On 8/14/15 8:50 AM, Willem de Bruijn wrote:
+static int fanout_set_data_ebpf(struct packet_fanout *f, char __user *data,
+ unsigned int len)
+{
+ struct bpf_prog *new;
+ u32 fd;
+
+ if (len != sizeof(fd))
+ return -EINVAL;
+ if (copy_from_user(&fd, data, len))
+ return -EFAULT;
+
+ new = bpf_prog_get(fd);
+ if (IS_ERR(new))
+ return PTR_ERR(new);
+
+ __fanout_set_data_bpf(f, new);
+ return 0;
+}
all looks great except in the above the check:
if (new->type != BPF_PROG_TYPE_SOCKET_FILTER) {
bpf_prog_put(new);
return -EINVAL;
}
is missing. Otherwise user will be able to attach programs
of wrong types to fanout.
Also instead of:
#define PACKET_FANOUT_BPF 6
#define PACKET_FANOUT_EBPF 7
I would call them FANOUT_CBPF and FANOUT_EBPF to be unambiguous.
This is how bpf manpage distinguishes them.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
