On 02/09/2024 17:02, Joshua Lant wrote:
On morello architecture, use of kernel pointers in the uapi structures is not permitted, due to different alignment requirements. Modify these to be __nf_kptr_t.
Signed-off-by: Joshua Lant joshualant@gmail.com
include/uapi/linux/netfilter/xt_bpf.h | 6 ++++-- net/netfilter/xt_bpf.c | 18 ++++++++++-------- 2 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/include/uapi/linux/netfilter/xt_bpf.h b/include/uapi/linux/netfilter/xt_bpf.h index a05adda26d3e..f283619a6fef 100644 --- a/include/uapi/linux/netfilter/xt_bpf.h +++ b/include/uapi/linux/netfilter/xt_bpf.h @@ -16,7 +16,8 @@ struct xt_bpf_info { struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR]; /* only used in the kernel */
- struct bpf_prog *filter __attribute__((aligned(8)));
- /* Corresponds to the bpf_prog* struct */
- __nf_kptr_t filter __attribute__((aligned(8)));
}; enum xt_bpf_modes { @@ -36,7 +37,8 @@ struct xt_bpf_info_v1 { }; /* only used in the kernel */
- struct bpf_prog *filter __attribute__((aligned(8)));
- /* Corresponds to the bpf_prog* struct */
- __nf_kptr_t filter __attribute__((aligned(8)));
}; #endif /*_XT_BPF_H */ diff --git a/net/netfilter/xt_bpf.c b/net/netfilter/xt_bpf.c index 849ac552a154..0cb3cd1d3d87 100644 --- a/net/netfilter/xt_bpf.c +++ b/net/netfilter/xt_bpf.c @@ -64,24 +64,26 @@ static int __bpf_mt_check_path(const char *path, struct bpf_prog **ret) static int bpf_mt_check(const struct xt_mtchk_param *par) { struct xt_bpf_info *info = par->matchinfo;
- struct bpf_prog *filter = ((struct bpf_prog *)info->filter);
Nit: no need for parentheses around the whole expression (same throughout this file).
return __bpf_mt_check_bytecode(info->bpf_program, info->bpf_program_num_elem,
&info->filter);
&filter);
I've just realised that this change is not equivalent: the last argument of that function is struct bpf_prog **ret, and as the name suggests it is an output argument, i.e. the function will write to that pointer. This change will result in the local variable filter being written to, but not info->filter.
The least invasive option is probably to make filter itself a pointer to info->filter:
struct bpf_prog **filter = &(struct bpf_prog *)info->filter;
Kevin
} static int bpf_mt_check_v1(const struct xt_mtchk_param *par) { struct xt_bpf_info_v1 *info = par->matchinfo;
- struct bpf_prog *filter = ((struct bpf_prog *)info->filter);
if (info->mode == XT_BPF_MODE_BYTECODE) return __bpf_mt_check_bytecode(info->bpf_program, info->bpf_program_num_elem,
&info->filter);
&filter);
return __bpf_mt_check_fd(info->fd, &info->filter);
return __bpf_mt_check_fd(info->fd, &filter);
return __bpf_mt_check_path(info->path, &info->filter);
return __bpf_mt_check_path(info->path, &filter);} @@ -90,28 +92,28 @@ static bool bpf_mt(const struct sk_buff *skb, struct xt_action_param *par) { const struct xt_bpf_info *info = par->matchinfo;
- return bpf_prog_run(info->filter, skb);
- return bpf_prog_run(((struct bpf_prog *)info->filter), skb);
} static bool bpf_mt_v1(const struct sk_buff *skb, struct xt_action_param *par) { const struct xt_bpf_info_v1 *info = par->matchinfo;
- return !!bpf_prog_run_save_cb(info->filter, (struct sk_buff *) skb);
- return !!bpf_prog_run_save_cb(((struct bpf_prog *)info->filter), (struct sk_buff *)skb);
} static void bpf_mt_destroy(const struct xt_mtdtor_param *par) { const struct xt_bpf_info *info = par->matchinfo;
- bpf_prog_destroy(info->filter);
- bpf_prog_destroy(((struct bpf_prog *)info->filter));
} static void bpf_mt_destroy_v1(const struct xt_mtdtor_param *par) { const struct xt_bpf_info_v1 *info = par->matchinfo;
- bpf_prog_destroy(info->filter);
- bpf_prog_destroy(((struct bpf_prog *)info->filter));
} static struct xt_match bpf_mt_reg[] __read_mostly = {