netfilter: nftables: avoid overflows in nft_hash_buckets()

[linux-2.6-microblaze.git] / net / netfilter / nft_set_hash.c

diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index 58f576a..328f2ce 100644 (file)
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -412,9 +412,17 @@ static void nft_rhash_destroy(const struct nft_set *set)
                                    (void *)set);
 }
 
+/* Number of buckets is stored in u32, so cap our result to 1U<<31 */
+#define NFT_MAX_BUCKETS (1U << 31)
+
 static u32 nft_hash_buckets(u32 size)
 {
-       return roundup_pow_of_two(size * 4 / 3);
+       u64 val = div_u64((u64)size * 4, 3);
+
+       if (val >= NFT_MAX_BUCKETS)
+               return NFT_MAX_BUCKETS;
+
+       return roundup_pow_of_two(val);
 }
 
 static bool nft_rhash_estimate(const struct nft_set_desc *desc, u32 features,