--- /dev/null
+From 30c1d25b9870d551be42535067d5481668b5e6f3 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Mon, 11 Aug 2025 12:26:10 +0200
+Subject: netfilter: nft_set_pipapo: fix null deref for empty set
+
+From: Florian Westphal <fw@strlen.de>
+
+commit 30c1d25b9870d551be42535067d5481668b5e6f3 upstream.
+
+Blamed commit broke the check for a null scratch map:
+ - if (unlikely(!m || !*raw_cpu_ptr(m->scratch)))
+ + if (unlikely(!raw_cpu_ptr(m->scratch)))
+
+This should have been "if (!*raw_ ...)".
+Use the pattern of the avx2 version which is more readable.
+
+This can only be reproduced if avx2 support isn't available.
+
+Fixes: d8d871a35ca9 ("netfilter: nft_set_pipapo: merge pipapo_get/lookup")
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nft_set_pipapo.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/net/netfilter/nft_set_pipapo.c
++++ b/net/netfilter/nft_set_pipapo.c
+@@ -426,10 +426,9 @@ static struct nft_pipapo_elem *pipapo_ge
+
+ local_bh_disable();
+
+- if (unlikely(!raw_cpu_ptr(m->scratch)))
+- goto out;
+-
+ scratch = *raw_cpu_ptr(m->scratch);
++ if (unlikely(!scratch))
++ goto out;
+
+ map_index = scratch->map_index;
+
--- /dev/null
+From 00a241f528427b63c415a410293b86e66098888e Mon Sep 17 00:00:00 2001
+From: Guenter Roeck <linux@roeck-us.net>
+Date: Wed, 16 Apr 2025 18:09:50 -0700
+Subject: x86: disable image size check for test builds
+
+From: Guenter Roeck <linux@roeck-us.net>
+
+commit 00a241f528427b63c415a410293b86e66098888e upstream.
+
+64-bit allyesconfig builds fail with
+
+x86_64-linux-ld: kernel image bigger than KERNEL_IMAGE_SIZE
+
+Bisect points to commit 6f110a5e4f99 ("Disable SLUB_TINY for build
+testing") as the responsible commit. Reverting that patch does indeed fix
+the problem. Further analysis shows that disabling SLUB_TINY enables
+KASAN, and that KASAN is responsible for the image size increase.
+
+Solve the build problem by disabling the image size check for test
+builds.
+
+[akpm@linux-foundation.org: add comment, fix nearby typo (sink->sync)]
+[akpm@linux-foundation.org: fix comment snafu
+ Link: https://lore.kernel.org/oe-kbuild-all/202504191813.4r9H6Glt-lkp@intel.com/
+Link: https://lkml.kernel.org/r/20250417010950.2203847-1-linux@roeck-us.net
+Fixes: 6f110a5e4f99 ("Disable SLUB_TINY for build testing")
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Alexander Potapenko <glider@google.com>
+Cc: Andrey Konovalov <andreyknvl@gmail.com>
+Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
+Cc: Borislav Betkov <bp@alien8.de>
+Cc: Dmitriy Vyukov <dvyukov@google.com>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Thomas Gleinxer <tglx@linutronix.de>
+Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
+Cc: <x86@kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kernel/vmlinux.lds.S | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/vmlinux.lds.S
++++ b/arch/x86/kernel/vmlinux.lds.S
+@@ -486,10 +486,18 @@ SECTIONS
+ }
+
+ /*
+- * The ASSERT() sink to . is intentional, for binutils 2.14 compatibility:
++ * COMPILE_TEST kernels can be large - CONFIG_KASAN, for example, can cause
++ * this. Let's assume that nobody will be running a COMPILE_TEST kernel and
++ * let's assert that fuller build coverage is more valuable than being able to
++ * run a COMPILE_TEST kernel.
++ */
++#ifndef CONFIG_COMPILE_TEST
++/*
++ * The ASSERT() sync to . is intentional, for binutils 2.14 compatibility:
+ */
+ . = ASSERT((_end - LOAD_OFFSET <= KERNEL_IMAGE_SIZE),
+ "kernel image bigger than KERNEL_IMAGE_SIZE");
++#endif
+
+ /* needed for Clang - see arch/x86/entry/entry.S */
+ PROVIDE(__ref_stack_chk_guard = __stack_chk_guard);
projects / thirdparty / kernel / stable-queue.git / commitdiff
