From: Christoph Hellwig <hch at lst.de> To: mptcp at lists.01.org Subject: [MPTCP] [PATCH 10/22] netfilter/ebtables: clean up compat {get, set}sockopt handling Date: Fri, 17 Jul 2020 08:23:19 +0200 [thread overview] Message-ID: <20200717062331.691152-11-hch@lst.de> (raw) In-Reply-To: 20200717062331.691152-1-hch@lst.de [-- Attachment #1: Type: text/plain, Size: 6724 bytes --] Merge the native and compat {get,set}sockopt handlers using in_compat_syscall(). Note that this required moving a fair amout of code around to be done sanely. Signed-off-by: Christoph Hellwig <hch(a)lst.de> --- net/bridge/netfilter/ebtables.c | 214 +++++++++++++++----------------- 1 file changed, 98 insertions(+), 116 deletions(-) diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index c83ffe9121639c..fe13108af1f542 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1451,86 +1451,6 @@ static int copy_everything_to_user(struct ebt_table *t, void __user *user, ebt_entry_to_user, entries, tmp.entries); } -static int do_ebt_set_ctl(struct sock *sk, - int cmd, void __user *user, unsigned int len) -{ - int ret; - struct net *net = sock_net(sk); - - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) - return -EPERM; - - switch (cmd) { - case EBT_SO_SET_ENTRIES: - ret = do_replace(net, user, len); - break; - case EBT_SO_SET_COUNTERS: - ret = update_counters(net, user, len); - break; - default: - ret = -EINVAL; - } - return ret; -} - -static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) -{ - int ret; - struct ebt_replace tmp; - struct ebt_table *t; - struct net *net = sock_net(sk); - - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) - return -EPERM; - - if (copy_from_user(&tmp, user, sizeof(tmp))) - return -EFAULT; - - tmp.name[sizeof(tmp.name) - 1] = '\0'; - - t = find_table_lock(net, tmp.name, &ret, &ebt_mutex); - if (!t) - return ret; - - switch (cmd) { - case EBT_SO_GET_INFO: - case EBT_SO_GET_INIT_INFO: - if (*len != sizeof(struct ebt_replace)) { - ret = -EINVAL; - mutex_unlock(&ebt_mutex); - break; - } - if (cmd == EBT_SO_GET_INFO) { - tmp.nentries = t->private->nentries; - tmp.entries_size = t->private->entries_size; - tmp.valid_hooks = t->valid_hooks; - } else { - tmp.nentries = t->table->nentries; - tmp.entries_size = t->table->entries_size; - tmp.valid_hooks = t->table->valid_hooks; - } - mutex_unlock(&ebt_mutex); - if (copy_to_user(user, &tmp, *len) != 0) { - ret = -EFAULT; - break; - } - ret = 0; - break; - - case EBT_SO_GET_ENTRIES: - case EBT_SO_GET_INIT_ENTRIES: - ret = copy_everything_to_user(t, user, len, cmd); - mutex_unlock(&ebt_mutex); - break; - - default: - mutex_unlock(&ebt_mutex); - ret = -EINVAL; - } - - return ret; -} - #ifdef CONFIG_COMPAT /* 32 bit-userspace compatibility definitions. */ struct compat_ebt_replace { @@ -2314,28 +2234,6 @@ static int compat_update_counters(struct net *net, void __user *user, hlp.num_counters, user, len); } -static int compat_do_ebt_set_ctl(struct sock *sk, - int cmd, void __user *user, unsigned int len) -{ - int ret; - struct net *net = sock_net(sk); - - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) - return -EPERM; - - switch (cmd) { - case EBT_SO_SET_ENTRIES: - ret = compat_do_replace(net, user, len); - break; - case EBT_SO_SET_COUNTERS: - ret = compat_update_counters(net, user, len); - break; - default: - ret = -EINVAL; - } - return ret; -} - static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) { @@ -2344,14 +2242,6 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, struct ebt_table *t; struct net *net = sock_net(sk); - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) - return -EPERM; - - /* try real handler in case userland supplied needed padding */ - if ((cmd == EBT_SO_GET_INFO || - cmd == EBT_SO_GET_INIT_INFO) && *len != sizeof(tmp)) - return do_ebt_get_ctl(sk, cmd, user, len); - if (copy_from_user(&tmp, user, sizeof(tmp))) return -EFAULT; @@ -2413,20 +2303,112 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, } #endif +static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) +{ + struct net *net = sock_net(sk); + struct ebt_replace tmp; + struct ebt_table *t; + int ret; + + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) + return -EPERM; + +#ifdef CONFIG_COMPAT + /* try real handler in case userland supplied needed padding */ + if (in_compat_syscall() && + ((cmd != EBT_SO_GET_INFO && cmd != EBT_SO_GET_INIT_INFO) || + *len != sizeof(tmp))) + return compat_do_ebt_get_ctl(sk, cmd, user, len); +#endif + + if (copy_from_user(&tmp, user, sizeof(tmp))) + return -EFAULT; + + tmp.name[sizeof(tmp.name) - 1] = '\0'; + + t = find_table_lock(net, tmp.name, &ret, &ebt_mutex); + if (!t) + return ret; + + switch (cmd) { + case EBT_SO_GET_INFO: + case EBT_SO_GET_INIT_INFO: + if (*len != sizeof(struct ebt_replace)) { + ret = -EINVAL; + mutex_unlock(&ebt_mutex); + break; + } + if (cmd == EBT_SO_GET_INFO) { + tmp.nentries = t->private->nentries; + tmp.entries_size = t->private->entries_size; + tmp.valid_hooks = t->valid_hooks; + } else { + tmp.nentries = t->table->nentries; + tmp.entries_size = t->table->entries_size; + tmp.valid_hooks = t->table->valid_hooks; + } + mutex_unlock(&ebt_mutex); + if (copy_to_user(user, &tmp, *len) != 0) { + ret = -EFAULT; + break; + } + ret = 0; + break; + + case EBT_SO_GET_ENTRIES: + case EBT_SO_GET_INIT_ENTRIES: + ret = copy_everything_to_user(t, user, len, cmd); + mutex_unlock(&ebt_mutex); + break; + + default: + mutex_unlock(&ebt_mutex); + ret = -EINVAL; + } + + return ret; +} + +static int do_ebt_set_ctl(struct sock *sk, int cmd, void __user *user, + unsigned int len) +{ + struct net *net = sock_net(sk); + int ret; + + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) + return -EPERM; + + switch (cmd) { + case EBT_SO_SET_ENTRIES: +#ifdef CONFIG_COMPAT + if (in_compat_syscall()) + ret = compat_do_replace(net, user, len); + else +#endif + ret = do_replace(net, user, len); + break; + case EBT_SO_SET_COUNTERS: +#ifdef CONFIG_COMPAT + if (in_compat_syscall()) + ret = compat_update_counters(net, user, len); + else +#endif + ret = update_counters(net, user, len); + break; + default: + ret = -EINVAL; + } + return ret; +} + static struct nf_sockopt_ops ebt_sockopts = { .pf = PF_INET, .set_optmin = EBT_BASE_CTL, .set_optmax = EBT_SO_SET_MAX + 1, .set = do_ebt_set_ctl, -#ifdef CONFIG_COMPAT - .compat_set = compat_do_ebt_set_ctl, -#endif .get_optmin = EBT_BASE_CTL, .get_optmax = EBT_SO_GET_MAX + 1, .get = do_ebt_get_ctl, -#ifdef CONFIG_COMPAT - .compat_get = compat_do_ebt_get_ctl, -#endif .owner = THIS_MODULE, }; -- 2.27.0
WARNING: multiple messages have this Message-ID
From: Christoph Hellwig <hch@lst.de> To: "David S. Miller" <davem@davemloft.net> Cc: Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, Chas Williams <3chas3@gmail.com>, Pablo Neira Ayuso <pablo@netfilter.org>, Jozsef Kadlecsik <kadlec@netfilter.org>, Florian Westphal <fw@strlen.de>, Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>, Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-sctp@vger.kernel.org, linux-arch@vger.kernel.org, linux-bluetooth@vger.kernel.org, bridge@lists.linux-foundation.org, linux-can@vger.kernel.org, dccp@vger.kernel.org, linux-wpan@vger.kernel.org, mptcp@lists.01.org Subject: [PATCH 10/22] netfilter/ebtables: clean up compat {get,set}sockopt handling Date: Fri, 17 Jul 2020 08:23:19 +0200 [thread overview] Message-ID: <20200717062331.691152-11-hch@lst.de> (raw) In-Reply-To: <20200717062331.691152-1-hch@lst.de> Merge the native and compat {get,set}sockopt handlers using in_compat_syscall(). Note that this required moving a fair amout of code around to be done sanely. Signed-off-by: Christoph Hellwig <hch@lst.de> --- net/bridge/netfilter/ebtables.c | 214 +++++++++++++++----------------- 1 file changed, 98 insertions(+), 116 deletions(-) diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index c83ffe9121639c..fe13108af1f542 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1451,86 +1451,6 @@ static int copy_everything_to_user(struct ebt_table *t, void __user *user, ebt_entry_to_user, entries, tmp.entries); } -static int do_ebt_set_ctl(struct sock *sk, - int cmd, void __user *user, unsigned int len) -{ - int ret; - struct net *net = sock_net(sk); - - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) - return -EPERM; - - switch (cmd) { - case EBT_SO_SET_ENTRIES: - ret = do_replace(net, user, len); - break; - case EBT_SO_SET_COUNTERS: - ret = update_counters(net, user, len); - break; - default: - ret = -EINVAL; - } - return ret; -} - -static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) -{ - int ret; - struct ebt_replace tmp; - struct ebt_table *t; - struct net *net = sock_net(sk); - - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) - return -EPERM; - - if (copy_from_user(&tmp, user, sizeof(tmp))) - return -EFAULT; - - tmp.name[sizeof(tmp.name) - 1] = '\0'; - - t = find_table_lock(net, tmp.name, &ret, &ebt_mutex); - if (!t) - return ret; - - switch (cmd) { - case EBT_SO_GET_INFO: - case EBT_SO_GET_INIT_INFO: - if (*len != sizeof(struct ebt_replace)) { - ret = -EINVAL; - mutex_unlock(&ebt_mutex); - break; - } - if (cmd == EBT_SO_GET_INFO) { - tmp.nentries = t->private->nentries; - tmp.entries_size = t->private->entries_size; - tmp.valid_hooks = t->valid_hooks; - } else { - tmp.nentries = t->table->nentries; - tmp.entries_size = t->table->entries_size; - tmp.valid_hooks = t->table->valid_hooks; - } - mutex_unlock(&ebt_mutex); - if (copy_to_user(user, &tmp, *len) != 0) { - ret = -EFAULT; - break; - } - ret = 0; - break; - - case EBT_SO_GET_ENTRIES: - case EBT_SO_GET_INIT_ENTRIES: - ret = copy_everything_to_user(t, user, len, cmd); - mutex_unlock(&ebt_mutex); - break; - - default: - mutex_unlock(&ebt_mutex); - ret = -EINVAL; - } - - return ret; -} - #ifdef CONFIG_COMPAT /* 32 bit-userspace compatibility definitions. */ struct compat_ebt_replace { @@ -2314,28 +2234,6 @@ static int compat_update_counters(struct net *net, void __user *user, hlp.num_counters, user, len); } -static int compat_do_ebt_set_ctl(struct sock *sk, - int cmd, void __user *user, unsigned int len) -{ - int ret; - struct net *net = sock_net(sk); - - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) - return -EPERM; - - switch (cmd) { - case EBT_SO_SET_ENTRIES: - ret = compat_do_replace(net, user, len); - break; - case EBT_SO_SET_COUNTERS: - ret = compat_update_counters(net, user, len); - break; - default: - ret = -EINVAL; - } - return ret; -} - static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) { @@ -2344,14 +2242,6 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, struct ebt_table *t; struct net *net = sock_net(sk); - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) - return -EPERM; - - /* try real handler in case userland supplied needed padding */ - if ((cmd == EBT_SO_GET_INFO || - cmd == EBT_SO_GET_INIT_INFO) && *len != sizeof(tmp)) - return do_ebt_get_ctl(sk, cmd, user, len); - if (copy_from_user(&tmp, user, sizeof(tmp))) return -EFAULT; @@ -2413,20 +2303,112 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, } #endif +static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) +{ + struct net *net = sock_net(sk); + struct ebt_replace tmp; + struct ebt_table *t; + int ret; + + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) + return -EPERM; + +#ifdef CONFIG_COMPAT + /* try real handler in case userland supplied needed padding */ + if (in_compat_syscall() && + ((cmd != EBT_SO_GET_INFO && cmd != EBT_SO_GET_INIT_INFO) || + *len != sizeof(tmp))) + return compat_do_ebt_get_ctl(sk, cmd, user, len); +#endif + + if (copy_from_user(&tmp, user, sizeof(tmp))) + return -EFAULT; + + tmp.name[sizeof(tmp.name) - 1] = '\0'; + + t = find_table_lock(net, tmp.name, &ret, &ebt_mutex); + if (!t) + return ret; + + switch (cmd) { + case EBT_SO_GET_INFO: + case EBT_SO_GET_INIT_INFO: + if (*len != sizeof(struct ebt_replace)) { + ret = -EINVAL; + mutex_unlock(&ebt_mutex); + break; + } + if (cmd == EBT_SO_GET_INFO) { + tmp.nentries = t->private->nentries; + tmp.entries_size = t->private->entries_size; + tmp.valid_hooks = t->valid_hooks; + } else { + tmp.nentries = t->table->nentries; + tmp.entries_size = t->table->entries_size; + tmp.valid_hooks = t->table->valid_hooks; + } + mutex_unlock(&ebt_mutex); + if (copy_to_user(user, &tmp, *len) != 0) { + ret = -EFAULT; + break; + } + ret = 0; + break; + + case EBT_SO_GET_ENTRIES: + case EBT_SO_GET_INIT_ENTRIES: + ret = copy_everything_to_user(t, user, len, cmd); + mutex_unlock(&ebt_mutex); + break; + + default: + mutex_unlock(&ebt_mutex); + ret = -EINVAL; + } + + return ret; +} + +static int do_ebt_set_ctl(struct sock *sk, int cmd, void __user *user, + unsigned int len) +{ + struct net *net = sock_net(sk); + int ret; + + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) + return -EPERM; + + switch (cmd) { + case EBT_SO_SET_ENTRIES: +#ifdef CONFIG_COMPAT + if (in_compat_syscall()) + ret = compat_do_replace(net, user, len); + else +#endif + ret = do_replace(net, user, len); + break; + case EBT_SO_SET_COUNTERS: +#ifdef CONFIG_COMPAT + if (in_compat_syscall()) + ret = compat_update_counters(net, user, len); + else +#endif + ret = update_counters(net, user, len); + break; + default: + ret = -EINVAL; + } + return ret; +} + static struct nf_sockopt_ops ebt_sockopts = { .pf = PF_INET, .set_optmin = EBT_BASE_CTL, .set_optmax = EBT_SO_SET_MAX + 1, .set = do_ebt_set_ctl, -#ifdef CONFIG_COMPAT - .compat_set = compat_do_ebt_set_ctl, -#endif .get_optmin = EBT_BASE_CTL, .get_optmax = EBT_SO_GET_MAX + 1, .get = do_ebt_get_ctl, -#ifdef CONFIG_COMPAT - .compat_get = compat_do_ebt_get_ctl, -#endif .owner = THIS_MODULE, }; -- 2.27.0
WARNING: multiple messages have this Message-ID
From: Christoph Hellwig <hch@lst.de> To: "David S. Miller" <davem@davemloft.net> Cc: Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, Chas Williams <3chas3@gmail.com>, Pablo Neira Ayuso <pablo@netfilter.org>, Jozsef Kadlecsik <kadlec@netfilter.org>, Florian Westphal <fw@strlen.de>, Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>, Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, netfilter-devel@vger.kernel.org, linux-sctp@vger.kernel.org, linux-arch@vger.kernel.org, linux-bluetooth@vger.kernel.org, bridge@lists.linux-foundation.org, linux-can@vger.kernel.org, dccp@vger.kernel.org, linux-wpan@vger.kernel.org, mptcp@lists.01.org Subject: [PATCH 10/22] netfilter/ebtables: clean up compat {get,set}sockopt handling Date: Fri, 17 Jul 2020 06:23:19 +0000 [thread overview] Message-ID: <20200717062331.691152-11-hch@lst.de> (raw) In-Reply-To: <20200717062331.691152-1-hch@lst.de> Merge the native and compat {get,set}sockopt handlers using in_compat_syscall(). Note that this required moving a fair amout of code around to be done sanely. Signed-off-by: Christoph Hellwig <hch@lst.de> --- net/bridge/netfilter/ebtables.c | 214 +++++++++++++++----------------- 1 file changed, 98 insertions(+), 116 deletions(-) diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index c83ffe9121639c..fe13108af1f542 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1451,86 +1451,6 @@ static int copy_everything_to_user(struct ebt_table *t, void __user *user, ebt_entry_to_user, entries, tmp.entries); } -static int do_ebt_set_ctl(struct sock *sk, - int cmd, void __user *user, unsigned int len) -{ - int ret; - struct net *net = sock_net(sk); - - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) - return -EPERM; - - switch (cmd) { - case EBT_SO_SET_ENTRIES: - ret = do_replace(net, user, len); - break; - case EBT_SO_SET_COUNTERS: - ret = update_counters(net, user, len); - break; - default: - ret = -EINVAL; - } - return ret; -} - -static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) -{ - int ret; - struct ebt_replace tmp; - struct ebt_table *t; - struct net *net = sock_net(sk); - - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) - return -EPERM; - - if (copy_from_user(&tmp, user, sizeof(tmp))) - return -EFAULT; - - tmp.name[sizeof(tmp.name) - 1] = '\0'; - - t = find_table_lock(net, tmp.name, &ret, &ebt_mutex); - if (!t) - return ret; - - switch (cmd) { - case EBT_SO_GET_INFO: - case EBT_SO_GET_INIT_INFO: - if (*len != sizeof(struct ebt_replace)) { - ret = -EINVAL; - mutex_unlock(&ebt_mutex); - break; - } - if (cmd = EBT_SO_GET_INFO) { - tmp.nentries = t->private->nentries; - tmp.entries_size = t->private->entries_size; - tmp.valid_hooks = t->valid_hooks; - } else { - tmp.nentries = t->table->nentries; - tmp.entries_size = t->table->entries_size; - tmp.valid_hooks = t->table->valid_hooks; - } - mutex_unlock(&ebt_mutex); - if (copy_to_user(user, &tmp, *len) != 0) { - ret = -EFAULT; - break; - } - ret = 0; - break; - - case EBT_SO_GET_ENTRIES: - case EBT_SO_GET_INIT_ENTRIES: - ret = copy_everything_to_user(t, user, len, cmd); - mutex_unlock(&ebt_mutex); - break; - - default: - mutex_unlock(&ebt_mutex); - ret = -EINVAL; - } - - return ret; -} - #ifdef CONFIG_COMPAT /* 32 bit-userspace compatibility definitions. */ struct compat_ebt_replace { @@ -2314,28 +2234,6 @@ static int compat_update_counters(struct net *net, void __user *user, hlp.num_counters, user, len); } -static int compat_do_ebt_set_ctl(struct sock *sk, - int cmd, void __user *user, unsigned int len) -{ - int ret; - struct net *net = sock_net(sk); - - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) - return -EPERM; - - switch (cmd) { - case EBT_SO_SET_ENTRIES: - ret = compat_do_replace(net, user, len); - break; - case EBT_SO_SET_COUNTERS: - ret = compat_update_counters(net, user, len); - break; - default: - ret = -EINVAL; - } - return ret; -} - static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) { @@ -2344,14 +2242,6 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, struct ebt_table *t; struct net *net = sock_net(sk); - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) - return -EPERM; - - /* try real handler in case userland supplied needed padding */ - if ((cmd = EBT_SO_GET_INFO || - cmd = EBT_SO_GET_INIT_INFO) && *len != sizeof(tmp)) - return do_ebt_get_ctl(sk, cmd, user, len); - if (copy_from_user(&tmp, user, sizeof(tmp))) return -EFAULT; @@ -2413,20 +2303,112 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, } #endif +static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) +{ + struct net *net = sock_net(sk); + struct ebt_replace tmp; + struct ebt_table *t; + int ret; + + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) + return -EPERM; + +#ifdef CONFIG_COMPAT + /* try real handler in case userland supplied needed padding */ + if (in_compat_syscall() && + ((cmd != EBT_SO_GET_INFO && cmd != EBT_SO_GET_INIT_INFO) || + *len != sizeof(tmp))) + return compat_do_ebt_get_ctl(sk, cmd, user, len); +#endif + + if (copy_from_user(&tmp, user, sizeof(tmp))) + return -EFAULT; + + tmp.name[sizeof(tmp.name) - 1] = '\0'; + + t = find_table_lock(net, tmp.name, &ret, &ebt_mutex); + if (!t) + return ret; + + switch (cmd) { + case EBT_SO_GET_INFO: + case EBT_SO_GET_INIT_INFO: + if (*len != sizeof(struct ebt_replace)) { + ret = -EINVAL; + mutex_unlock(&ebt_mutex); + break; + } + if (cmd = EBT_SO_GET_INFO) { + tmp.nentries = t->private->nentries; + tmp.entries_size = t->private->entries_size; + tmp.valid_hooks = t->valid_hooks; + } else { + tmp.nentries = t->table->nentries; + tmp.entries_size = t->table->entries_size; + tmp.valid_hooks = t->table->valid_hooks; + } + mutex_unlock(&ebt_mutex); + if (copy_to_user(user, &tmp, *len) != 0) { + ret = -EFAULT; + break; + } + ret = 0; + break; + + case EBT_SO_GET_ENTRIES: + case EBT_SO_GET_INIT_ENTRIES: + ret = copy_everything_to_user(t, user, len, cmd); + mutex_unlock(&ebt_mutex); + break; + + default: + mutex_unlock(&ebt_mutex); + ret = -EINVAL; + } + + return ret; +} + +static int do_ebt_set_ctl(struct sock *sk, int cmd, void __user *user, + unsigned int len) +{ + struct net *net = sock_net(sk); + int ret; + + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) + return -EPERM; + + switch (cmd) { + case EBT_SO_SET_ENTRIES: +#ifdef CONFIG_COMPAT + if (in_compat_syscall()) + ret = compat_do_replace(net, user, len); + else +#endif + ret = do_replace(net, user, len); + break; + case EBT_SO_SET_COUNTERS: +#ifdef CONFIG_COMPAT + if (in_compat_syscall()) + ret = compat_update_counters(net, user, len); + else +#endif + ret = update_counters(net, user, len); + break; + default: + ret = -EINVAL; + } + return ret; +} + static struct nf_sockopt_ops ebt_sockopts = { .pf = PF_INET, .set_optmin = EBT_BASE_CTL, .set_optmax = EBT_SO_SET_MAX + 1, .set = do_ebt_set_ctl, -#ifdef CONFIG_COMPAT - .compat_set = compat_do_ebt_set_ctl, -#endif .get_optmin = EBT_BASE_CTL, .get_optmax = EBT_SO_GET_MAX + 1, .get = do_ebt_get_ctl, -#ifdef CONFIG_COMPAT - .compat_get = compat_do_ebt_get_ctl, -#endif .owner = THIS_MODULE, }; -- 2.27.0
next reply other threads:[~2020-07-17 6:23 UTC|newest] Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-07-17 6:23 Christoph Hellwig [this message] 2020-07-17 6:23 ` [PATCH 10/22] netfilter/ebtables: clean up compat {get,set}sockopt handling Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig -- strict thread matches above, loose matches on Subject: below -- 2020-07-20 1:16 [MPTCP] Re: sockopt cleanups David Miller 2020-07-20 1:16 ` David Miller 2020-07-20 1:16 ` David Miller 2020-07-20 1:16 ` David Miller 2020-07-17 9:26 [MPTCP] Re: [PATCH 05/22] net: remove compat_sock_common_{get, set}sockopt Stefan Schmidt 2020-07-17 9:26 ` [PATCH 05/22] net: remove compat_sock_common_{get,set}sockopt Stefan Schmidt 2020-07-17 9:26 ` Stefan Schmidt 2020-07-17 9:18 [MPTCP] Re: [PATCH 05/22] net: remove compat_sock_common_{get, set}sockopt Matthieu Baerts 2020-07-17 9:18 ` [MPTCP] [PATCH 05/22] net: remove compat_sock_common_{get,set}sockopt Matthieu Baerts 2020-07-17 9:18 ` Matthieu Baerts 2020-07-17 6:23 [MPTCP] [PATCH 21/22] net/ipv6: remove compat_ipv6_{get,set}sockopt Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 20/22] net/ipv6: factor out mcast join/leave setsockopt helpers Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 19/22] net/ipv6: factor out MCAST_MSFILTER " Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 18/22] net/ipv6: factor out MCAST_MSFILTER getsockopt helpers Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 17/22] net/ipv4: remove compat_ip_{get,set}sockopt Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 16/22] net/ipv4: factor out mcast join/leave setsockopt helpers Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 15/22] net/ipv4: factor out MCAST_MSFILTER " Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 14/22] net/ipv4: factor out MCAST_MSFILTER getsockopt helpers Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 13/22] netfilter: split nf_sockopt Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 12/22] netfilter: remove the compat argument to xt_copy_counters_from_user Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 11/22] netfilter: remove the compat_{get,set} methods Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 09/22] netfilter/ip6_tables: clean up compat {get, set}sockopt handling Christoph Hellwig 2020-07-17 6:23 ` [PATCH 09/22] netfilter/ip6_tables: clean up compat {get,set}sockopt handling Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 08/22] netfilter/ip_tables: clean up compat {get, set}sockopt handling Christoph Hellwig 2020-07-17 6:23 ` [PATCH 08/22] netfilter/ip_tables: clean up compat {get,set}sockopt handling Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 07/22] netfilter/arp_tables: clean up compat {get, set}sockopt handling Christoph Hellwig 2020-07-17 6:23 ` [PATCH 07/22] netfilter/arp_tables: clean up compat {get,set}sockopt handling Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 06/22] net: remove compat_sys_{get,set}sockopt Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 05/22] net: remove compat_sock_common_{get, set}sockopt Christoph Hellwig 2020-07-17 6:23 ` [PATCH 05/22] net: remove compat_sock_common_{get,set}sockopt Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 04/22] net: simplify cBPF setsockopt compat handling Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 03/22] net: streamline __sys_getsockopt Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 02/22] net: streamline __sys_setsockopt Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] [PATCH 01/22] net/atm: remove the atmdev_ops {get, set}sockopt methods Christoph Hellwig 2020-07-17 6:23 ` [PATCH 01/22] net/atm: remove the atmdev_ops {get,set}sockopt methods Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 [MPTCP] sockopt cleanups Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig 2020-07-17 6:23 ` [MPTCP] [PATCH 22/22] net: make ->{get, set}sockopt in proto_ops optional Christoph Hellwig 2020-07-17 6:23 ` [PATCH 22/22] net: make ->{get,set}sockopt " Christoph Hellwig 2020-07-17 6:23 ` Christoph Hellwig [not found] ` <20200717062331.691152-23-hch-jcswGhMUV9g@public.gmane.org> 2020-07-17 8:01 ` Marc Kleine-Budde 2020-07-17 8:01 ` Marc Kleine-Budde 2020-07-17 8:01 ` Marc Kleine-Budde
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200717062331.691152-11-hch@lst.de \ --to=unknown@example.com \ --subject='Re: [MPTCP] [PATCH 10/22] netfilter/ebtables: clean up compat {get, set}sockopt handling' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.