[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070125132220.GA15410@ms2.inr.ac.ru>
Date: Thu, 25 Jan 2007 16:22:20 +0300
From: Alexey Kuznetsov <kuznet@....inr.ac.ru>
To: David Miller <davem@...emloft.net>
Cc: raivis@...lv, netdev@...r.kernel.org, waltje@...lt.NL.Mugnet.ORG,
gw4pts@...pts.ampr.org, dim@...nvz.org
Subject: Re: [BUG] problem with BPF in PF_PACKET sockets, introduced in linux-2.6.19
Hello!
> So this whole idea to make run_filter() return signed integers
> and fail on negative is entirely flawed, it simply cannot work
> and retain the expected semantics which have been there forever.
Actually, it can. Return value was used only as sign of error,
so that the mistake was to return original unsigned result casted to int.
Alternative fix is enclosed. To be honest, it is not better than
yours: duplication of couple lines of code against passing return
value by pointer.
Alexey
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index da73e8a..51e5537 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -437,11 +437,13 @@ static inline int run_filter(struct sk_b
rcu_read_lock_bh();
filter = rcu_dereference(sk->sk_filter);
if (filter != NULL) {
- err = sk_run_filter(skb, filter->insns, filter->len);
- if (!err)
+ unsigned int res;
+
+ res = sk_run_filter(skb, filter->insns, filter->len);
+ if (!res)
err = -EPERM;
- else if (*snaplen > err)
- *snaplen = err;
+ else if (*snaplen > res)
+ *snaplen = res;
}
rcu_read_unlock_bh();
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists