From nobody Tue Apr 14 13:58:39 2026 Received: from mail-yw1-f227.google.com (mail-yw1-f227.google.com [209.85.128.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 60F7B36E48B for ; Tue, 14 Apr 2026 06:39:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.227 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776148745; cv=none; b=NdZFpL0SWcySpXSeAEMCxXpzdSyRlvUEDd3XREelTCLroBmp9SxW3CiAcTlCPqqT63tMY3hYB6fog2x50IvrXuP7pK4JMIkpuiFpBu+LAC/Y8FxLaZD1UhD/IBEfaly4FtjK2ytKvDx0dUcg44Z3GHoSk3n+2hAsg/sSlkjTq4c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776148745; c=relaxed/simple; bh=5ww9EE9Omd+lxTQKlJOWj/4hV3jbfueaHdGT5uwPtjc=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=FpiZO5ta0wHl5vovXvoJnjjnh+lA3ffeslcEtKjAa9GnGXo0nnqGv6q1rwQENYRa1+QyAt/9cOjH9h3MsUoA3KE56zh93xZJYBl/5G6mtgcBoFHuYrvrVz/v5Pv8KiRSdl82Z/qUgsf6hFv5wPZtN1F2dB8q2FdVrLkgpBdzmC4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=Eu6URQhC; arc=none smtp.client-ip=209.85.128.227 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="Eu6URQhC" Received: by mail-yw1-f227.google.com with SMTP id 00721157ae682-79853007604so4754047b3.0 for ; Mon, 13 Apr 2026 23:39:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776148741; x=1776753541; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GYL2a3cReHZZ5YSJ0wmm3zCuDsPFAtU2gKvk7jCr2V0=; b=rJCwnh+jqCrABdwoVB9fVT41+cTDo40KFd2FPzM7sJZFZyc6Dh8N/MQFuLrBkSsa10 lLtbapgYnkPSHXrYaqc+712XMR0Zu3hJHQ25hRIdY+Jqf7Q7u6/x/3M/mGHVrM7E4Br1 YvrrA5rhu7xdLT81UqxED8EpQn4dsJVVTjGps1zYnK82oQ1EyDyCowUxGkgRcvGFZtIh 1VcX/NDNb/nJyswlYf59biTiZ9kKgzCUEvTF99y6ifvPxwz4SsmDVBoFhXk5lWqlLqGb q07XtqkVb3vi8EglVgRry5QgVtAmyHsqgL3W8ObhwbPy4jhtP461AmqcY7k95WjvcMFn wwWA== X-Forwarded-Encrypted: i=1; AFNElJ+bvYqZS+Crd1MVZDrT3TEybqu+Q/KrGs1a4asbq3k8wEltDAcDfsyA8Us10ToSML4DcATy8jW0r5EMlfQ=@vger.kernel.org X-Gm-Message-State: AOJu0YxKvGCwvLMNvkEank4evkvHkXDfS9k2F8kl6P3ZdYx3xXo6/6P5 mMatGjJRzpDNmab9KjomJwuIS1Im2W9sbBiBn5BnbleKSxRP2UezEkTOIDyroXxpdWa5d5c5liF JViRgghRpjpgtXL5thT3e5hrJ60Pyu6ImCPGKt57451eHKjuEv/Tpf5zumIOb4YoymXV2Za235I SX2C6r5aDjQjECDFZVW+ex/lH24wTHInD6chU5IOGkXTGPfe/usuK9qITtq3oUBEGsWjkZPlC5W 5R6pTp0AiBgPnjl3CzejZxjBF90FTkmNoxFtoI= X-Gm-Gg: AeBDievyssdyRF51kUdXkOrzcMGpkOUK6+FMClhrfFHEMOiaxSYveJoWhzmBke5j5yG R6Q6oFG4citupcKNFZ4llXuqk5VDQ65xJgFoSEGkhS/tVYXnmTPIUtsRhjR0ctFWXYOHwuEtmUT hOz7MZ+S8YI2j7qn9Ap+D/CUAByVxkgfRq5ElHEVULDmd7Iu0dCHiMz2cAVnsNWFwcv2hcWjuOY 6RrkhLJekD+ELCbBbtXqdPGUygimimeaaOyP6QUVYrThRSfa//1HaKgY+9rIJ1n1IMzohWAiuTG d3HLgu0mvPObEYwADpgglxm/WWD16gr7P3RCopY6FJIvoA4ih9ayTwnGT8VpgECe13fvh8cjTvT +OItyuQR4S0yEV/zM31jpnaBNKo2Zd+9ZkvdfbmaB7kzR5h3ueCK400HMKsuOTJk6b/mbj1LBwg QSE4MHTeKWVZcCs1gHhbvZawCNb2QNGNN0njZfVccpYSlh7NYHzMBjSDwL4egqQHsnttjgCESKV BBkrcCeK2Lr X-Received: by 2002:a81:8a44:0:b0:7b3:3cbb:d71a with SMTP id 00721157ae682-7b33cbbdc30mr33198047b3.4.1776148741217; Mon, 13 Apr 2026 23:39:01 -0700 (PDT) Received: from smtp-us-east1-p01-i01-si01.dlp.protect.broadcom.com (address-144-49-247-29.dlp.protect.broadcom.com. [144.49.247.29]) by smtp-relay.gmail.com with ESMTPS id 00721157ae682-7af3e37762csm7482257b3.5.2026.04.13.23.39.00 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Apr 2026 23:39:01 -0700 (PDT) X-Relaying-Domain: broadcom.com X-CFilter-Loop: Reflected Received: by mail-dl1-f71.google.com with SMTP id a92af1059eb24-12bf95e7a7bso857198c88.2 for ; Mon, 13 Apr 2026 23:39:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1776148740; x=1776753540; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=GYL2a3cReHZZ5YSJ0wmm3zCuDsPFAtU2gKvk7jCr2V0=; b=Eu6URQhC3iV+FnxPjArmO6tA160eauufzD4dJrNcAGsjIEKmhoPe+M155F533tudRM aBOuuIHfTDbnk8XaO/rMhC9jeTdykKu+Ucy+WjyTaeH0N2oaKJTwr+K3CmD26fAPv1cB AXqdps3MPyjfegbB4WX8ZDl9c+6tZqCxukoAA= X-Forwarded-Encrypted: i=1; AFNElJ/iJSEVO4VZZ/D82qDiIwlO0vA/VRaCEHIj2axy7fGOu+4Mbd8Ct6of3nAkU8sEWXte5LhLe2aWhEOmxSg=@vger.kernel.org X-Received: by 2002:a05:693c:300d:b0:2bd:d8e6:90a0 with SMTP id 5a478bee46e88-2d5c39f6544mr3735044eec.3.1776148739850; Mon, 13 Apr 2026 23:38:59 -0700 (PDT) X-Received: by 2002:a05:693c:300d:b0:2bd:d8e6:90a0 with SMTP id 5a478bee46e88-2d5c39f6544mr3735024eec.3.1776148739232; Mon, 13 Apr 2026 23:38:59 -0700 (PDT) Received: from keerthanak-ph5-dev.. ([192.19.161.250]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2d5630ac330sm19396261eec.29.2026.04.13.23.38.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Apr 2026 23:38:58 -0700 (PDT) From: Keerthana K To: stable@vger.kernel.org, gregkh@linuxfoundation.org Cc: pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, ajay.kaher@broadcom.com, alexey.makhalov@broadcom.com, vamsi-krishna.brahmajosyula@broadcom.com, yin.ding@broadcom.com, tapas.kundu@broadcom.com, Stefano Brivio , Mukul Sikka , Brennan Lamoreaux , Keerthana K Subject: [PATCH v2 v5.15-v6.1] netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR Date: Tue, 14 Apr 2026 06:31:31 +0000 Message-ID: <20260414063131.4054234-1-keerthana.kalyanasundaram@broadcom.com> X-Mailer: git-send-email 2.43.7 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-DetectorID-Processed: b00c1d49-9d2e-4205-b15f-d015386d3d5e Content-Type: text/plain; charset="utf-8" From: Florian Westphal commit 07ace0bbe03b3d8e85869af1dec5e4087b1d57b8 upstream pipapo relies on kmalloc(0) returning ZERO_SIZE_PTR (i.e., not NULL but pointer is invalid). Rework this to not call slab allocator when we'd request a 0-byte allocation. Reviewed-by: Stefano Brivio Signed-off-by: Florian Westphal Signed-off-by: Mukul Sikka Signed-off-by: Brennan Lamoreaux [Keerthana: In older stable branches (v6.6 and earlier), the allocation log= ic in pipapo_clone() still relies on `src->rules` rather than `src->rules_alloc` (introduced in v6.9 via 9f439bd6ef4f). Consequently, the previously backported INT_MAX clamping check uses `src->rules`. This patch correctly moves that `src->rules > (INT_MAX / ...)` check inside the new `if (src->rules > 0)` block] Signed-off-by: Keerthana K --- Changes in v2: - Fixed patch apply failure v1: https://lore.kernel.org/all/20260413043247.3327855-1-keerthana.kalyanas= undaram@broadcom.com/ net/netfilter/nft_set_pipapo.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c index 863162c82330..2072c89a467d 100644 --- a/net/netfilter/nft_set_pipapo.c +++ b/net/netfilter/nft_set_pipapo.c @@ -525,6 +525,8 @@ static struct nft_pipapo_elem *pipapo_get(const struct = net *net, int i; =20 m =3D priv->clone; + if (m->bsize_max =3D=3D 0) + return ret; =20 res_map =3D kmalloc_array(m->bsize_max, sizeof(*res_map), GFP_ATOMIC); if (!res_map) { @@ -1365,14 +1367,20 @@ static struct nft_pipapo_match *pipapo_clone(struct= nft_pipapo_match *old) src->bsize * sizeof(*dst->lt) * src->groups * NFT_PIPAPO_BUCKETS(src->bb)); =20 - if (src->rules > (INT_MAX / sizeof(*src->mt))) - goto out_mt; + if (src->rules > 0) { + if (src->rules > (INT_MAX / sizeof(*src->mt))) + goto out_mt; + + dst->mt =3D kvmalloc_array(src->rules, sizeof(*src->mt), + GFP_KERNEL); + if (!dst->mt) + goto out_mt; =20 - dst->mt =3D kvmalloc(src->rules * sizeof(*src->mt), GFP_KERNEL); - if (!dst->mt) - goto out_mt; + memcpy(dst->mt, src->mt, src->rules * sizeof(*src->mt)); + } else { + dst->mt =3D NULL; + } =20 - memcpy(dst->mt, src->mt, src->rules * sizeof(*src->mt)); src++; dst++; } --=20 2.43.7