On 25/06/2024 17:17, Joshua Lant wrote:
Check for PCuABI and modify function declarations accordingly, changing user** into * __capability * __capability.
Signed-off-by: Joshua Lant joshualant@gmail.com
net/bridge/netfilter/ebtables.c | 39 +++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 7 deletions(-)
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 99d82676f780..b9f9301f2699 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1633,8 +1633,14 @@ static int ebt_compat_match_offset(const struct xt_match *match, return xt_compat_match_offset(match); } -static int compat_match_to_user(struct ebt_entry_match *m, void __user **dstptr, +#ifdef CONFIG_CHERI_PURECAP_UABI +static int compat_match_to_user(struct ebt_entry_match *m,
void *__capability *__capability dstptr, unsigned int *size)
+#else +static int compat_match_to_user(struct ebt_entry_match *m, void __user *__user *dstptr,
This doesn't look right: in !PCuABI, the function should remain unchanged, but here void __user ** has been changed to void __user * __user *. In other words, a (kernel) pointer to user pointer is now a user pointer to user pointer. This should mean that calls to that function would fail to compile (because the types now mismatch), unfortunately I've noticed in the past that Clang accepts this without warning.
An easy way to tell if you got this right is to look at the diff: the lines in the #else block should be unchanged.
unsigned int *size)
Nit: that line could be outside of the #ifdef blocks (it's the same in both cases).
Kevin
+#endif { const struct xt_match *match = m->u.match; struct compat_ebt_entry_mwt __user *cm = *dstptr; @@ -1664,9 +1670,15 @@ static int compat_match_to_user(struct ebt_entry_match *m, void __user **dstptr, return 0; } +#ifdef CONFIG_CHERI_PURECAP_UABI +static int compat_target_to_user(struct ebt_entry_target *t,
void *__capability *__capability dstptr,
unsigned int *size)
+#else static int compat_target_to_user(struct ebt_entry_target *t,
void __user **dstptr,
unsigned int *size)
void __user *__user *dstptr,
unsigned int *size)
+#endif { const struct xt_target *target = t->u.target; struct compat_ebt_entry_mwt __user *cm = *dstptr; @@ -1696,16 +1708,29 @@ static int compat_target_to_user(struct ebt_entry_target *t, return 0; }
+#ifdef CONFIG_CHERI_PURECAP_UABI +static int compat_watcher_to_user(struct ebt_entry_watcher *w,
void *__capability *__capability dstptr,
unsigned int *size)
+#else static int compat_watcher_to_user(struct ebt_entry_watcher *w,
void __user **dstptr,
unsigned int *size)
void __user *__user *dstptr,
unsigned int *size)
+#endif { return compat_target_to_user((struct ebt_entry_target *)w, dstptr, size); } -static int compat_copy_entry_to_user(struct ebt_entry *e, void __user **dstptr,
unsigned int *size)
+#ifdef CONFIG_CHERI_PURECAP_UABI +static int compat_copy_entry_to_user(struct ebt_entry *e,
void *__capability *__capability dstptr,
unsigned int *size)
+#else +static int compat_copy_entry_to_user(struct ebt_entry *e, void __user *__user *dstptr,
unsigned int *size)
+#endif { struct ebt_entry_target *t; struct ebt_entry __user *ce;