From nobody Tue Apr 14 14:08:28 2026 Received: from mail-dl1-f99.google.com (mail-dl1-f99.google.com [74.125.82.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5546136E483 for ; Tue, 14 Apr 2026 06:40:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.99 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776148818; cv=none; b=h4GkZta0tFWEg+D4oLSPyXKqL/oxtCsqDaLbhz245Ugwj2clZZGC0k2n2iQ6hgUsVojPwZC6hOqgRu66ePDBhHSHdoBIQOHLN9jjUgntN4TUU8h8vuAP8lCFRik7pYbf6fpognF0++tzZMjnxxXyZW8BeBLceYBMHw8rsJZFAHY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776148818; c=relaxed/simple; bh=eUByrnPJ2nona1QXhiPKoFAJ4ou5D+Pn4Dg2jpFDt6M=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=PGfsius9L8SsrGUFTNdXtPablRKT2AM2C50zhN2ksykitEjyeHd7Bltm1qFk5rPLe+D4xlqQNPC1CIoawkCqWMrUyuXG2Me24Pk4Xjw9wMranaP53vB4+NNQcPmkMNLhLSzVRZ0637OUOGfPe7pC9oHD3XDsP89BBfAsOIgGaO4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com; spf=fail smtp.mailfrom=broadcom.com; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b=Ti2EBGoj; arc=none smtp.client-ip=74.125.82.99 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=broadcom.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=broadcom.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="Ti2EBGoj" Received: by mail-dl1-f99.google.com with SMTP id a92af1059eb24-124b07e5fe4so823247c88.3 for ; Mon, 13 Apr 2026 23:40:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776148816; x=1776753616; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2l7i8vnpUJQTdJaWwY66SR5P0SKGOILNorZy9BBZKRQ=; b=qT697SVOLp6KlerRCUOUPwzUQ+ly2m8fK/MxQi9KRqxnZPc5eI7st5st/0ee2COk6y BEm95dFuH5kSrzGG9BH/P9BNTnHBuN6m3ZslZKMPLvI4OI9AANXSb1/J2bTF+daOgdka zENbLNmOUyHXoIHI7os8s2J6vt/fTMktpFFUTp4PNCMpR5YzQKsPo2e8t/NbAXnlqhkt Yj1ObSwowsjN9iT3GUmch0FL90YTJ4401M72ikZHJ+KBWi3/FWMWsnL652js1bYf6DPT 9S0SJ988rzysseS9VmGrt2zplqYDYsMcjTMQnXp7xyHReyOhamMJ/0iwmg5YFoeT0E6p kuqA== X-Forwarded-Encrypted: i=1; AFNElJ/5CPZgIzVPMgD5DfmcQeye0TeouSopirqQ2rpNfk3Cuxufj1dyVn8nekLxJ7J1UxEM7vxd5gAX8X1LjaI=@vger.kernel.org X-Gm-Message-State: AOJu0YziZfnxXkrAKSD2mqir7JCx8BNYwzrygA6eZj4KqDGLeirYGrgF I2QynsuRjt9viTNLoOPNl2Gx9mr58Ki0tVKAVIt0qGQmcif+JmhgNArydUjIqe3XvvtjHSMnVOr h02OXwLs871dO25M8Xp5oh9O/SrqhJ5boSbFCwrqmMNYU/Sfzv7S4EN+JLeFmjvIfUbmfUyWQ48 yTxjpe2i2AeeRU4sDboQIBhBTfDqr4TVUqDHLfPxWBR/d+r4ouwIjmNs2HVdGAT/VGlnn+NlgNm 7VEzHKQuHg8VinOjiTB+sbWf7NUPIL3LOKLVA4= X-Gm-Gg: AeBDievBpoge8PS6GHmE92+dNNkZvSlr7WEvrIMHXYCnUO2eoP+cakeBAerLgaAIXSv X1UPK9+NII/0EKa0wsf5Y1zIvTzOH8y1Oy0wUqEwjwhcd7J0u69HQpjoybTxcaz51SLD5JK+ocq 41roF9S8vhcdsWp/IWPvJ/waIoQu1bARFnJJKHACnPsbag3S9mIuyvqH/tNsRLKsvIQYrEAkptG AotASeP56i8H3E8xsFuLz/VrZURsynKh86vTDUykau6pPFVCVv6GUM6/eMEQCKxOOjk6REmDnZJ OuVnkT/lLwuSySACX5S/1HGa7zohB7/pFGjTI5SjFrmAE5mZBMpDN52L3QXnPRJJOvFJlSbtGVi SCIHkvgs+KeA//TTJBqyAwvigI0wem7obLbmtXhhedsLJWelMAj4pMdr6RV4qhsFvw8tW+mFFnb HR6C2WDX7DRf5gvoidoPBTIilviaTBZ34U3BgIRT4SfkDimkQL6OUrMs/fU1ezB1ggxMyHh4sYK EgxRgfAr5p8 X-Received: by 2002:a05:693c:2c11:b0:2c5:704f:7157 with SMTP id 5a478bee46e88-2d5c1a338bamr3592015eec.2.1776148816234; Mon, 13 Apr 2026 23:40:16 -0700 (PDT) Received: from smtp-us-east1-p01-i01-si01.dlp.protect.broadcom.com (address-144-49-247-24.dlp.protect.broadcom.com. [144.49.247.24]) by smtp-relay.gmail.com with ESMTPS id 5a478bee46e88-2dd546624cesm40934eec.3.2026.04.13.23.40.15 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Apr 2026 23:40:16 -0700 (PDT) X-Relaying-Domain: broadcom.com X-CFilter-Loop: Reflected Received: by mail-qk1-f200.google.com with SMTP id af79cd13be357-8e141739794so39251685a.2 for ; Mon, 13 Apr 2026 23:40:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1776148814; x=1776753614; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=2l7i8vnpUJQTdJaWwY66SR5P0SKGOILNorZy9BBZKRQ=; b=Ti2EBGojhCEoCjHxHmHkv1o2ejoAfa6151Jh1Nh6c07CljOglc3Gg6ilw9iYl3JpGB MyCp2ORQ054YiPpwIYlIglO58Sqv24PC0plyxkj0v9j+V8Xu5h4yyx0afm3nrrgikHhv YJOtXhgylpAmOE1lrjxoGAuNW8CdR6HZ2Z9N4= X-Forwarded-Encrypted: i=1; AFNElJ8JJHsQrNbf2SpvJCXPK97qh5WiZQ1QWTsfp2gE0vqLPgPNNP3KZWNSFQsOEBKPPluGAdL77C6E8mspZkg=@vger.kernel.org X-Received: by 2002:a05:620a:44d1:b0:8cf:c757:f1e8 with SMTP id af79cd13be357-8ddec1f0d27mr1636846785a.7.1776148814378; Mon, 13 Apr 2026 23:40:14 -0700 (PDT) X-Received: by 2002:a05:620a:44d1:b0:8cf:c757:f1e8 with SMTP id af79cd13be357-8ddec1f0d27mr1636845685a.7.1776148813891; Mon, 13 Apr 2026 23:40:13 -0700 (PDT) Received: from keerthanak-ph5-dev.. ([192.19.161.250]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8aca5222c8esm71566416d6.28.2026.04.13.23.40.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Apr 2026 23:40:13 -0700 (PDT) From: Keerthana K To: stable@vger.kernel.org, gregkh@linuxfoundation.org Cc: pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, ajay.kaher@broadcom.com, alexey.makhalov@broadcom.com, vamsi-krishna.brahmajosyula@broadcom.com, yin.ding@broadcom.com, tapas.kundu@broadcom.com, Stefano Brivio , Mukul Sikka , Brennan Lamoreaux , Keerthana K Subject: [PATCH v5.10] netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR Date: Tue, 14 Apr 2026 06:32:43 +0000 Message-ID: <20260414063243.4062926-1-keerthana.kalyanasundaram@broadcom.com> X-Mailer: git-send-email 2.43.7 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-DetectorID-Processed: b00c1d49-9d2e-4205-b15f-d015386d3d5e Content-Type: text/plain; charset="utf-8" From: Florian Westphal commit 07ace0bbe03b3d8e85869af1dec5e4087b1d57b8 upstream pipapo relies on kmalloc(0) returning ZERO_SIZE_PTR (i.e., not NULL but pointer is invalid). Rework this to not call slab allocator when we'd request a 0-byte allocation. Reviewed-by: Stefano Brivio Signed-off-by: Florian Westphal Signed-off-by: Mukul Sikka Signed-off-by: Brennan Lamoreaux [Keerthana: In older stable branches (v6.6 and earlier), the allocation log= ic in pipapo_clone() still relies on `src->rules` rather than `src->rules_alloc` (introduced in v6.9 via 9f439bd6ef4f). Consequently, the previously backported INT_MAX clamping check uses `src->rules`. This patch correctly moves that `src->rules > (INT_MAX / ...)` check inside the new `if (src->rules > 0)` block] Signed-off-by: Keerthana K --- net/netfilter/nft_set_pipapo.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c index a4fdd1587bb3..83606dfde033 100644 --- a/net/netfilter/nft_set_pipapo.c +++ b/net/netfilter/nft_set_pipapo.c @@ -524,6 +524,9 @@ static struct nft_pipapo_elem *pipapo_get(const struct = net *net, struct nft_pipapo_field *f; int i; =20 + if (m->bsize_max =3D=3D 0) + return ret; + res_map =3D kmalloc_array(m->bsize_max, sizeof(*res_map), GFP_ATOMIC); if (!res_map) { ret =3D ERR_PTR(-ENOMEM); @@ -1363,14 +1366,20 @@ static struct nft_pipapo_match *pipapo_clone(struct= nft_pipapo_match *old) src->bsize * sizeof(*dst->lt) * src->groups * NFT_PIPAPO_BUCKETS(src->bb)); =20 - if (src->rules > (INT_MAX / sizeof(*src->mt))) - goto out_mt; + if (src->rules > 0) { + if (src->rules > (INT_MAX / sizeof(*src->mt))) + goto out_mt; =20 - dst->mt =3D kvmalloc(src->rules * sizeof(*src->mt), GFP_KERNEL); - if (!dst->mt) - goto out_mt; + dst->mt =3D kvmalloc_array(src->rules, sizeof(*src->mt), + GFP_KERNEL); + if (!dst->mt) + goto out_mt; + + memcpy(dst->mt, src->mt, src->rules * sizeof(*src->mt)); + } else { + dst->mt =3D NULL; + } =20 - memcpy(dst->mt, src->mt, src->rules * sizeof(*src->mt)); src++; dst++; } --=20 2.43.7