diff mbox series

[nf] netfilter: conntrack: clamp maximum hashtable size to INT_MAX

Message ID 20250109123532.41768-2-pablo@netfilter.org (mailing list archive)
State Handled Elsewhere
Delegated to: Netdev Maintainers
Headers show
Series [nf] netfilter: conntrack: clamp maximum hashtable size to INT_MAX | expand

Checks

Context Check Description
netdev/series_format warning Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 1 this patch: 1
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 3 maintainers not CCed: kadlec@netfilter.org horms@kernel.org coreteam@netfilter.org
netdev/build_clang success Errors and warnings before: 2 this patch: 2
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 4 this patch: 4
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 16 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 2 this patch: 2
netdev/source_inline success Was 0 now: 0

Commit Message

Pablo Neira Ayuso Jan. 9, 2025, 12:35 p.m. UTC 
According to 0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized
kvmalloc() calls"), use INT_MAX as maximum size for the conntrack
hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in
__kvmalloc_node_noprof() when __GFP_NOWARN flag is unset when resizing.

Note: hashtable resize is only possible from init_netns.

Fixes: 9cc1c73ad666 ("netfilter: conntrack: avoid integer overflow when resizing")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_conntrack_core.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Pablo Neira Ayuso Jan. 9, 2025, 12:40 p.m. UTC | #1 
On Thu, Jan 09, 2025 at 01:35:30PM +0100, Pablo Neira Ayuso wrote:
> According to 0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized
> kvmalloc() calls"), use INT_MAX as maximum size for the conntrack
> hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in
> __kvmalloc_node_noprof() when __GFP_NOWARN flag is unset when resizing.
> 
> Note: hashtable resize is only possible from init_netns.

Please, ignore this duplicated patch with incorrect [nf] tag that
slipped through this submission. Sorry for the inconvenience.

Thanks.
diff mbox series

Patch

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 8666d733b984..7f8b245e287a 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -2510,12 +2510,15 @@  void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls)
 	struct hlist_nulls_head *hash;
 	unsigned int nr_slots, i;
 
-	if (*sizep > (UINT_MAX / sizeof(struct hlist_nulls_head)))
+	if (*sizep > (INT_MAX / sizeof(struct hlist_nulls_head)))
 		return NULL;
 
 	BUILD_BUG_ON(sizeof(struct hlist_nulls_head) != sizeof(struct hlist_head));
 	nr_slots = *sizep = roundup(*sizep, PAGE_SIZE / sizeof(struct hlist_nulls_head));
 
+	if (nr_slots > (INT_MAX / sizeof(struct hlist_nulls_head)))
+		return NULL;
+
 	hash = kvcalloc(nr_slots, sizeof(struct hlist_nulls_head), GFP_KERNEL);
 
 	if (hash && nulls)