netfilter: nf_tables: fix out of memory error handling

[ Upstream commit 5e1be4cdc9 ]

Several instances of pipapo_resize() don't propagate allocation failures,
this causes a crash when fault injection is enabled for gfp_kernel slabs.

Fixes: 3c4287f620 ("nf_tables: Add set type for arbitrary concatenation of ranges")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Florian Westphal 2023-08-22 19:49:52 +02:00 committed by Greg Kroah-Hartman
parent 41841b585e
commit ed3fe5f902
1 changed files with 10 additions and 3 deletions

View File

@ -901,12 +901,14 @@ static void pipapo_lt_bits_adjust(struct nft_pipapo_field *f)
static int pipapo_insert(struct nft_pipapo_field *f, const uint8_t *k, static int pipapo_insert(struct nft_pipapo_field *f, const uint8_t *k,
int mask_bits) int mask_bits)
{ {
int rule = f->rules++, group, ret, bit_offset = 0; int rule = f->rules, group, ret, bit_offset = 0;
ret = pipapo_resize(f, f->rules - 1, f->rules); ret = pipapo_resize(f, f->rules, f->rules + 1);
if (ret) if (ret)
return ret; return ret;
f->rules++;
for (group = 0; group < f->groups; group++) { for (group = 0; group < f->groups; group++) {
int i, v; int i, v;
u8 mask; u8 mask;
@ -1051,7 +1053,9 @@ static int pipapo_expand(struct nft_pipapo_field *f,
step++; step++;
if (step >= len) { if (step >= len) {
if (!masks) { if (!masks) {
pipapo_insert(f, base, 0); err = pipapo_insert(f, base, 0);
if (err < 0)
return err;
masks = 1; masks = 1;
} }
goto out; goto out;
@ -1234,6 +1238,9 @@ static int nft_pipapo_insert(const struct net *net, const struct nft_set *set,
else else
ret = pipapo_expand(f, start, end, f->groups * f->bb); ret = pipapo_expand(f, start, end, f->groups * f->bb);
if (ret < 0)
return ret;
if (f->bsize > bsize_max) if (f->bsize > bsize_max)
bsize_max = f->bsize; bsize_max = f->bsize;