git: a79e2278c58e - main - ipf: copy{in,out}ptr -> ipf_copy{in,out}_indirect

Brooks Davis Fri, 19 Dec 2025 07:59:30 -0800

The branch main has been updated by brooks:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=a79e2278c58e1c59e12fbf39b5b3bf36629bfc87


commit a79e2278c58e1c59e12fbf39b5b3bf36629bfc87
Author:     Brooks Davis <[email protected]>
AuthorDate: 2025-12-19 15:59:08 +0000
Commit:     Brooks Davis <[email protected]>
CommitDate: 2025-12-19 15:59:08 +0000

    ipf: copy{in,out}ptr -> ipf_copy{in,out}_indirect
    
    These functions take the source or destintation address indirectly from
    a potentially missaligned buffer.  Rename them to refect this and to
    free up the copy{in,out}ptr names.
    
    Some of the code in question is dead code and doesn't or won't compile,
    but I've changed it all for consistency.
    
    NB: If the pointers are actually stored under aligned then this code is
    broken with CHERI.
    
    Reviewed by:    cy
    Effort:         CHERI upstreaming
    Sponsored by:   Innovate UK
    Differential Revision:  https://reviews.freebsd.org/D54232
---
 sbin/ipf/ipftest/ip_fil.c               | 4 ++--
 sbin/ipf/libipf/interror.c              | 4 ++--
 sys/netpfil/ipfilter/netinet/fil.c      | 8 ++++----
 sys/netpfil/ipfilter/netinet/ip_auth.c  | 5 +++--
 sys/netpfil/ipfilter/netinet/ip_fil.h   | 5 +++--
 sys/netpfil/ipfilter/netinet/ip_proxy.c | 4 ++--
 sys/netpfil/ipfilter/netinet/ip_scan.c  | 4 ++--
 7 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/sbin/ipf/ipftest/ip_fil.c b/sbin/ipf/ipftest/ip_fil.c
index 6df3bed8224e..72816a73327e 100644
--- a/sbin/ipf/ipftest/ip_fil.c
+++ b/sbin/ipf/ipftest/ip_fil.c
@@ -619,7 +619,7 @@ ipf_checkv6sum(fin)
  * See above for description, except that all addressing is in user space.
  */
 int
-copyoutptr(softc, src, dst, size)
+ipf_copyout_indirect(softc, src, dst, size)
        void *src, *dst;
        size_t size;
 {
@@ -635,7 +635,7 @@ copyoutptr(softc, src, dst, size)
  * See above for description, except that all addressing is in user space.
  */
 int
-copyinptr(src, dst, size)
+ipf_copyin_indirect(src, dst, size)
        void *src, *dst;
        size_t size;
 {
diff --git a/sbin/ipf/libipf/interror.c b/sbin/ipf/libipf/interror.c
index a7e6f4a5e431..98f550b5e3ff 100644
--- a/sbin/ipf/libipf/interror.c
+++ b/sbin/ipf/libipf/interror.c
@@ -28,8 +28,8 @@ static ipf_error_entry_t *find_error(int);
 static ipf_error_entry_t ipf_errors[] = {
        {       1,      "auth table locked/full" },
        {       2,      "" },
-       {       3,      "copyinptr received bad address" },
-       {       4,      "copyoutptr received bad address" },
+       {       3,      "ipf_copyin_indirect received bad address" },
+       {       4,      "ipf_copyout_indirect received bad address" },
        {       5,      "" },
        {       6,      "cannot load a rule with FR_T_BUILTIN flag set" },
        {       7,      "internal rule without FR_T_BUILDINT flag set" },
diff --git a/sys/netpfil/ipfilter/netinet/fil.c 
b/sys/netpfil/ipfilter/netinet/fil.c
index 242affeff000..f8b8ffec7bdd 100644
--- a/sys/netpfil/ipfilter/netinet/fil.c
+++ b/sys/netpfil/ipfilter/netinet/fil.c
@@ -4051,7 +4051,7 @@ ipf_sync(ipf_main_softc_t *softc, void *ifp)
  * end up being unaligned) and on the kernel's local stack.
  */
 /* ------------------------------------------------------------------------ */
-/* Function:    copyinptr                                                   */
+/* Function:    ipf_copyin_indirect                                         */
 /* Returns:     int - 0 = success, else failure                             */
 /* Parameters:  src(I)  - pointer to the source address                     */
 /*              dst(I)  - destination address                               */
@@ -4062,7 +4062,7 @@ ipf_sync(ipf_main_softc_t *softc, void *ifp)
 /* NB: src - pointer to user space pointer, dst - kernel space pointer      */
 /* ------------------------------------------------------------------------ */
 int
-copyinptr(ipf_main_softc_t *softc, void *src, void *dst, size_t size)
+ipf_copyin_indirect(ipf_main_softc_t *softc, void *src, void *dst, size_t size)
 {
        caddr_t ca;
        int error;
@@ -4084,7 +4084,7 @@ copyinptr(ipf_main_softc_t *softc, void *src, void *dst, 
size_t size)
 
 
 /* ------------------------------------------------------------------------ */
-/* Function:    copyoutptr                                                  */
+/* Function:    ipf_copyout_indirect                                        */
 /* Returns:     int - 0 = success, else failure                             */
 /* Parameters:  src(I)  - pointer to the source address                     */
 /*              dst(I)  - destination address                               */
@@ -4095,7 +4095,7 @@ copyinptr(ipf_main_softc_t *softc, void *src, void *dst, 
size_t size)
 /* NB: src - kernel space pointer, dst - pointer to user space pointer.     */
 /* ------------------------------------------------------------------------ */
 int
-copyoutptr(ipf_main_softc_t *softc, void *src, void *dst, size_t size)
+ipf_copyout_indirect(ipf_main_softc_t *softc, void *src, void *dst, size_t 
size)
 {
        caddr_t ca;
        int error;
diff --git a/sys/netpfil/ipfilter/netinet/ip_auth.c 
b/sys/netpfil/ipfilter/netinet/ip_auth.c
index 13ae4d8ae54a..1611e7596623 100644
--- a/sys/netpfil/ipfilter/netinet/ip_auth.c
+++ b/sys/netpfil/ipfilter/netinet/ip_auth.c
@@ -1015,8 +1015,9 @@ ipf_auth_ioctlloop:
 
                        for (t = auth.fra_buf; m && (len > 0); ) {
                                i = MIN(M_LEN(m), len);
-                               error = copyoutptr(softc, MTOD(m, char *),
-                                                  &t, i);
+                               error = ipf_copyout_indirect(softc,
+                                                            MTOD(m, char *),
+                                                            &t, i);
                                len -= i;
                                t += i;
                                if (error != 0) {
diff --git a/sys/netpfil/ipfilter/netinet/ip_fil.h 
b/sys/netpfil/ipfilter/netinet/ip_fil.h
index 24d4f9695322..81ad50373fe9 100644
--- a/sys/netpfil/ipfilter/netinet/ip_fil.h
+++ b/sys/netpfil/ipfilter/netinet/ip_fil.h
@@ -1679,8 +1679,9 @@ extern    char    *getifname(struct ifnet *);
 extern int     ipfattach(ipf_main_softc_t *);
 extern int     ipfdetach(ipf_main_softc_t *);
 extern u_short ipf_cksum(u_short *, int);
-extern int     copyinptr(ipf_main_softc_t *, void *, void *, size_t);
-extern int     copyoutptr(ipf_main_softc_t *, void *, void *, size_t);
+extern int     ipf_copyin_indirect(ipf_main_softc_t *, void *, void *, size_t);
+extern int     ipf_copyout_indirect(ipf_main_softc_t *, void *, void *,
+                                         size_t);
 extern int     ipf_fastroute(mb_t *, mb_t **, fr_info_t *, frdest_t *);
 extern int     ipf_inject(fr_info_t *, mb_t *);
 extern int     ipf_inobj(ipf_main_softc_t *, void *, ipfobj_t *,
diff --git a/sys/netpfil/ipfilter/netinet/ip_proxy.c 
b/sys/netpfil/ipfilter/netinet/ip_proxy.c
index 9fb6dbd2a9e1..c084b97c23d9 100644
--- a/sys/netpfil/ipfilter/netinet/ip_proxy.c
+++ b/sys/netpfil/ipfilter/netinet/ip_proxy.c
@@ -700,8 +700,8 @@ ipf_proxy_ioctl(ipf_main_softc_t *softc, caddr_t data, 
ioctlcmd_t cmd,
                                IPFERROR(80003);
                                error = ENOMEM;
                        } else {
-                               error = copyinptr(softc, ctl.apc_data, ptr,
-                                                 ctl.apc_dsize);
+                               error = ipf_copyin_indirect(softc, ctl.apc_data,
+                                                           ptr, ctl.apc_dsize);
                                if (error == 0)
                                        ctl.apc_data = ptr;
                        }
diff --git a/sys/netpfil/ipfilter/netinet/ip_scan.c 
b/sys/netpfil/ipfilter/netinet/ip_scan.c
index 744824bdb325..89d2fca855a3 100644
--- a/sys/netpfil/ipfilter/netinet/ip_scan.c
+++ b/sys/netpfil/ipfilter/netinet/ip_scan.c
@@ -106,7 +106,7 @@ ipf_scan_add(caddr_t data)
                return (ENOMEM);
        }
 
-       err = copyinptr(data, isc, sizeof(*isc));
+       err = ipf_copyin_indirect(data, isc, sizeof(*isc));
        if (err) {
                KFREE(isc);
                return (err);
@@ -150,7 +150,7 @@ ipf_scan_remove(caddr_t data)
        ipscan_t isc, *i;
        int err;
 
-       err = copyinptr(data, &isc, sizeof(isc));
+       err = ipf_copyin_indirect(data, &isc, sizeof(isc));
        if (err)
                return (err);

git: a79e2278c58e - main - ipf: copy{in,out}ptr -> ipf_copy{in,out}_indirect

Reply via email to