forked from Minki/linux
bpfilter: reject kernel addresses
The bpfilter user mode helper processes the optval address using process_vm_readv. Don't send it kernel addresses fed under set_fs(KERNEL_DS) as that won't work. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
c9ffebdde8
commit
d200cf624c
@ -70,6 +70,10 @@ static int bpfilter_process_sockopt(struct sock *sk, int optname,
|
||||
.addr = (uintptr_t)optval,
|
||||
.len = optlen,
|
||||
};
|
||||
if (uaccess_kernel()) {
|
||||
pr_err("kernel access not supported\n");
|
||||
return -EFAULT;
|
||||
}
|
||||
return bpfilter_send_req(&req);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user