Google Git
Sign in
kernel / pub / scm / linux / kernel / git / stable / stable-queue / d4a7a066b6caec2b695cf0414a27491372676926 / . / releases / 5.10.71 / netfilter-nf_tables-fix-oversized-kvmalloc-calls.patch
blob: 40caa00eeec76baa9b576a9c0ecd4ccd3a87460d [file] [log] [blame]
From 45928afe94a094bcda9af858b96673d59bc4a0e9 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 13 Sep 2021 20:38:52 +0200
Subject: netfilter: nf_tables: Fix oversized kvmalloc() calls
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit 45928afe94a094bcda9af858b96673d59bc4a0e9 upstream.
The commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls")
limits the max allocatable memory via kvmalloc() to MAX_INT.
Reported-by: syzbot+cd43695a64bcd21b8596@syzkaller.appspotmail.com
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4265,7 +4265,7 @@ static int nf_tables_newset(struct net *
if (ops->privsize != NULL)
size = ops->privsize(nla, &desc);
alloc_size = sizeof(*set) + size + udlen;
- if (alloc_size < size)
+ if (alloc_size < size || alloc_size > INT_MAX)
return -ENOMEM;
set = kvzalloc(alloc_size, GFP_KERNEL);
if (!set)