]> git.itanic.dy.fi Git - linux-stable/commitdiff
projects / linux-stable / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8357bc9)
netfilter: nf_tables: fix out of memory error handling
authorFlorian Westphal <fw@strlen.de>
Tue, 22 Aug 2023 17:49:52 +0000 (19:49 +0200)
committerFlorian Westphal <fw@strlen.de>
Wed, 23 Aug 2023 14:12:10 +0000 (16:12 +0200)
Several instances of pipapo_resize() don't propagate allocation failures,
this causes a crash when fault injection is enabled for gfp_kernel slabs.

Fixes: 3c4287f62044 ("nf_tables: Add set type for arbitrary concatenation of ranges")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
net/netfilter/nft_set_pipapo.c patch | blob | history

diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c
index 3757fcc55723f635c8d6c4b863f9fe970786afc1..6af9c9ed4b5c3049353fd50b16080f34cd660a6f 100644 (file)
--- a/net/netfilter/nft_set_pipapo.c
+++ b/net/netfilter/nft_set_pipapo.c
@@ -902,12 +902,14 @@ static void pipapo_lt_bits_adjust(struct nft_pipapo_field *f)
 static int pipapo_insert(struct nft_pipapo_field *f, const uint8_t *k,
                         int mask_bits)
 {
-       int rule = f->rules++, group, ret, bit_offset = 0;
+       int rule = f->rules, group, ret, bit_offset = 0;
 
-       ret = pipapo_resize(f, f->rules - 1, f->rules);
+       ret = pipapo_resize(f, f->rules, f->rules + 1);
        if (ret)
                return ret;
 
+       f->rules++;
+
        for (group = 0; group < f->groups; group++) {
                int i, v;
                u8 mask;
@@ -1052,7 +1054,9 @@ static int pipapo_expand(struct nft_pipapo_field *f,
                        step++;
                        if (step >= len) {
                                if (!masks) {
-                                       pipapo_insert(f, base, 0);
+                                       err = pipapo_insert(f, base, 0);
+                                       if (err < 0)
+                                               return err;
                                        masks = 1;
                                }
                                goto out;
@@ -1235,6 +1239,9 @@ static int nft_pipapo_insert(const struct net *net, const struct nft_set *set,
                else
                        ret = pipapo_expand(f, start, end, f->groups * f->bb);
 
+               if (ret < 0)
+                       return ret;
+
                if (f->bsize > bsize_max)
                        bsize_max = f->bsize;
 
Unnamed repository; edit this file 'description' to name the repository.