Re: "WARNING in nf_ct_alloc_hashtable" in Linux kernel version 6.13.0-rc2
From: Pablo Neira Ayuso
Date: Sun Jan 05 2025 - 16:10:28 EST
Hi,
On Fri, Jan 03, 2025 at 06:01:50PM -0800, Andrew Morton wrote:
> On Fri, 3 Jan 2025 17:12:53 +0800 cheung wall <zzqq0103.hey@xxxxxxxxx> wrote:
>
> > Hello,
> >
> > I am writing to report a potential vulnerability identified in the
> > Linux Kernel version 6.13.0-rc2. This issue was discovered using our
> > custom vulnerability discovery tool.
> >
> > HEAD commit: fac04efc5c793dccbd07e2d59af9f90b7fc0dca4 (tag: v6.13-rc2)
> >
> > Affected File: mm/util.c
> >
> > File: mm/util.c
> >
> > Function: __kvmalloc_node_noprof
>
> (cc netfilter-devel)
>
> This is
>
> /* Don't even allow crazy sizes */
> if (unlikely(size > INT_MAX)) {
> WARN_ON_ONCE(!(flags & __GFP_NOWARN));
> return NULL;
> }
>
> in __kvmalloc_node_noprof().
Ok, then I assume this is a WARN_ON_ONCE splat.
I'm attaching a patch to address this.
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 8666d733b984..13a2097b56e2 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -2516,7 +2516,7 @@ void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls)
BUILD_BUG_ON(sizeof(struct hlist_nulls_head) != sizeof(struct hlist_head));
nr_slots = *sizep = roundup(*sizep, PAGE_SIZE / sizeof(struct hlist_nulls_head));
- hash = kvcalloc(nr_slots, sizeof(struct hlist_nulls_head), GFP_KERNEL);
+ hash = kvcalloc(nr_slots, sizeof(struct hlist_nulls_head), GFP_KERNEL | __GFP_NOWARN);
if (hash && nulls)
for (i = 0; i < nr_slots; i++)