diff options
| author | Eric Dumazet <edumazet@google.com> | 2014-07-12 09:49:16 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-07-14 02:27:41 -0400 |
| commit | ec31a05c4dfa95149b1754d9de92831a5a95c636 (patch) | |
| tree | 239b9a7ac53a864e45a9159faab20a4af077a489 | |
| parent | 66568b392539fc8224f4d7070a55d56e9d13c150 (diff) | |
net: filter: sk_chk_filter() no longer mangles filter
Add const attribute to filter argument to make clear it is no
longer modified.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/linux/filter.h | 2 | ||||
| -rw-r--r-- | net/core/filter.c | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/include/linux/filter.h b/include/linux/filter.h index b885dcb7eaca..c43c8258e682 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h | |||
| @@ -362,7 +362,7 @@ void sk_unattached_filter_destroy(struct sk_filter *fp); | |||
| 362 | int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk); | 362 | int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk); |
| 363 | int sk_detach_filter(struct sock *sk); | 363 | int sk_detach_filter(struct sock *sk); |
| 364 | 364 | ||
| 365 | int sk_chk_filter(struct sock_filter *filter, unsigned int flen); | 365 | int sk_chk_filter(const struct sock_filter *filter, unsigned int flen); |
| 366 | int sk_get_filter(struct sock *sk, struct sock_filter __user *filter, | 366 | int sk_get_filter(struct sock *sk, struct sock_filter __user *filter, |
| 367 | unsigned int len); | 367 | unsigned int len); |
| 368 | 368 | ||
diff --git a/net/core/filter.c b/net/core/filter.c index 87af1e3e56c0..b90ae7fb3b89 100644 --- a/net/core/filter.c +++ b/net/core/filter.c | |||
| @@ -1085,7 +1085,7 @@ err: | |||
| 1085 | * a cell if not previously written, and we check all branches to be sure | 1085 | * a cell if not previously written, and we check all branches to be sure |
| 1086 | * a malicious user doesn't try to abuse us. | 1086 | * a malicious user doesn't try to abuse us. |
| 1087 | */ | 1087 | */ |
| 1088 | static int check_load_and_stores(struct sock_filter *filter, int flen) | 1088 | static int check_load_and_stores(const struct sock_filter *filter, int flen) |
| 1089 | { | 1089 | { |
| 1090 | u16 *masks, memvalid = 0; /* One bit per cell, 16 cells */ | 1090 | u16 *masks, memvalid = 0; /* One bit per cell, 16 cells */ |
| 1091 | int pc, ret = 0; | 1091 | int pc, ret = 0; |
| @@ -1218,7 +1218,7 @@ static bool chk_code_allowed(u16 code_to_probe) | |||
| 1218 | * | 1218 | * |
| 1219 | * Returns 0 if the rule set is legal or -EINVAL if not. | 1219 | * Returns 0 if the rule set is legal or -EINVAL if not. |
| 1220 | */ | 1220 | */ |
| 1221 | int sk_chk_filter(struct sock_filter *filter, unsigned int flen) | 1221 | int sk_chk_filter(const struct sock_filter *filter, unsigned int flen) |
| 1222 | { | 1222 | { |
| 1223 | bool anc_found; | 1223 | bool anc_found; |
| 1224 | int pc; | 1224 | int pc; |
| @@ -1228,7 +1228,7 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen) | |||
| 1228 | 1228 | ||
| 1229 | /* Check the filter code now */ | 1229 | /* Check the filter code now */ |
| 1230 | for (pc = 0; pc < flen; pc++) { | 1230 | for (pc = 0; pc < flen; pc++) { |
| 1231 | struct sock_filter *ftest = &filter[pc]; | 1231 | const struct sock_filter *ftest = &filter[pc]; |
| 1232 | 1232 | ||
| 1233 | /* May we actually operate on this code? */ | 1233 | /* May we actually operate on this code? */ |
| 1234 | if (!chk_code_allowed(ftest->code)) | 1234 | if (!chk_code_allowed(ftest->code)) |