diff options
| -rw-r--r-- | arch/arm/net/bpf_jit_32.c | 1 | ||||
| -rw-r--r-- | arch/powerpc/net/bpf_jit_comp.c | 1 | ||||
| -rw-r--r-- | arch/s390/net/bpf_jit_comp.c | 4 | ||||
| -rw-r--r-- | arch/sparc/net/bpf_jit_comp.c | 1 | ||||
| -rw-r--r-- | arch/x86/net/bpf_jit_comp.c | 18 | ||||
| -rw-r--r-- | include/linux/filter.h | 15 | ||||
| -rw-r--r-- | include/net/sock.h | 6 | ||||
| -rw-r--r-- | net/core/filter.c | 8 |
8 files changed, 36 insertions, 18 deletions
diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c index f50d223a0bd3..99b44e0e8d86 100644 --- a/arch/arm/net/bpf_jit_32.c +++ b/arch/arm/net/bpf_jit_32.c | |||
| @@ -930,4 +930,5 @@ void bpf_jit_free(struct sk_filter *fp) | |||
| 930 | { | 930 | { |
| 931 | if (fp->bpf_func != sk_run_filter) | 931 | if (fp->bpf_func != sk_run_filter) |
| 932 | module_free(NULL, fp->bpf_func); | 932 | module_free(NULL, fp->bpf_func); |
| 933 | kfree(fp); | ||
| 933 | } | 934 | } |
diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c index bf56e33f8257..2345bdb4d917 100644 --- a/arch/powerpc/net/bpf_jit_comp.c +++ b/arch/powerpc/net/bpf_jit_comp.c | |||
| @@ -691,4 +691,5 @@ void bpf_jit_free(struct sk_filter *fp) | |||
| 691 | { | 691 | { |
| 692 | if (fp->bpf_func != sk_run_filter) | 692 | if (fp->bpf_func != sk_run_filter) |
| 693 | module_free(NULL, fp->bpf_func); | 693 | module_free(NULL, fp->bpf_func); |
| 694 | kfree(fp); | ||
| 694 | } | 695 | } |
diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index 709239285869..a5df511e27a2 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c | |||
| @@ -881,7 +881,9 @@ void bpf_jit_free(struct sk_filter *fp) | |||
| 881 | struct bpf_binary_header *header = (void *)addr; | 881 | struct bpf_binary_header *header = (void *)addr; |
| 882 | 882 | ||
| 883 | if (fp->bpf_func == sk_run_filter) | 883 | if (fp->bpf_func == sk_run_filter) |
| 884 | return; | 884 | goto free_filter; |
| 885 | set_memory_rw(addr, header->pages); | 885 | set_memory_rw(addr, header->pages); |
| 886 | module_free(NULL, header); | 886 | module_free(NULL, header); |
| 887 | free_filter: | ||
| 888 | kfree(fp); | ||
| 887 | } | 889 | } |
diff --git a/arch/sparc/net/bpf_jit_comp.c b/arch/sparc/net/bpf_jit_comp.c index 9c7be59e6f5a..218b6b23c378 100644 --- a/arch/sparc/net/bpf_jit_comp.c +++ b/arch/sparc/net/bpf_jit_comp.c | |||
| @@ -808,4 +808,5 @@ void bpf_jit_free(struct sk_filter *fp) | |||
| 808 | { | 808 | { |
| 809 | if (fp->bpf_func != sk_run_filter) | 809 | if (fp->bpf_func != sk_run_filter) |
| 810 | module_free(NULL, fp->bpf_func); | 810 | module_free(NULL, fp->bpf_func); |
| 811 | kfree(fp); | ||
| 811 | } | 812 | } |
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c index 79c216aa0e2b..516593e1ce33 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c | |||
| @@ -772,13 +772,21 @@ out: | |||
| 772 | return; | 772 | return; |
| 773 | } | 773 | } |
| 774 | 774 | ||
| 775 | static void bpf_jit_free_deferred(struct work_struct *work) | ||
| 776 | { | ||
| 777 | struct sk_filter *fp = container_of(work, struct sk_filter, work); | ||
| 778 | unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK; | ||
| 779 | struct bpf_binary_header *header = (void *)addr; | ||
| 780 | |||
| 781 | set_memory_rw(addr, header->pages); | ||
| 782 | module_free(NULL, header); | ||
| 783 | kfree(fp); | ||
| 784 | } | ||
| 785 | |||
| 775 | void bpf_jit_free(struct sk_filter *fp) | 786 | void bpf_jit_free(struct sk_filter *fp) |
| 776 | { | 787 | { |
| 777 | if (fp->bpf_func != sk_run_filter) { | 788 | if (fp->bpf_func != sk_run_filter) { |
| 778 | unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK; | 789 | INIT_WORK(&fp->work, bpf_jit_free_deferred); |
| 779 | struct bpf_binary_header *header = (void *)addr; | 790 | schedule_work(&fp->work); |
| 780 | |||
| 781 | set_memory_rw(addr, header->pages); | ||
| 782 | module_free(NULL, header); | ||
| 783 | } | 791 | } |
| 784 | } | 792 | } |
diff --git a/include/linux/filter.h b/include/linux/filter.h index a6ac84871d6d..ff4e40cd45b1 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h | |||
| @@ -6,6 +6,7 @@ | |||
| 6 | 6 | ||
| 7 | #include <linux/atomic.h> | 7 | #include <linux/atomic.h> |
| 8 | #include <linux/compat.h> | 8 | #include <linux/compat.h> |
| 9 | #include <linux/workqueue.h> | ||
| 9 | #include <uapi/linux/filter.h> | 10 | #include <uapi/linux/filter.h> |
| 10 | 11 | ||
| 11 | #ifdef CONFIG_COMPAT | 12 | #ifdef CONFIG_COMPAT |
| @@ -25,15 +26,19 @@ struct sk_filter | |||
| 25 | { | 26 | { |
| 26 | atomic_t refcnt; | 27 | atomic_t refcnt; |
| 27 | unsigned int len; /* Number of filter blocks */ | 28 | unsigned int len; /* Number of filter blocks */ |
| 29 | struct rcu_head rcu; | ||
| 28 | unsigned int (*bpf_func)(const struct sk_buff *skb, | 30 | unsigned int (*bpf_func)(const struct sk_buff *skb, |
| 29 | const struct sock_filter *filter); | 31 | const struct sock_filter *filter); |
| 30 | struct rcu_head rcu; | 32 | union { |
| 31 | struct sock_filter insns[0]; | 33 | struct sock_filter insns[0]; |
| 34 | struct work_struct work; | ||
| 35 | }; | ||
| 32 | }; | 36 | }; |
| 33 | 37 | ||
| 34 | static inline unsigned int sk_filter_len(const struct sk_filter *fp) | 38 | static inline unsigned int sk_filter_size(unsigned int proglen) |
| 35 | { | 39 | { |
| 36 | return fp->len * sizeof(struct sock_filter) + sizeof(*fp); | 40 | return max(sizeof(struct sk_filter), |
| 41 | offsetof(struct sk_filter, insns[proglen])); | ||
| 37 | } | 42 | } |
| 38 | 43 | ||
| 39 | extern int sk_filter(struct sock *sk, struct sk_buff *skb); | 44 | extern int sk_filter(struct sock *sk, struct sk_buff *skb); |
| @@ -67,11 +72,13 @@ static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen, | |||
| 67 | } | 72 | } |
| 68 | #define SK_RUN_FILTER(FILTER, SKB) (*FILTER->bpf_func)(SKB, FILTER->insns) | 73 | #define SK_RUN_FILTER(FILTER, SKB) (*FILTER->bpf_func)(SKB, FILTER->insns) |
| 69 | #else | 74 | #else |
| 75 | #include <linux/slab.h> | ||
| 70 | static inline void bpf_jit_compile(struct sk_filter *fp) | 76 | static inline void bpf_jit_compile(struct sk_filter *fp) |
| 71 | { | 77 | { |
| 72 | } | 78 | } |
| 73 | static inline void bpf_jit_free(struct sk_filter *fp) | 79 | static inline void bpf_jit_free(struct sk_filter *fp) |
| 74 | { | 80 | { |
| 81 | kfree(fp); | ||
| 75 | } | 82 | } |
| 76 | #define SK_RUN_FILTER(FILTER, SKB) sk_run_filter(SKB, FILTER->insns) | 83 | #define SK_RUN_FILTER(FILTER, SKB) sk_run_filter(SKB, FILTER->insns) |
| 77 | #endif | 84 | #endif |
diff --git a/include/net/sock.h b/include/net/sock.h index 1d37a8086bed..808cbc2ec6c1 100644 --- a/include/net/sock.h +++ b/include/net/sock.h | |||
| @@ -1630,16 +1630,14 @@ static inline void sk_filter_release(struct sk_filter *fp) | |||
| 1630 | 1630 | ||
| 1631 | static inline void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp) | 1631 | static inline void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp) |
| 1632 | { | 1632 | { |
| 1633 | unsigned int size = sk_filter_len(fp); | 1633 | atomic_sub(sk_filter_size(fp->len), &sk->sk_omem_alloc); |
| 1634 | |||
| 1635 | atomic_sub(size, &sk->sk_omem_alloc); | ||
| 1636 | sk_filter_release(fp); | 1634 | sk_filter_release(fp); |
| 1637 | } | 1635 | } |
| 1638 | 1636 | ||
| 1639 | static inline void sk_filter_charge(struct sock *sk, struct sk_filter *fp) | 1637 | static inline void sk_filter_charge(struct sock *sk, struct sk_filter *fp) |
| 1640 | { | 1638 | { |
| 1641 | atomic_inc(&fp->refcnt); | 1639 | atomic_inc(&fp->refcnt); |
| 1642 | atomic_add(sk_filter_len(fp), &sk->sk_omem_alloc); | 1640 | atomic_add(sk_filter_size(fp->len), &sk->sk_omem_alloc); |
| 1643 | } | 1641 | } |
| 1644 | 1642 | ||
| 1645 | /* | 1643 | /* |
diff --git a/net/core/filter.c b/net/core/filter.c index 6438f29ff266..01b780856db2 100644 --- a/net/core/filter.c +++ b/net/core/filter.c | |||
| @@ -644,7 +644,6 @@ void sk_filter_release_rcu(struct rcu_head *rcu) | |||
| 644 | struct sk_filter *fp = container_of(rcu, struct sk_filter, rcu); | 644 | struct sk_filter *fp = container_of(rcu, struct sk_filter, rcu); |
| 645 | 645 | ||
| 646 | bpf_jit_free(fp); | 646 | bpf_jit_free(fp); |
| 647 | kfree(fp); | ||
| 648 | } | 647 | } |
| 649 | EXPORT_SYMBOL(sk_filter_release_rcu); | 648 | EXPORT_SYMBOL(sk_filter_release_rcu); |
| 650 | 649 | ||
| @@ -683,7 +682,7 @@ int sk_unattached_filter_create(struct sk_filter **pfp, | |||
| 683 | if (fprog->filter == NULL) | 682 | if (fprog->filter == NULL) |
| 684 | return -EINVAL; | 683 | return -EINVAL; |
| 685 | 684 | ||
| 686 | fp = kmalloc(fsize + sizeof(*fp), GFP_KERNEL); | 685 | fp = kmalloc(sk_filter_size(fprog->len), GFP_KERNEL); |
| 687 | if (!fp) | 686 | if (!fp) |
| 688 | return -ENOMEM; | 687 | return -ENOMEM; |
| 689 | memcpy(fp->insns, fprog->filter, fsize); | 688 | memcpy(fp->insns, fprog->filter, fsize); |
| @@ -723,6 +722,7 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk) | |||
| 723 | { | 722 | { |
| 724 | struct sk_filter *fp, *old_fp; | 723 | struct sk_filter *fp, *old_fp; |
| 725 | unsigned int fsize = sizeof(struct sock_filter) * fprog->len; | 724 | unsigned int fsize = sizeof(struct sock_filter) * fprog->len; |
| 725 | unsigned int sk_fsize = sk_filter_size(fprog->len); | ||
| 726 | int err; | 726 | int err; |
| 727 | 727 | ||
| 728 | if (sock_flag(sk, SOCK_FILTER_LOCKED)) | 728 | if (sock_flag(sk, SOCK_FILTER_LOCKED)) |
| @@ -732,11 +732,11 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk) | |||
| 732 | if (fprog->filter == NULL) | 732 | if (fprog->filter == NULL) |
| 733 | return -EINVAL; | 733 | return -EINVAL; |
| 734 | 734 | ||
| 735 | fp = sock_kmalloc(sk, fsize+sizeof(*fp), GFP_KERNEL); | 735 | fp = sock_kmalloc(sk, sk_fsize, GFP_KERNEL); |
| 736 | if (!fp) | 736 | if (!fp) |
| 737 | return -ENOMEM; | 737 | return -ENOMEM; |
| 738 | if (copy_from_user(fp->insns, fprog->filter, fsize)) { | 738 | if (copy_from_user(fp->insns, fprog->filter, fsize)) { |
| 739 | sock_kfree_s(sk, fp, fsize+sizeof(*fp)); | 739 | sock_kfree_s(sk, fp, sk_fsize); |
| 740 | return -EFAULT; | 740 | return -EFAULT; |
| 741 | } | 741 | } |
| 742 | 742 | ||