On Fri, Aug 14, 2015 at 1:03 PM, Alexei Starovoitov <a...@plumgrid.com> wrote:
> On 8/14/15 8:50 AM, Willem de Bruijn wrote:
>>
>> +static int fanout_set_data_ebpf(struct packet_fanout *f, char __user
>> *data,
>> + unsigned int len)
>> +{
>> + struct bpf_prog *new;
>> + u32 fd;
>> +
>> + if (len != sizeof(fd))
>> + return -EINVAL;
>> + if (copy_from_user(&fd, data, len))
>> + return -EFAULT;
>> +
>> + new = bpf_prog_get(fd);
>> + if (IS_ERR(new))
>> + return PTR_ERR(new);
>> +
>> + __fanout_set_data_bpf(f, new);
>> + return 0;
>> +}
>
>
> all looks great except in the above the check:
> if (new->type != BPF_PROG_TYPE_SOCKET_FILTER) {
> bpf_prog_put(new);
> return -EINVAL;
> }
> is missing. Otherwise user will be able to attach programs
> of wrong types to fanout.
Ai, good point!
> Also instead of:
> #define PACKET_FANOUT_BPF 6
> #define PACKET_FANOUT_EBPF 7
>
> I would call them FANOUT_CBPF and FANOUT_EBPF to be unambiguous.
> This is how bpf manpage distinguishes them.
>
Sounds good. I'll make both changes in v2. Thanks for reviewing, Alexei.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
