From nobody Sat Jun 20 16:33:44 2026 Received: from mail-dy1-f227.google.com (mail-dy1-f227.google.com [74.125.82.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8AA8837C911 for ; Mon, 13 Apr 2026 04:39:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.227 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776055193; cv=none; b=sE1Bjt2Zcd1XHJqxXYNTZeAyH9SLGv3AXTqcreEbnKEeRVbOq54k3BfLTVetdGfQWuvqBNVqP2ubjXF20uiB2dcZz3P5c/0Iu0yQ02VsBZiX4RJNpucvauMS9TwIf+Y3pBl10EaQuWYdPnhqR9PhqGB+CRrUw+AGd5bk8ZTfk6U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776055193; c=relaxed/simple; bh=wtSSTcWRwe559pZ1gDdmuMpz8Bc8ySi6j0tYNMZuVwg=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=Ycf0BAHX7j5YP0eMehGZ0wRZ0TwJHKYAZKAS2ZJctCRhMLuYkU6l1es9FlwxwD7XR7ioP3/N1OoQ3B/3SFWyXklGoEs2krZUm4IlEWL3BhoNWZFpmfltiY6/5tGWPeui0dRCZUZGPAvyNxPYcNwttXPN3QA/LQrrF3gOn93dses= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=HpSI2RVO; arc=none smtp.client-ip=74.125.82.227 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="HpSI2RVO" Received: by mail-dy1-f227.google.com with SMTP id 5a478bee46e88-2d89bbca7b5so23406eec.3 for ; Sun, 12 Apr 2026 21:39:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776055192; x=1776659992; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9qLamvoygs8XdLleM+az9cX6DHqELe8TmHOQBddVvD8=; b=F4HVFtT8FLqA4kKw+1WIbjjii1VLG71Y+6YToOxiQanpM7VDzB+uGIa5k2qVPeFgqc c47mn/8N7PleeI9QPflP1YSYKPLAhVG2zK9vALupysycjUWcK4LKMz/yeZ9+oDJp5cEL dvTiNAwQMXMjks9g/tJuUNSXo6CsGSHYP2iYBEYxZNbuNvedJiEujqm8w0SX9sHva0ex xyNRI3H7XnRApHljHw0/fWLBWwAplxkx3pUoz/1hDI3cJ+oyK7IRg8egER9wWpxt0lod EALb35HRz5xPgHDYQr6umhzBID54DzrO9PHhmFjybvHXGrEJwzj08N+Di4n5o+mACYTb RH1g== X-Forwarded-Encrypted: i=1; AFNElJ9IuCk/8RJpgJDn4vjFHfRUt+uCn+NI9es1zp7tsbOQX+ZM25IA7IbagkVEL/wSJUsvdiHRkQ/ypXGRofU=@vger.kernel.org X-Gm-Message-State: AOJu0YxLX1PPnbVDticjs16xmNC4VNusR3Q+7ZuKNRIaT1Ybl7+UY9Sw Sb9h8/Z5ZNdWpPQdmXglvMw8Bbjx6SScaOO3XrH/2dGAF3I8KQjqUbqIs3rNv8ltyBzUFKZgOO4 Do1eNEKKSGt7QXe6AC/CVLAKyz83ugMsrCYIjEJXebKj1W1mxfi5O8Kymp2WlwQOBb6D3qDTK/6 tOlr2n94nyLfcIoXU5WYZC+hMVXAD6l6gnGuVU+30IYVqTXJdT7bhGqiS5qaaR2OaVY5Kb4/Cgw c0wxVKrS8ih4H+1xrLzMS0UFAimXAgYl99Th9Q= X-Gm-Gg: AeBDietZ3MYAig9yJI3AcUIFyrgBWwsR+K9dfGJVLLGobT+Z+XDzveVJzVsVtqdjuzJ ciMKfiEpAUcs6LhTAMHY8Bnpk4cVcmKr4dEEdnjkJWErNlik/Ps7RdsXVn6gYyikQzFgbJALXG+ opHTqqB7+iKrnxPFnQm1QSN31QnkdEsiI4UrueRvuMyz+R4Pd0K1LSiuIGECVV4EjGGxisays/t M1u7DlxHcgVDzc1i8u/t1OEM0tsEvTnxWkmh/AWVp4IDploqcwT4Rcz0U7aZjXi7N7vUIrBu2kB 6tCZNvbf61YZPpfB/7Onm7Nwpcrd9g+SL8WFSAjVIazjZvGqoV/XBElJXJ93R12BjXRpEtPuTtW rCRzJ/u6QWaNNXHIidnZfTeMqOlPBMqTJcAR2cOi73HqIJUTwuJ+s1e0+2ROYEhEZl7cFELw6em hToge1hrFTJkvQHmx2w1ZUWcqsIvBDCBfLOWkxqLgiqzW+7FGFGC+RNYpG0S4JTF/X+NU4Irs5C w== X-Received: by 2002:a05:7300:3246:b0:2c6:2bac:8af with SMTP id 5a478bee46e88-2d589cb5e62mr2887526eec.6.1776055191418; Sun, 12 Apr 2026 21:39:51 -0700 (PDT) Received: from smtp-us-east1-p01-i01-si01.dlp.protect.broadcom.com (address-144-49-247-29.dlp.protect.broadcom.com. [144.49.247.29]) by smtp-relay.gmail.com with ESMTPS id 5a478bee46e88-2d561ae1f2dsm750819eec.26.2026.04.12.21.39.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 12 Apr 2026 21:39:51 -0700 (PDT) X-Relaying-Domain: broadcom.com X-CFilter-Loop: Reflected Received: by mail-qk1-f198.google.com with SMTP id af79cd13be357-8d0095b0d80so115395585a.1 for ; Sun, 12 Apr 2026 21:39:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1776055190; x=1776659990; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=9qLamvoygs8XdLleM+az9cX6DHqELe8TmHOQBddVvD8=; b=HpSI2RVOGwNnCY0VhVy7LD9oFYUJyBdHxuVeVw3djJOilW/R2fsFD2cFr+pqsg+/uX zNkFFt3Lis3oRUqevrv02ssMtrQLNl2Gpd07xwMMD+OfKUB5Lp8KXMmknDbRPseZgSab 6BOFACv3iZ98WfiG9WgIP+7KsPngAYBVk2jcI= X-Forwarded-Encrypted: i=1; AFNElJ8tlvkh1LCl2+VVX9pP5Ero7rn2LwlKLdEw8kEa/6I5zPIXByE3LKypN/dpnFT9N9ooaXFQml/JQ2jngMM=@vger.kernel.org X-Received: by 2002:a05:6214:258a:b0:8ac:b300:c558 with SMTP id 6a1803df08f44-8acb300c627mr10722496d6.2.1776055189852; Sun, 12 Apr 2026 21:39:49 -0700 (PDT) X-Received: by 2002:a05:6214:258a:b0:8ac:b300:c558 with SMTP id 6a1803df08f44-8acb300c627mr10722376d6.2.1776055189373; Sun, 12 Apr 2026 21:39:49 -0700 (PDT) Received: from keerthanak-ph5-dev.. ([192.19.161.250]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8ac84cf55b7sm85742136d6.45.2026.04.12.21.39.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Apr 2026 21:39:48 -0700 (PDT) From: Keerthana K To: stable@vger.kernel.org, gregkh@linuxfoundation.org Cc: pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, ajay.kaher@broadcom.com, alexey.makhalov@broadcom.com, vamsi-krishna.brahmajosyula@broadcom.com, yin.ding@broadcom.com, tapas.kundu@broadcom.com, Stefano Brivio , Mukul Sikka , Brennan Lamoreaux , Keerthana K Subject: [PATCH v6.6] netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR Date: Mon, 13 Apr 2026 04:32:23 +0000 Message-ID: <20260413043223.3327827-1-keerthana.kalyanasundaram@broadcom.com> X-Mailer: git-send-email 2.43.7 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-DetectorID-Processed: b00c1d49-9d2e-4205-b15f-d015386d3d5e Content-Type: text/plain; charset="utf-8" From: Florian Westphal commit 07ace0bbe03b3d8e85869af1dec5e4087b1d57b8 upstream pipapo relies on kmalloc(0) returning ZERO_SIZE_PTR (i.e., not NULL but pointer is invalid). Rework this to not call slab allocator when we'd request a 0-byte allocation. Reviewed-by: Stefano Brivio Signed-off-by: Florian Westphal Signed-off-by: Mukul Sikka Signed-off-by: Brennan Lamoreaux [Keerthana: In older stable branches (v6.6 and earlier), the allocation log= ic in pipapo_clone() still relies on `src->rules` rather than `src->rules_alloc` (introduced in v6.9 via 9f439bd6ef4f). Consequently, the previously backported INT_MAX clamping check uses `src->rules`. This patch correctly moves that `src->rules > (INT_MAX / ...)` check inside the new `if (src->rules > 0)` block] Signed-off-by: Keerthana K --- net/netfilter/nft_set_pipapo.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c index c3ada6798d4a..98cdeb9fa210 100644 --- a/net/netfilter/nft_set_pipapo.c +++ b/net/netfilter/nft_set_pipapo.c @@ -525,6 +525,8 @@ static struct nft_pipapo_elem *pipapo_get(const struct = net *net, int i; =20 m =3D priv->clone; + if (m->bsize_max =3D=3D 0) + return ret; =20 res_map =3D kmalloc_array(m->bsize_max, sizeof(*res_map), GFP_ATOMIC); if (!res_map) { @@ -1394,14 +1396,20 @@ static struct nft_pipapo_match *pipapo_clone(struct= nft_pipapo_match *old) src->bsize * sizeof(*dst->lt) * src->groups * NFT_PIPAPO_BUCKETS(src->bb)); =20 - if (src->rules > (INT_MAX / sizeof(*src->mt))) - goto out_mt; + if (src->rules > 0) { + if (src->rules > (INT_MAX / sizeof(*src->mt))) + goto out_mt; =20 - dst->mt =3D kvmalloc(src->rules * sizeof(*src->mt), GFP_KERNEL_ACCOUNT); - if (!dst->mt) - goto out_mt; + dst->mt =3D kvmalloc_array(src->rules, sizeof(*src->mt), + GFP_KERNEL); + if (!dst->mt) + goto out_mt; + + memcpy(dst->mt, src->mt, src->rules * sizeof(*src->mt)); + } else { + dst->mt =3D NULL; + } =20 - memcpy(dst->mt, src->mt, src->rules * sizeof(*src->mt)); src++; dst++; } --=20 2.43.7