diff options
| -rw-r--r-- | net/core/filter.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/net/core/filter.c b/net/core/filter.c index fcd3f6742a6a..647b12265e18 100644 --- a/net/core/filter.c +++ b/net/core/filter.c | |||
| @@ -51,9 +51,9 @@ | |||
| 51 | * @skb: buffer to filter | 51 | * @skb: buffer to filter |
| 52 | * | 52 | * |
| 53 | * Run the filter code and then cut skb->data to correct size returned by | 53 | * Run the filter code and then cut skb->data to correct size returned by |
| 54 | * sk_run_filter. If pkt_len is 0 we toss packet. If skb->len is smaller | 54 | * SK_RUN_FILTER. If pkt_len is 0 we toss packet. If skb->len is smaller |
| 55 | * than pkt_len we keep whole skb->data. This is the socket level | 55 | * than pkt_len we keep whole skb->data. This is the socket level |
| 56 | * wrapper to sk_run_filter. It returns 0 if the packet should | 56 | * wrapper to SK_RUN_FILTER. It returns 0 if the packet should |
| 57 | * be accepted or -EPERM if the packet should be tossed. | 57 | * be accepted or -EPERM if the packet should be tossed. |
| 58 | * | 58 | * |
| 59 | */ | 59 | */ |
| @@ -566,11 +566,8 @@ err: | |||
| 566 | 566 | ||
| 567 | /* Security: | 567 | /* Security: |
| 568 | * | 568 | * |
| 569 | * A BPF program is able to use 16 cells of memory to store intermediate | ||
| 570 | * values (check u32 mem[BPF_MEMWORDS] in sk_run_filter()). | ||
| 571 | * | ||
| 572 | * As we dont want to clear mem[] array for each packet going through | 569 | * As we dont want to clear mem[] array for each packet going through |
| 573 | * sk_run_filter(), we check that filter loaded by user never try to read | 570 | * __bpf_prog_run(), we check that filter loaded by user never try to read |
| 574 | * a cell if not previously written, and we check all branches to be sure | 571 | * a cell if not previously written, and we check all branches to be sure |
| 575 | * a malicious user doesn't try to abuse us. | 572 | * a malicious user doesn't try to abuse us. |
| 576 | */ | 573 | */ |