Re: [PATCH v5.15-v6.1] netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR

Next message: Shawn Guo: "Re: [PATCH 1/2] dt-bindings: arm: cpus: Restore qcom,oryon-1-4 compatible"
Previous message: Ulf Hansson: "[GIT PULL] MMC updates for v7.1"
In reply to: Keerthana K: "[PATCH v5.15-v6.1] netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg KH

Date: Mon Apr 13 2026 - 08:06:08 EST

On Mon, Apr 13, 2026 at 04:32:47AM +0000, Keerthana K wrote:
> From: Florian Westphal <fw@xxxxxxxxx>
>
> commit 07ace0bbe03b3d8e85869af1dec5e4087b1d57b8 upstream
>
> pipapo relies on kmalloc(0) returning ZERO_SIZE_PTR (i.e., not NULL
> but pointer is invalid).
>
> Rework this to not call slab allocator when we'd request a 0-byte
> allocation.
>
> Reviewed-by: Stefano Brivio <sbrivio@xxxxxxxxxx>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> Signed-off-by: Mukul Sikka <mukul.sikka@xxxxxxxxxxxx>
> Signed-off-by: Brennan Lamoreaux <brennan.lamoreaux@xxxxxxxxxxxx>
> [Keerthana: In older stable branches (v6.6 and earlier), the allocation logic in
> pipapo_clone() still relies on `src->rules` rather than `src->rules_alloc`
> (introduced in v6.9 via 9f439bd6ef4f). Consequently, the previously
> backported INT_MAX clamping check uses `src->rules`. This patch correctly
> moves that `src->rules > (INT_MAX / ...)` check inside the new
> `if (src->rules > 0)` block]
> Signed-off-by: Keerthana K <keerthana.kalyanasundaram@xxxxxxxxxxxx>
> ---
> net/netfilter/nft_set_pipapo.c | 20 ++++++++++++++------
> 1 file changed, 14 insertions(+), 6 deletions(-)

Does not apply to 5.15.y :(