[Devel] [PATCH RH7] netfilter: ipset: zero the area of ip_set_list allocation
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Fri Jul 5 12:17:00 MSK 2024
please drop it, kvzalloc does the zeroing:
static inline void *kvzalloc(size_t size, gfp_t flags)
{
return kvmalloc(size, flags | __GFP_ZERO);
}
On 7/5/24 11:54, Pavel Tikhomirov wrote:
> In [1] we replace kcalloc with kvzalloc, this is wrong as it stops
> zeroing the allocated area. Let's switch to kvcalloc instead.
>
> This makes [1] correspond to mainstream version of the patch.
>
> This non-zeroing may lead to arbitrary data treated as pointer to
> ip_set and potentially lead to memory corruption, so it may be related
> to what happens in PSBM-155867.
>
> https://virtuozzo.atlassian.net/browse/PSBM-155867
> Fixes: 122780c561646 ("ms/netfilter: ipset: fix ip_set_list allocation failure") [1]
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> ---
> net/netfilter/ipset/ip_set_core.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
> index d47d97839fa7a..4a7c91bf1ebc2 100644
> --- a/net/netfilter/ipset/ip_set_core.c
> +++ b/net/netfilter/ipset/ip_set_core.c
> @@ -988,7 +988,7 @@ ip_set_create(struct sock *ctnl, struct sk_buff *skb,
> /* Wraparound */
> goto cleanup;
>
> - list = kvzalloc(sizeof(struct ip_set *) * i, GFP_KERNEL);
> + list = kvcalloc(i, sizeof(struct ip_set *), GFP_KERNEL);
> if (!list)
> goto cleanup;
> /* nfnl mutex is held, both lists are valid */
> @@ -2213,7 +2213,7 @@ ip_set_net_init(struct net *net)
> if (inst->ip_set_max >= IPSET_INVALID_ID)
> inst->ip_set_max = IPSET_INVALID_ID - 1;
>
> - list = kvzalloc(sizeof(struct ip_set *) * inst->ip_set_max, GFP_KERNEL);
> + list = kvcalloc(inst->ip_set_max, sizeof(struct ip_set *), GFP_KERNEL);
> if (!list)
> return -ENOMEM;
> inst->is_deleted = false;
--
Best regards, Tikhomirov Pavel
Senior Software Developer, Virtuozzo.
More information about the Devel
mailing list