Commit 7064a6da authored Nov 26, 2024 by Pablo Neira Ayuso Committed by Greg Kroah-Hartman Dec 14, 2024

netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level



[ Upstream commit b7529880 ]

cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to
restrict this maximum depth to a more reasonable value not to harm
performance. Remove unnecessary WARN_ON_ONCE which is reachable from
userspace.

Fixes: 7f3287db ("netfilter: nft_socket: make cgroupsv2 matching work with namespaces")
Reported-by:  <syzbot+57bac0866ddd99fe47c0@syzkaller.appspotmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent ab991632

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 2f2e115e
· Nov 05, 2025

mentioned in commit 2f2e115e

mentioned in commit 2f2e115eecbda0de5d89f4303e8ae41018a36991

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 2f2e115e
· Nov 05, 2025

mentioned in commit 2f2e115e

mentioned in commit 2f2e115eecbda0de5d89f4303e8ae41018a36991

Toggle commit list

Please to comment