the max allocatable memory via kvmalloc() to MAX_INT. Apply the |
| same limit in ipset. |
| |
| Reported-by: syzbot+3493b1873fb3ea827986@syzkaller.appspotmail.com |
| Reported-by: syzbot+2b8443c35458a617c904@syzkaller.appspotmail.com |
| Reported-by: syzbot+ee5cb15f4a0e85e0d54e@syzkaller.appspotmail.com |
| Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org> |
| Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/netfilter/ipset/ip_set_hash_gen.h | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- a/net/netfilter/ipset/ip_set_hash_gen.h |
| +++ b/net/netfilter/ipset/ip_set_hash_gen.h |
| @@ -132,11 +132,11 @@ htable_size(u8 hbits) |
| { |
| size_t hsize; |
| |
| - /* We must fit both into u32 in jhash and size_t */ |
| + /* We must fit both into u32 in jhash and INT_MAX in kvmalloc_node() */ |
| if (hbits > 31) |
| return 0; |
| hsize = jhash_size(hbits); |
| - if ((((size_t)-1) - sizeof(struct htable)) / sizeof(struct hbucket *) |
| + if ((INT_MAX - sizeof(struct htable)) / sizeof(struct hbucket *) |
| < hsize) |
| return 0; |
| |