In [1] we replace kcalloc with kvzalloc, this is wrong as it stops zeroing the allocated area. Let's switch to kvcalloc instead.
This makes [1] correspond to mainstream version of the patch. This non-zeroing may lead to arbitrary data treated as pointer to ip_set and potentially lead to memory corruption, so it may be related to what happens in PSBM-155867. https://virtuozzo.atlassian.net/browse/PSBM-155867 Fixes: 122780c561646 ("ms/netfilter: ipset: fix ip_set_list allocation failure") [1] Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com> --- net/netfilter/ipset/ip_set_core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index d47d97839fa7a..4a7c91bf1ebc2 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -988,7 +988,7 @@ ip_set_create(struct sock *ctnl, struct sk_buff *skb, /* Wraparound */ goto cleanup; - list = kvzalloc(sizeof(struct ip_set *) * i, GFP_KERNEL); + list = kvcalloc(i, sizeof(struct ip_set *), GFP_KERNEL); if (!list) goto cleanup; /* nfnl mutex is held, both lists are valid */ @@ -2213,7 +2213,7 @@ ip_set_net_init(struct net *net) if (inst->ip_set_max >= IPSET_INVALID_ID) inst->ip_set_max = IPSET_INVALID_ID - 1; - list = kvzalloc(sizeof(struct ip_set *) * inst->ip_set_max, GFP_KERNEL); + list = kvcalloc(inst->ip_set_max, sizeof(struct ip_set *), GFP_KERNEL); if (!list) return -ENOMEM; inst->is_deleted = false; -- 2.45.2 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
