| From 45928afe94a094bcda9af858b96673d59bc4a0e9 Mon Sep 17 00:00:00 2001 |
| From: Pablo Neira Ayuso <pablo@netfilter.org> |
| Date: Mon, 13 Sep 2021 20:38:52 +0200 |
| Subject: netfilter: nf_tables: Fix oversized kvmalloc() calls |
| |
| From: Pablo Neira Ayuso <pablo@netfilter.org> |
| |
| commit 45928afe94a094bcda9af858b96673d59bc4a0e9 upstream. |
| |
| The commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls") |
| limits the max allocatable memory via kvmalloc() to MAX_INT. |
| |
| Reported-by: syzbot+cd43695a64bcd21b8596@syzkaller.appspotmail.com |
| Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/netfilter/nf_tables_api.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/net/netfilter/nf_tables_api.c |
| +++ b/net/netfilter/nf_tables_api.c |
| @@ -4265,7 +4265,7 @@ static int nf_tables_newset(struct net * |
| if (ops->privsize != NULL) |
| size = ops->privsize(nla, &desc); |
| alloc_size = sizeof(*set) + size + udlen; |
| - if (alloc_size < size) |
| + if (alloc_size < size || alloc_size > INT_MAX) |
| return -ENOMEM; |
| set = kvzalloc(alloc_size, GFP_KERNEL); |
| if (!set) |