diff options
author | David S. Miller <davem@davemloft.net> | 2015-01-26 15:50:24 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-01-26 15:50:24 -0800 |
commit | b6663ad702d63f44ec7af01f34fbfb34abdd13a6 (patch) | |
tree | 8d640016c0d8f2edd82147c2c24694f0f0ea3bd0 | |
parent | 9e79ce66c6e930e815e1d3ad3b875b56dbe99c46 (diff) | |
parent | 3f2ab135946dcd4eb6af92a53d6d4bd35e7526ca (diff) |
Merge branch 'cls_bpf'
Daniel Borkmann says:
====================
Two cls_bpf fixes
Found them while doing a review on act_bpf and going over the
cls_bpf code again. Will also address the first issue in act_bpf
as it needs to be fixed there, too.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/sched/cls_bpf.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/net/sched/cls_bpf.c b/net/sched/cls_bpf.c index 84c8219c3e1c..f59adf8a4cd7 100644 --- a/net/sched/cls_bpf.c +++ b/net/sched/cls_bpf.c @@ -180,6 +180,11 @@ static int cls_bpf_modify_existing(struct net *net, struct tcf_proto *tp, } bpf_size = bpf_len * sizeof(*bpf_ops); + if (bpf_size != nla_len(tb[TCA_BPF_OPS])) { + ret = -EINVAL; + goto errout; + } + bpf_ops = kzalloc(bpf_size, GFP_KERNEL); if (bpf_ops == NULL) { ret = -ENOMEM; @@ -215,15 +220,21 @@ static u32 cls_bpf_grab_new_handle(struct tcf_proto *tp, struct cls_bpf_head *head) { unsigned int i = 0x80000000; + u32 handle; do { if (++head->hgen == 0x7FFFFFFF) head->hgen = 1; } while (--i > 0 && cls_bpf_get(tp, head->hgen)); - if (i == 0) + + if (unlikely(i == 0)) { pr_err("Insufficient number of handles\n"); + handle = 0; + } else { + handle = head->hgen; + } - return i; + return handle; } static int cls_bpf_change(struct net *net, struct sk_buff *in_skb, |