Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753396AbeAFWwW (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Sat, 6 Jan 2018 17:52:22 -0500
Received: from mail.us.es ([193.147.175.20]:37958 "EHLO mail.us.es"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751915AbeAFWwU (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 6 Jan 2018 17:52:20 -0500
Date: Sat, 6 Jan 2018 23:52:12 +0100
X-SMTPAUTHUS: auth mail.us.es
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: kadlec@blackhole.kfki.hu, fw@strlen.de, davem@davemloft.net,
        netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] netfilter: fix int overflow in xt_alloc_table_info()
Message-ID: <20180106225212.s3xa7disqmsfw7ob@salvia>
References: <20171228084854.247843-1-dvyukov@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20171228084854.247843-1-dvyukov@google.com>
User-Agent: NeoMutt/20170113 (1.7.2)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Thu, Dec 28, 2017 at 09:48:54AM +0100, Dmitry Vyukov wrote:
> syzkaller triggered OOM kills by passing ipt_replace.size = -1
> to IPT_SO_SET_REPLACE. The root cause is that SMP_ALIGN() in
> xt_alloc_table_info() causes int overflow and the size check passes
> when it should not. SMP_ALIGN() is no longer needed leftover.
> 
> Remove SMP_ALIGN() call in xt_alloc_table_info().

Applied, thanks.