leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netfilter: switch xt_copy_counters to sockptr_t

Browse Source 
Pass a sockptr_t to prepare for set_fs-less handling of the kernel
pointer from bpf-cgroup.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Christoph Hellwig 2020-07-23 08:08:53 +02:00 committed by David S. Miller
parent 7e4b9dbabb
commit ab214d1bf8
5 changed files with 21 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/linux/netfilter/x_tables.h
View File

@ -301,7 +301,7 @@ int xt_target_to_user(const struct xt_entry_target *t,
int xt_data_to_user(void __user *dst, const void *src, int xt_data_to_user(void __user *dst, const void *src,
int usersize, int size, int aligned_size); int usersize, int size, int aligned_size);
void *xt_copy_counters_from_user(const void __user *user, unsigned int len, void *xt_copy_counters(sockptr_t arg, unsigned int len,
struct xt_counters_info *info); struct xt_counters_info *info);
struct xt_counters *xt_counters_alloc(unsigned int counters); struct xt_counters *xt_counters_alloc(unsigned int counters);

7
net/ipv4/netfilter/arp_tables.c
View File

@ -996,8 +996,7 @@ static int do_replace(struct net *net, const void __user *user,
return ret; return ret;
} }
static int do_add_counters(struct net *net, const void __user *user, static int do_add_counters(struct net *net, sockptr_t arg, unsigned int len)
unsigned int len)
{ {
unsigned int i; unsigned int i;
struct xt_counters_info tmp; struct xt_counters_info tmp;
@ -1008,7 +1007,7 @@ static int do_add_counters(struct net *net, const void __user *user,
struct arpt_entry *iter; struct arpt_entry *iter;
unsigned int addend; unsigned int addend;
paddc = xt_copy_counters_from_user(user, len, &tmp); paddc = xt_copy_counters(arg, len, &tmp);
if (IS_ERR(paddc)) if (IS_ERR(paddc))
return PTR_ERR(paddc); return PTR_ERR(paddc);
@ -1420,7 +1419,7 @@ static int do_arpt_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned
break; break;
case ARPT_SO_SET_ADD_COUNTERS: case ARPT_SO_SET_ADD_COUNTERS:
ret = do_add_counters(sock_net(sk), user, len); ret = do_add_counters(sock_net(sk), USER_SOCKPTR(user), len);
break; break;
default: default:

7
net/ipv4/netfilter/ip_tables.c
View File

@ -1151,8 +1151,7 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
} }
static int static int
do_add_counters(struct net *net, const void __user *user, do_add_counters(struct net *net, sockptr_t arg, unsigned int len)
unsigned int len)
{ {
unsigned int i; unsigned int i;
struct xt_counters_info tmp; struct xt_counters_info tmp;
@ -1163,7 +1162,7 @@ do_add_counters(struct net *net, const void __user *user,
struct ipt_entry *iter; struct ipt_entry *iter;
unsigned int addend; unsigned int addend;
paddc = xt_copy_counters_from_user(user, len, &tmp); paddc = xt_copy_counters(arg, len, &tmp);
if (IS_ERR(paddc)) if (IS_ERR(paddc))
return PTR_ERR(paddc); return PTR_ERR(paddc);
@ -1629,7 +1628,7 @@ do_ipt_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
break; break;
case IPT_SO_SET_ADD_COUNTERS: case IPT_SO_SET_ADD_COUNTERS:
ret = do_add_counters(sock_net(sk), user, len); ret = do_add_counters(sock_net(sk), USER_SOCKPTR(user), len);
break; break;
default: default:

6
net/ipv6/netfilter/ip6_tables.c
View File

@ -1168,7 +1168,7 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
} }
static int static int
do_add_counters(struct net *net, const void __user *user, unsigned int len) do_add_counters(struct net *net, sockptr_t arg, unsigned int len)
{ {
unsigned int i; unsigned int i;
struct xt_counters_info tmp; struct xt_counters_info tmp;
@ -1179,7 +1179,7 @@ do_add_counters(struct net *net, const void __user *user, unsigned int len)
struct ip6t_entry *iter; struct ip6t_entry *iter;
unsigned int addend; unsigned int addend;
paddc = xt_copy_counters_from_user(user, len, &tmp); paddc = xt_copy_counters(arg, len, &tmp);
if (IS_ERR(paddc)) if (IS_ERR(paddc))
return PTR_ERR(paddc); return PTR_ERR(paddc);
t = xt_find_table_lock(net, AF_INET6, tmp.name); t = xt_find_table_lock(net, AF_INET6, tmp.name);
@ -1637,7 +1637,7 @@ do_ip6t_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
break; break;
case IP6T_SO_SET_ADD_COUNTERS: case IP6T_SO_SET_ADD_COUNTERS:
ret = do_add_counters(sock_net(sk), user, len); ret = do_add_counters(sock_net(sk), USER_SOCKPTR(user), len);
break; break;
default: default:

18
net/netfilter/x_tables.c
View File

@ -1028,9 +1028,9 @@ int xt_check_target(struct xt_tgchk_param *par,
EXPORT_SYMBOL_GPL(xt_check_target); EXPORT_SYMBOL_GPL(xt_check_target);
/** /**
* xt_copy_counters_from_user - copy counters and metadata from userspace * xt_copy_counters - copy counters and metadata from a sockptr_t
* *
* @user: src pointer to userspace memory * @arg: src sockptr
* @len: alleged size of userspace memory * @len: alleged size of userspace memory
* @info: where to store the xt_counters_info metadata * @info: where to store the xt_counters_info metadata
* *
@ -1047,7 +1047,7 @@ EXPORT_SYMBOL_GPL(xt_check_target);
* Return: returns pointer that caller has to test via IS_ERR(). * Return: returns pointer that caller has to test via IS_ERR().
* If IS_ERR is false, caller has to vfree the pointer. * If IS_ERR is false, caller has to vfree the pointer.
*/ */
void *xt_copy_counters_from_user(const void __user *user, unsigned int len, void *xt_copy_counters(sockptr_t arg, unsigned int len,
struct xt_counters_info *info) struct xt_counters_info *info)
{ {
void *mem; void *mem;
@ -1062,12 +1062,12 @@ void *xt_copy_counters_from_user(const void __user *user, unsigned int len,
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
len -= sizeof(compat_tmp); len -= sizeof(compat_tmp);
if (copy_from_user(&compat_tmp, user, sizeof(compat_tmp)) != 0) if (copy_from_sockptr(&compat_tmp, arg, sizeof(compat_tmp)) != 0)
return ERR_PTR(-EFAULT); return ERR_PTR(-EFAULT);
memcpy(info->name, compat_tmp.name, sizeof(info->name) - 1); memcpy(info->name, compat_tmp.name, sizeof(info->name) - 1);
info->num_counters = compat_tmp.num_counters; info->num_counters = compat_tmp.num_counters;
user += sizeof(compat_tmp); sockptr_advance(arg, sizeof(compat_tmp));
} else } else
#endif #endif
{ {
@ -1075,10 +1075,10 @@ void *xt_copy_counters_from_user(const void __user *user, unsigned int len,
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
len -= sizeof(*info); len -= sizeof(*info);
if (copy_from_user(info, user, sizeof(*info)) != 0) if (copy_from_sockptr(info, arg, sizeof(*info)) != 0)
return ERR_PTR(-EFAULT); return ERR_PTR(-EFAULT);
user += sizeof(*info); sockptr_advance(arg, sizeof(*info));
} }
info->name[sizeof(info->name) - 1] = '\0'; info->name[sizeof(info->name) - 1] = '\0';
@ -1092,13 +1092,13 @@ void *xt_copy_counters_from_user(const void __user *user, unsigned int len,
if (!mem) if (!mem)
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
if (copy_from_user(mem, user, len) == 0) if (copy_from_sockptr(mem, arg, len) == 0)
return mem; return mem;
vfree(mem); vfree(mem);
return ERR_PTR(-EFAULT); return ERR_PTR(-EFAULT);
} }
EXPORT_SYMBOL_GPL(xt_copy_counters_from_user); EXPORT_SYMBOL_GPL(xt_copy_counters);
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
int xt_compat_target_offset(const struct xt_target *target) int xt_compat_target_offset(const struct xt_target *target)