aboutsummaryrefslogtreecommitdiffstats
path: root/net/sched/cls_u32.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/sched/cls_u32.c')
-rw-r--r--net/sched/cls_u32.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index d5d2a6dc3921..f218ccf1e2d9 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -914,6 +914,7 @@ static int u32_change(struct net *net, struct sk_buff *in_skb,
914 struct nlattr *opt = tca[TCA_OPTIONS]; 914 struct nlattr *opt = tca[TCA_OPTIONS];
915 struct nlattr *tb[TCA_U32_MAX + 1]; 915 struct nlattr *tb[TCA_U32_MAX + 1];
916 u32 htid, flags = 0; 916 u32 htid, flags = 0;
917 size_t sel_size;
917 int err; 918 int err;
918#ifdef CONFIG_CLS_U32_PERF 919#ifdef CONFIG_CLS_U32_PERF
919 size_t size; 920 size_t size;
@@ -1076,8 +1077,13 @@ static int u32_change(struct net *net, struct sk_buff *in_skb,
1076 } 1077 }
1077 1078
1078 s = nla_data(tb[TCA_U32_SEL]); 1079 s = nla_data(tb[TCA_U32_SEL]);
1080 sel_size = struct_size(s, keys, s->nkeys);
1081 if (nla_len(tb[TCA_U32_SEL]) < sel_size) {
1082 err = -EINVAL;
1083 goto erridr;
1084 }
1079 1085
1080 n = kzalloc(sizeof(*n) + s->nkeys*sizeof(struct tc_u32_key), GFP_KERNEL); 1086 n = kzalloc(offsetof(typeof(*n), sel) + sel_size, GFP_KERNEL);
1081 if (n == NULL) { 1087 if (n == NULL) {
1082 err = -ENOBUFS; 1088 err = -ENOBUFS;
1083 goto erridr; 1089 goto erridr;
@@ -1092,7 +1098,7 @@ static int u32_change(struct net *net, struct sk_buff *in_skb,
1092 } 1098 }
1093#endif 1099#endif
1094 1100
1095 memcpy(&n->sel, s, sizeof(*s) + s->nkeys*sizeof(struct tc_u32_key)); 1101 memcpy(&n->sel, s, sel_size);
1096 RCU_INIT_POINTER(n->ht_up, ht); 1102 RCU_INIT_POINTER(n->ht_up, ht);
1097 n->handle = handle; 1103 n->handle = handle;
1098 n->fshift = s->hmask ? ffs(ntohl(s->hmask)) - 1 : 0; 1104 n->fshift = s->hmask ? ffs(ntohl(s->hmask)) - 1 : 0;
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-11 22:43:15 -0400