]> git.ipfire.org Git - thirdparty/linux.git/commit
projects / thirdparty / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 13210fc) | patch
netfilter: conntrack: clamp maximum hashtable size to INT_MAX
authorPablo Neira Ayuso <pablo@netfilter.org>
Wed, 8 Jan 2025 21:56:33 +0000 (22:56 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 9 Jan 2025 12:29:45 +0000 (13:29 +0100)
commitb541ba7d1f5a5b7b3e2e22dc9e40e18a7d6dbc13
tree2d78a3f0d61b3a175e31129834146aa807e895bctree
parent13210fc63f353fe78584048079343413a3cdf819commit | diff
netfilter: conntrack: clamp maximum hashtable size to INT_MAX

Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it
is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when
resizing hashtable because __GFP_NOWARN is unset. See:

  0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls")

Note: hashtable resize is only possible from init_netns.

Fixes: 9cc1c73ad666 ("netfilter: conntrack: avoid integer overflow when resizing")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_conntrack_core.c diff | blob | blame | history
A mirror of Linus' kernel repository