From nobody Sat Jun 20 16:34:00 2026 Received: from mail-qv1-f98.google.com (mail-qv1-f98.google.com [209.85.219.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0FC053815D2 for ; Mon, 13 Apr 2026 04:40:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.98 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776055233; cv=none; b=EsSDOW2yQILFQuzA5xgo2m8kIhg4JBaKT8SBVIJnuOt5Hd7hEuOLDVdI+JkFgRQT/hbydqCh8zCi+zZgzDWvstkn41OJTbN/zBRd6uwdB+v5WNnzQHBUs4QtIwGZSG7gs0A0nKCwXEzZwpqBuJrPjgPTLDvB8StpRTzdq4VA1Fw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776055233; c=relaxed/simple; bh=eUByrnPJ2nona1QXhiPKoFAJ4ou5D+Pn4Dg2jpFDt6M=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=LEle8RnXFyZvBgo/m8O+nHADK4mDJJ7TOauB4N7KkETiHgZGUbvPLvvLdaSTYghpKbSwVF7BmIA6P1GxG+K24q+B699ZHajGyExUA8bPL4obQ1FQjUs/hgxa+alPLIViD4NcahAe7u1XaofsKIW/VDqtOmvrkLjdW5eCBshybXI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=Bsl+aEeG; arc=none smtp.client-ip=209.85.219.98 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="Bsl+aEeG" Received: by mail-qv1-f98.google.com with SMTP id 6a1803df08f44-8a50968fd07so4491576d6.0 for ; Sun, 12 Apr 2026 21:40:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776055231; x=1776660031; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2l7i8vnpUJQTdJaWwY66SR5P0SKGOILNorZy9BBZKRQ=; b=XZSAnv72cOXqOPPQmt+ip0RpqJhPx5OAsQbOhmrEqRAJMK5I09BiQ+VvRdLUxRu+wQ rMPQ5zg1inUBxVvVm5dzFoySugoK6tutSqas9iD9fKT+3GraIxhhIASjzZfctdL5cVco QBjXqUMmp29lSB9nUVaQ1J2TQtqnrVicM5AQFnMXqyl5XHJEHWZ7tDD1SoMRZLjWgA9U EOOy5IqP0VEqRke/fyGzDBEtJSGgLLat/v6TcCWCdaWFOn90xZoTIssT0j65xdCgg6BA qZ3bbW31Yb3+dUj6mvy9wgvR7+b/vsxCQBhPP9+byUdiVrn7CAbtX1c66O81vj0Vqd0z JaIA== X-Forwarded-Encrypted: i=1; AJvYcCUu8vvmJmG6BQSHGYtLRxXax7NTh/MGPEjlYp9+aJsWMZwCibLrBZYynoWFoGcPIXlNDzwuaYqjGQSa41Y=@vger.kernel.org X-Gm-Message-State: AOJu0Yy+g0zaEcIK5xZLZRpVHpUFJ/XvF8yPphNpX2Iiyuwz1LJWiFZa Mh4NafD6V2W6RCBJBDD9ITCFAtR5cGy9ZcQTx3a3Q+DcGxCZjio7N94zWfXZ0cCu5MYhzJ7KqkQ ijInKnpWWWCHIBjlISsFwnnB/3Mf9jg6qAY0K7BM62sy3/03RAE+cKunHTL3kQyk3mWh1iYXBSK yVnUjn3JwM42iTGf1nKM3V1KB4mSyFFNcOlWYPITNOHOWenlGYnkcJswkyw97eDGZw1SYRgqJBU a1FFL9Fy+DkHVX4uVZCfxJ9tjzogyzudrA0syc= X-Gm-Gg: AeBDieu7dfwkpIgHV86L2/8oqHRdkaS9p0zRxnGHP7eLDD2M0c5cSFJpDpPHtl1rqzm pBDWGTqs8FQ3vKbaX06ZJ0vOhy6dxFJnwYoIi/aKg1YUnJXRIstTpjNstw9t38Oauphf5cErh1J Msre4qm4VayMBprY5eVtCevGyTgVLEjnQtFIO8YeTPEpwof496ij9s05q5PvLmgO7W8lVmjeNkQ 9YpOk9lgRPEulhry9yIsTYD3NgBtGGCLQgQqKuqKpF9/zGZRlzO3AAgA+izJM2Mlmc+FGNsDtqc slUy0Uu87JrbBWQDpEn/A6jL6mC7a81l3NsODzvr6jKMgcuksOx+2yHqHECHWQkqPhhcQ51xzhG JILD9uBWhOpG6nSKnNTbzBxoWBybcdCNTuG5Y+pA55Jlz8xvDslwSiURNQlkUF+vdpOyNtnPwkO 96uFneHTpnqZhNfpXZyP7aBe8Vb1xwmZij0p8mY4nrrsYEm7GCWV5BK+CDD9jndP+7lH32MWz/r w== X-Received: by 2002:a05:620a:4547:b0:8d7:a2b3:3aaf with SMTP id af79cd13be357-8dde924b1f5mr1049971585a.1.1776055230945; Sun, 12 Apr 2026 21:40:30 -0700 (PDT) Received: from smtp-us-east1-p01-i01-si01.dlp.protect.broadcom.com (address-144-49-247-24.dlp.protect.broadcom.com. [144.49.247.24]) by smtp-relay.gmail.com with ESMTPS id af79cd13be357-8e08054d673sm9637085a.2.2026.04.12.21.40.29 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 12 Apr 2026 21:40:30 -0700 (PDT) X-Relaying-Domain: broadcom.com X-CFilter-Loop: Reflected Received: by mail-dl1-f71.google.com with SMTP id a92af1059eb24-12713e56abaso1371674c88.3 for ; Sun, 12 Apr 2026 21:40:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1776055229; x=1776660029; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=2l7i8vnpUJQTdJaWwY66SR5P0SKGOILNorZy9BBZKRQ=; b=Bsl+aEeG4YLqFSpfbtV7Jd9pMFk2JSju6AQGoN4NqSduQqZnCgkIF8Ld5R94KaR51M sZC4bVByMRuFyGBgGuFzVzda/YmbojVV8OZcHIi1Rt4g0GOAK5gxZsC4S8UrTTrtYUOW nA/q1LToHVseQb6q9tXlIO6+Si3rQ2LsU54pA= X-Forwarded-Encrypted: i=1; AFNElJ+fH0TMD5BUXTFlRLh4s/y9pW/iHderbdfl6ly5y8co3pW9DS7vvrpf1nlP5rU0MY2ISq9iK4vtdyabV9E=@vger.kernel.org X-Received: by 2002:a05:7301:1e84:b0:2cb:de38:c76f with SMTP id 5a478bee46e88-2d5c3f14ed2mr2494762eec.6.1776055228850; Sun, 12 Apr 2026 21:40:28 -0700 (PDT) X-Received: by 2002:a05:7301:1e84:b0:2cb:de38:c76f with SMTP id 5a478bee46e88-2d5c3f14ed2mr2494757eec.6.1776055228195; Sun, 12 Apr 2026 21:40:28 -0700 (PDT) Received: from keerthanak-ph5-dev.. ([192.19.161.250]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2d562db64c4sm14677061eec.27.2026.04.12.21.40.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Apr 2026 21:40:27 -0700 (PDT) From: Keerthana K To: stable@vger.kernel.org, gregkh@linuxfoundation.org Cc: pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, ajay.kaher@broadcom.com, alexey.makhalov@broadcom.com, vamsi-krishna.brahmajosyula@broadcom.com, yin.ding@broadcom.com, tapas.kundu@broadcom.com, Stefano Brivio , Mukul Sikka , Brennan Lamoreaux , Keerthana K Subject: [PATCH v5.10] netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR Date: Mon, 13 Apr 2026 04:33:04 +0000 Message-ID: <20260413043304.3327873-1-keerthana.kalyanasundaram@broadcom.com> X-Mailer: git-send-email 2.43.7 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-DetectorID-Processed: b00c1d49-9d2e-4205-b15f-d015386d3d5e Content-Type: text/plain; charset="utf-8" From: Florian Westphal commit 07ace0bbe03b3d8e85869af1dec5e4087b1d57b8 upstream pipapo relies on kmalloc(0) returning ZERO_SIZE_PTR (i.e., not NULL but pointer is invalid). Rework this to not call slab allocator when we'd request a 0-byte allocation. Reviewed-by: Stefano Brivio Signed-off-by: Florian Westphal Signed-off-by: Mukul Sikka Signed-off-by: Brennan Lamoreaux [Keerthana: In older stable branches (v6.6 and earlier), the allocation log= ic in pipapo_clone() still relies on `src->rules` rather than `src->rules_alloc` (introduced in v6.9 via 9f439bd6ef4f). Consequently, the previously backported INT_MAX clamping check uses `src->rules`. This patch correctly moves that `src->rules > (INT_MAX / ...)` check inside the new `if (src->rules > 0)` block] Signed-off-by: Keerthana K --- net/netfilter/nft_set_pipapo.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c index a4fdd1587bb3..83606dfde033 100644 --- a/net/netfilter/nft_set_pipapo.c +++ b/net/netfilter/nft_set_pipapo.c @@ -524,6 +524,9 @@ static struct nft_pipapo_elem *pipapo_get(const struct = net *net, struct nft_pipapo_field *f; int i; =20 + if (m->bsize_max =3D=3D 0) + return ret; + res_map =3D kmalloc_array(m->bsize_max, sizeof(*res_map), GFP_ATOMIC); if (!res_map) { ret =3D ERR_PTR(-ENOMEM); @@ -1363,14 +1366,20 @@ static struct nft_pipapo_match *pipapo_clone(struct= nft_pipapo_match *old) src->bsize * sizeof(*dst->lt) * src->groups * NFT_PIPAPO_BUCKETS(src->bb)); =20 - if (src->rules > (INT_MAX / sizeof(*src->mt))) - goto out_mt; + if (src->rules > 0) { + if (src->rules > (INT_MAX / sizeof(*src->mt))) + goto out_mt; =20 - dst->mt =3D kvmalloc(src->rules * sizeof(*src->mt), GFP_KERNEL); - if (!dst->mt) - goto out_mt; + dst->mt =3D kvmalloc_array(src->rules, sizeof(*src->mt), + GFP_KERNEL); + if (!dst->mt) + goto out_mt; + + memcpy(dst->mt, src->mt, src->rules * sizeof(*src->mt)); + } else { + dst->mt =3D NULL; + } =20 - memcpy(dst->mt, src->mt, src->rules * sizeof(*src->mt)); src++; dst++; } --=20 2.43.7