From nobody Sat Jun 20 16:33:40 2026 Received: from mail-yx1-f100.google.com (mail-yx1-f100.google.com [74.125.224.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3FAE733C502 for ; Mon, 13 Apr 2026 04:40:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.100 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776055215; cv=none; b=hjGQNDtsLeUobyL12BayyXtVPPsVwY2ZBPSorx3dkntD/UOhKBvHdl4VEwA1/q/4jlrI1fQmy9O/Bq5Voh39Ss0jmWG7hrrDFdmLlTzkshufQnPzcY0sPYd5JOj9avgLYZoFc5GZzKB9BUfzoV2bwORJtehJZetFQQgZ1a/K7L4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776055215; c=relaxed/simple; bh=32i2CGMRFLkk71ry4kqEvU3i5K2ngl/kHrRJQNNg15s=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=QSsA1d3SzS+N0Ko1W43ooxLup5KI1DAA9rcV38ehHupG7gM/p1Fqj6ftiokOXeXWsP1iO9uapUdQXb3k23bZOMHZHq5jKpz7fFN+v8vNMzzcC+DNDH1uiuHasJlbcfEfRibf6veVyWCyraLZZNrH2jntb4F4MJ82uUmY80eHbso= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=SO588cYn; arc=none smtp.client-ip=74.125.224.100 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="SO588cYn" Received: by mail-yx1-f100.google.com with SMTP id 956f58d0204a3-649d589ab0fso275798d50.2 for ; Sun, 12 Apr 2026 21:40:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776055213; x=1776660013; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yEhC8dL15vha3u2nezC8YntUF4AHPl/GJlnlwSrjKaM=; b=JvSFTHx+9dcuQ005lL6UcCkxEx9qqrV91HiBvJSXBS7M5+4OwszwuZyL+GXexJZeLf jlYgndrOnl7Mw2TeoFUpAa0AoORNNtnYok1+7KznNVuzQbdMdSufgRdI3+Oiyw5Tm5d0 G2kMIY/ZZCM0mMvhD7Eu7D8pxypI72QGmEHX2TfL+exl2L62bpTXXjEnl7+Y9bP9vSjO oiPqcTo3bVvjq56bw8Xz35BYDssRDFc4EkseWX/HkGIqlQGwK3g0kvT38WmZTj4g+yZW jkesoRcJRllIbq7fn9GeTW49l73cTY0bEVV30460m4557IZAvsgSueUJR41hPZhiBd6L F2eQ== X-Forwarded-Encrypted: i=1; AFNElJ8BXjvGwq9vU1D4aof98ZAxfh+4xWJ9donBIjHWtFs9rN6uJQ7utWiTMa0SRVz51Rn4ZEBh8YkyWfuwd5g=@vger.kernel.org X-Gm-Message-State: AOJu0Yzwh7BpSXo8WLwLaP2uyIaE5agEJ0vUKGBcV9IHV1VemDR5sA1t J2LNj/4mj5K51pw9MlgJHqAgwJLoW2u+VjFIyGm5+9akTca6TEvNBnBhC2/gAHdYfugmOokoQu3 lgR4zBfn7o9Wqv9sXd6VgNuthaNJb5O98DUVKtegMJX1YJ7mlaOsXn8XTnHOmOQmiU7VmNmv1FJ DcYlL6orKM13lhTEwwMet4XHYNNny9UQ8+mwyzl+VsxDTpDFkBDqeCcQA1TVrwdzFelp7NPXEwE 8HZ9p/kShhXK9XTIFwbJX2jPjlaz4boq76/XbQ= X-Gm-Gg: AeBDiesuNs3fwRQ3upe8nP7vZkNglSRAYgW04a4zt/eMEV9Avqxtl4d2JVpIhvcTG8G S+PMXqE1BqNLQwi3SLjoFCNYx1Fj5gsuxS/bOVOAIMAJwLIhl4VseQ2Csgr9+GMZoOHrtTZVF3j ppgyQ8vBSvKPpz9iO+zeVlFbssd6r3WNCEgQxMPWFBgSwcgX+twz6d4svy0l/0/av75+drSF2qo 8oBL4JXfAxvydbmweM2knFCbjvvMGkYSEKn97dNySM6jJOMkWdie7G0EvY3YTasIeHDa8UXkF0b krU+Wb0fck4k6IV4aHFq678GH/mAMl/zX6FXJto0Z8e5NstH6Fxym3rJLApHLQ0R6iDfVz7P4AJ RoHaeCWUdzRgrNw0e9+gmTVCrbuTPaWjuvdftz+yvOoOU0Hyk9Oy6iWwnCEK53mdMh2JMiUMkT+ X9Vvrb0moWBp86xs4A8DHejsmhy7rKwNjtBrWH8a7SItP/5Q1Ecz7cjEXAPmG5ppcpUBjZks9VN A== X-Received: by 2002:a05:690c:1b:b0:7b3:6ff8:70b7 with SMTP id 00721157ae682-7b36ff882c5mr13471927b3.1.1776055213259; Sun, 12 Apr 2026 21:40:13 -0700 (PDT) Received: from smtp-us-east1-p01-i01-si01.dlp.protect.broadcom.com (address-144-49-247-24.dlp.protect.broadcom.com. [144.49.247.24]) by smtp-relay.gmail.com with ESMTPS id 00721157ae682-7b2abda4884sm1353437b3.20.2026.04.12.21.40.13 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 12 Apr 2026 21:40:13 -0700 (PDT) X-Relaying-Domain: broadcom.com X-CFilter-Loop: Reflected Received: by mail-qv1-f72.google.com with SMTP id 6a1803df08f44-8aca2eeac85so5906986d6.3 for ; Sun, 12 Apr 2026 21:40:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1776055212; x=1776660012; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=yEhC8dL15vha3u2nezC8YntUF4AHPl/GJlnlwSrjKaM=; b=SO588cYnpMSCK8ejZkVQ8h2BFBcwM1VVp/9ajY/xxmPZ+Ir/4sPgpSVTN8K24cZSwf ZPcgEJZ8NBlyX2z9e6sYnGQ6Bu2poj9Pfuo6Rk4i2sdaDSXn+K/FK90LQq2bst/JlWR7 sjFL0ZA9gV8Eb99crGO11wK0VmQVqPiuWlerQ= X-Forwarded-Encrypted: i=1; AFNElJ99ycjxErjolixlGPJkHwCpNgPX8I6FA18ctxjatQ/yIXxtF19s9ASNp+2mGhF/2/nSmihJVZZ9RQ617pw=@vger.kernel.org X-Received: by 2002:a05:6214:2424:b0:89c:5159:ea52 with SMTP id 6a1803df08f44-8ac8627aaacmr140468816d6.7.1776055212376; Sun, 12 Apr 2026 21:40:12 -0700 (PDT) X-Received: by 2002:a05:6214:2424:b0:89c:5159:ea52 with SMTP id 6a1803df08f44-8ac8627aaacmr140468666d6.7.1776055211924; Sun, 12 Apr 2026 21:40:11 -0700 (PDT) Received: from keerthanak-ph5-dev.. ([192.19.161.250]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8aca5222c8esm38017646d6.28.2026.04.12.21.40.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Apr 2026 21:40:11 -0700 (PDT) From: Keerthana K To: stable@vger.kernel.org, gregkh@linuxfoundation.org Cc: pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, ajay.kaher@broadcom.com, alexey.makhalov@broadcom.com, vamsi-krishna.brahmajosyula@broadcom.com, yin.ding@broadcom.com, tapas.kundu@broadcom.com, Stefano Brivio , Mukul Sikka , Brennan Lamoreaux , Keerthana K Subject: [PATCH v5.15-v6.1] netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR Date: Mon, 13 Apr 2026 04:32:47 +0000 Message-ID: <20260413043247.3327855-1-keerthana.kalyanasundaram@broadcom.com> X-Mailer: git-send-email 2.43.7 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-DetectorID-Processed: b00c1d49-9d2e-4205-b15f-d015386d3d5e Content-Type: text/plain; charset="utf-8" From: Florian Westphal commit 07ace0bbe03b3d8e85869af1dec5e4087b1d57b8 upstream pipapo relies on kmalloc(0) returning ZERO_SIZE_PTR (i.e., not NULL but pointer is invalid). Rework this to not call slab allocator when we'd request a 0-byte allocation. Reviewed-by: Stefano Brivio Signed-off-by: Florian Westphal Signed-off-by: Mukul Sikka Signed-off-by: Brennan Lamoreaux [Keerthana: In older stable branches (v6.6 and earlier), the allocation log= ic in pipapo_clone() still relies on `src->rules` rather than `src->rules_alloc` (introduced in v6.9 via 9f439bd6ef4f). Consequently, the previously backported INT_MAX clamping check uses `src->rules`. This patch correctly moves that `src->rules > (INT_MAX / ...)` check inside the new `if (src->rules > 0)` block] Signed-off-by: Keerthana K --- net/netfilter/nft_set_pipapo.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c index 863162c82330..2072c89a467d 100644 --- a/net/netfilter/nft_set_pipapo.c +++ b/net/netfilter/nft_set_pipapo.c @@ -525,6 +525,8 @@ static struct nft_pipapo_elem *pipapo_get(const struct = net *net, int i; =20 m =3D priv->clone; + if (m->bsize_max =3D=3D 0) + return ret; =20 res_map =3D kmalloc_array(m->bsize_max, sizeof(*res_map), GFP_ATOMIC); if (!res_map) { @@ -1365,14 +1367,20 @@ static struct nft_pipapo_match *pipapo_clone(struct= nft_pipapo_match *old) src->bsize * sizeof(*dst->lt) * src->groups * NFT_PIPAPO_BUCKETS(src->bb)); =20 - if (src->rules > (INT_MAX / sizeof(*src->mt))) - goto out_mt; + if (src->rules > 0) { + if (src->rules > (INT_MAX / sizeof(*src->mt))) + goto out_mt; + + dst->mt =3D kvmalloc_array(src->rules, sizeof(*src->mt), + GFP_KERNEL); + if (!dst->mt) + goto out_mt; =20 - dst->mt =3D kvmalloc(src->rules * sizeof(*src->mt), GFP_KERNEL_ACCOUNT); - if (!dst->mt) - goto out_mt; + memcpy(dst->mt, src->mt, src->rules * sizeof(*src->mt)); + } else { + dst->mt =3D NULL; + } =20 - memcpy(dst->mt, src->mt, src->rules * sizeof(*src->mt)); src++; dst++; } --=20 2.43.7