| Message ID | 20241128122305.14091-4-pablo@netfilter.org (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net,1/4] ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() | expand |
| Context | Check | Description |
|---|---|---|
| netdev/series_format | success | Pull request is its own cover letter |
| netdev/tree_selection | success | Clearly marked for net |
| netdev/ynl | success | Generated files up to date; no warnings/errors; no diff in generated; |
| netdev/fixes_present | success | Fixes tag present in non-next series |
| netdev/apply | fail | Patch patch 2 does not apply to net-0 |
| netdev/header_inline | success | No static functions without inline keyword in header files |
| netdev/build_32bit | success | Errors and warnings before: 3 this patch: 3 |
| netdev/build_tools | success | No tools touched, skip |
| netdev/cc_maintainers | warning | 3 maintainers not CCed: kadlec@netfilter.org horms@kernel.org coreteam@netfilter.org |
| netdev/build_clang | success | Errors and warnings before: 3 this patch: 3 |
| netdev/verify_signedoff | success | Signed-off-by tag matches author and committer |
| netdev/deprecated_api | success | None detected |
| netdev/check_selftest | success | No net selftest shell script |
diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c index f5da0c1775f2..35d0409b0095 100644 --- a/net/netfilter/nft_socket.c +++ b/net/netfilter/nft_socket.c @@ -68,7 +68,7 @@ static noinline int nft_socket_cgroup_subtree_level(void) cgroup_put(cgrp); - if (WARN_ON_ONCE(level > 255)) + if (level > 255) return -ERANGE; if (WARN_ON_ONCE(level < 0))
cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove unnecessary WARN_ON_ONCE which is reachable from userspace. Fixes: 7f3287db6543 ("netfilter: nft_socket: make cgroupsv2 matching work with namespaces") Reported-by: syzbot+57bac0866ddd99fe47c0@syzkaller.appspotmail.com Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- net/netfilter/nft_socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)