[PATCH AUTOSEL 4.18 07/59] netfilter: ipset: fix ip_set_list allocation failure

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>,
	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
	Pablo Neira Ayuso <pablo@netfilter.org>,
	Sasha Levin <sashal@kernel.org>,
	netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
	netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.18 07/59] netfilter: ipset: fix ip_set_list allocation failure
Date: Wed, 14 Nov 2018 17:22:39 -0500	[thread overview]
Message-ID: <20181114222335.99339-7-sashal@kernel.org> (raw)
In-Reply-To: <20181114222335.99339-1-sashal@kernel.org>

From: Andrey Ryabinin <aryabinin@virtuozzo.com>

[ Upstream commit ed956f3947a01ff9875cd908d7c1ef1fe7f47bf0 ]

ip_set_create() and ip_set_net_init() attempt to allocate physically
contiguous memory for ip_set_list. If memory is fragmented, the
allocations could easily fail:

        vzctl: page allocation failure: order:7, mode:0xc0d0

        Call Trace:
         dump_stack+0x19/0x1b
         warn_alloc_failed+0x110/0x180
         __alloc_pages_nodemask+0x7bf/0xc60
         alloc_pages_current+0x98/0x110
         kmalloc_order+0x18/0x40
         kmalloc_order_trace+0x26/0xa0
         __kmalloc+0x279/0x290
         ip_set_net_init+0x4b/0x90 [ip_set]
         ops_init+0x3b/0xb0
         setup_net+0xbb/0x170
         copy_net_ns+0xf1/0x1c0
         create_new_namespaces+0xf9/0x180
         copy_namespaces+0x8e/0xd0
         copy_process+0xb61/0x1a00
         do_fork+0x91/0x320

Use kvcalloc() to fallback to 0-order allocations if high order
page isn't available.

Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/netfilter/ipset/ip_set_core.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index fa15a831aeee..68db946df151 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -960,7 +960,7 @@ static int ip_set_create(struct net *net, struct sock *ctnl,
 			/* Wraparound */
 			goto cleanup;
 
-		list = kcalloc(i, sizeof(struct ip_set *), GFP_KERNEL);
+		list = kvcalloc(i, sizeof(struct ip_set *), GFP_KERNEL);
 		if (!list)
 			goto cleanup;
 		/* nfnl mutex is held, both lists are valid */
@@ -972,7 +972,7 @@ static int ip_set_create(struct net *net, struct sock *ctnl,
 		/* Use new list */
 		index = inst->ip_set_max;
 		inst->ip_set_max = i;
-		kfree(tmp);
+		kvfree(tmp);
 		ret = 0;
 	} else if (ret) {
 		goto cleanup;
@@ -2058,7 +2058,7 @@ ip_set_net_init(struct net *net)
 	if (inst->ip_set_max >= IPSET_INVALID_ID)
 		inst->ip_set_max = IPSET_INVALID_ID - 1;
 
-	list = kcalloc(inst->ip_set_max, sizeof(struct ip_set *), GFP_KERNEL);
+	list = kvcalloc(inst->ip_set_max, sizeof(struct ip_set *), GFP_KERNEL);
 	if (!list)
 		return -ENOMEM;
 	inst->is_deleted = false;
@@ -2086,7 +2086,7 @@ ip_set_net_exit(struct net *net)
 		}
 	}
 	nfnl_unlock(NFNL_SUBSYS_IPSET);
-	kfree(rcu_dereference_protected(inst->ip_set_list, 1));
+	kvfree(rcu_dereference_protected(inst->ip_set_list, 1));
 }
 
 static struct pernet_operations ip_set_net_ops = {
-- 
2.17.1

next prev parent reply	other threads:[~2018-11-14 22:22 UTC|newest]

Thread overview: 72+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-14 22:22 [PATCH AUTOSEL 4.18 01/59] s390/vdso: add missing FORCE to build targets Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 02/59] HID: i2c-hid: Add a small delay after sleep command for Raydium touchpanel Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 03/59] Revert "HID: add NOGET quirk for Eaton Ellipse MAX UPS" Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 04/59] HID: alps: allow incoming reports when only the trackstick is opened Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 05/59] netfilter: ipset: list:set: Decrease refcount synchronously on deletion and replace Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 06/59] netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net Sasha Levin
2018-11-14 22:22 ` Sasha Levin [this message]
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 08/59] s390/mm: fix mis-accounting of pgtable_bytes Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 09/59] s390/mm: Fix ERROR: "__node_distance" undefined! Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 10/59] bpf: fix bpf_prog_get_info_by_fd to return 0 func_lens for unpriv Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 12/59] net: dsa: microchip: initialize mutex before use Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 13/59] net: bcmgenet: protect stop from timeout Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 14/59] net: systemport: Protect " Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 15/59] netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 16/59] netfilter: xt_IDLETIMER: add sysfs filename checking routine Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 17/59] netfilter: ipset: Fix calling ip_set() macro at dumping Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 18/59] netfilter: nft_compat: ebtables 'nat' table is normal chain type Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 19/59] s390/qeth: fix HiperSockets sniffer Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 20/59] net: hns3: Fix for out-of-bounds access when setting pfc back pressure Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 21/59] mlxsw: spectrum: Fix IP2ME CPU policer configuration Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 22/59] hwmon: (ibmpowernv) Remove bogus __init annotations Sasha Levin
2018-11-14 22:22   ` Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 23/59] net: phy: realtek: fix RTL8201F sysfs name Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 24/59] ARM: dts: fsl: Fix improperly quoted stdout-path values Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 25/59] ARM: dts: imx6sx-sdb: Fix enet phy regulator Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 26/59] Revert "drm/exynos/decon5433: implement frame counter" Sasha Levin
2018-11-14 22:22   ` Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 27/59] arm64: dts: renesas: r8a7795: add missing dma-names on hscif2 Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 28/59] clk: fixed-factor: fix of_node_get-put imbalance Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 29/59] mtd: nand: Fix nanddev_pos_next_page() kernel-doc header Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 30/59] lib/raid6: Fix arm64 test build Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 31/59] drm/amd/display: Stop leaking planes Sasha Levin
2018-11-14 22:23   ` Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 32/59] block: Clear kernel memory before copying to user Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 33/59] drm/amd/amdgpu/dm: Fix dm_dp_create_fake_mst_encoder() Sasha Levin
2018-11-14 22:23   ` Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 34/59] s390/perf: Change CPUM_CF return code in event init function Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 35/59] ceph: quota: fix null pointer dereference in quota check Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 36/59] clk: meson-gxbb: set fclk_div3 as CLK_IS_CRITICAL Sasha Levin
2018-11-14 22:23   ` Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 37/59] clk: meson: axg: mark fdiv2 and fdiv3 as critical Sasha Levin
2018-11-14 22:23   ` Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 38/59] nvme: make sure ns head inherits underlying device limits Sasha Levin
2018-11-14 22:23   ` Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 39/59] i2c: omap: Enable for ARCH_K3 Sasha Levin
2018-11-15  4:35   ` Vignesh R
2018-11-22 19:31     ` Sasha Levin
2018-11-22 19:31       ` Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 40/59] sched/core: Take the hotplug lock in sched_init_smp() Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 41/59] perf tools: Fix undefined symbol scnprintf in libperf-jvmti.so Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 42/59] perf tools: Do not zero sample_id_all for group members Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 43/59] ice: Fix dead device link issue with flow control Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 44/59] ice: Fix the bytecount sent to netdev_tx_sent_queue Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 45/59] i40e: restore NETIF_F_GSO_IPXIP[46] to netdev features Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 46/59] ibmvnic: fix accelerated VLAN handling Sasha Levin
2018-11-14 22:23   ` Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 47/59] qed: Fix memory/entry leak in qed_init_sp_request() Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 48/59] qed: Fix blocking/unlimited SPQ entries leak Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 49/59] qed: Fix SPQ entries not returned to pool in error flows Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 50/59] qed: Fix potential memory corruption Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 51/59] net: stmmac: Fix RX packet size > 8191 Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 53/59] ext4: missing !bh check in ext4_xattr_inode_write() Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 54/59] net: aquantia: fix potential IOMMU fault after driver unbind Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 55/59] net: aquantia: fixed enable unicast on 32 macvlan Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 56/59] net: aquantia: invalid checksumm offload implementation Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 57/59] net: qualcomm: rmnet: Fix incorrect assignment of real_dev Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 58/59] kbuild: deb-pkg: fix too low build version number Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 59/59] net: dsa: mv88e6xxx: Fix clearing of stats counters Sasha Levin
  -- strict thread matches above, loose matches on Subject: below --
2018-11-14 22:22 [AUTOSEL,4.18,11/59] usbnet: smsc95xx: disable carrier check while suspending Sasha Levin
2018-11-14 22:22 ` [PATCH AUTOSEL 4.18 11/59] " Sasha Levin
2018-11-14 22:23 [AUTOSEL,4.18,52/59] net: smsc95xx: Fix MTU range Sasha Levin
2018-11-14 22:23 ` [PATCH AUTOSEL 4.18 52/59] " Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fa15a831aee dfblob:68db946df15 )
 OR (
bs:"[PATCH AUTOSEL 4.18 07/59] netfilter: ipset: fix ip_set_list allocation failure" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181114222335.99339-7-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=aryabinin@virtuozzo.com \
    --cc=coreteam@netfilter.org \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.