netfilter: ipset: Fix oversized kvmalloc() calls
commit 7bbc3d385bd813077acaf0e6fdb2a86a901f5382 upstream.
The commit
commit 7661809d493b426e979f39ab512e3adf41fbcc69
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Wed Jul 14 09:45:49 2021 -0700
mm: don't allow oversized kvmalloc() calls
limits the max allocatable memory via kvmalloc() to MAX_INT. Apply the
same limit in ipset.
Reported-by: syzbot+3493b1873fb3ea827986@syzkaller.appspotmail.com
Reported-by: syzbot+2b8443c35458a617c904@syzkaller.appspotmail.com
Reported-by: syzbot+ee5cb15f4a0e85e0d54e@syzkaller.appspotmail.com
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Jozsef Kadlecsik
Greg Kroah-Hartman
parent
fe9bb925e7
commit
6f2f68640b
|
|
@ -132,11 +132,11 @@ htable_size(u8 hbits)
|
|||
{
|
||||
size_t hsize;
|
||||
|
||||
/* We must fit both into u32 in jhash and size_t */
|
||||
/* We must fit both into u32 in jhash and INT_MAX in kvmalloc_node() */
|
||||
if (hbits > 31)
|
||||
return 0;
|
||||
hsize = jhash_size(hbits);
|
||||
if ((((size_t)-1) - sizeof(struct htable)) / sizeof(struct hbucket *)
|
||||
if ((INT_MAX - sizeof(struct htable)) / sizeof(struct hbucket *)
|
||||
< hsize)
|
||||
return 0;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue