On Thu, Dec 17, 2020 at 11:53:40AM +0300, Vasily Averin wrote:
> currently mtype_resize() can cause oops
>
> t = ip_set_alloc(htable_size(htable_bits));
> if (!t) {
> ret = -ENOMEM;
> goto out;
> }
> t->hregion = ip_set_alloc(ahash_sizeof_regions(htable_bits));
>
> Increased htable_bits can force htable_size() to return 0.
> In own turn ip_set_alloc(0) returns not 0 but ZERO_SIZE_PTR,
> so follwoing access to t->hregion should trigger an OOPS.
Applied, thanks.
