summaryrefslogtreecommitdiffstats
path: root/net/xdp/xsk.c
diff options
context:
space:
mode:
authorBjörn Töpel <bjorn.topel@intel.com>2018-06-04 13:57:11 +0200
committerDaniel Borkmann <daniel@iogearbox.net>2018-06-04 17:21:02 +0200
commit4e64c835254095f55044d393e628dd3e92fca304 (patch)
tree51db5592136aab51ca7451006085044715affbe9 /net/xdp/xsk.c
parentbpf: flowlabel in bpf_fib_lookup should be flowinfo (diff)
downloadlinux-4e64c835254095f55044d393e628dd3e92fca304.tar.xz
linux-4e64c835254095f55044d393e628dd3e92fca304.zip
xsk: proper fill queue descriptor validation
Previously the fill queue descriptor was not copied to kernel space prior validating it, making it possible for userland to change the descriptor post-kernel-validation. Signed-off-by: Björn Töpel <bjorn.topel@intel.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Diffstat (limited to 'net/xdp/xsk.c')
-rw-r--r--net/xdp/xsk.c11
1 files changed, 5 insertions, 6 deletions
diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
index cce0e4f8a536..43554eb56fe6 100644
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -41,20 +41,19 @@ bool xsk_is_setup_for_bpf_map(struct xdp_sock *xs)
static int __xsk_rcv(struct xdp_sock *xs, struct xdp_buff *xdp)
{
- u32 *id, len = xdp->data_end - xdp->data;
+ u32 id, len = xdp->data_end - xdp->data;
void *buffer;
- int err = 0;
+ int err;
if (xs->dev != xdp->rxq->dev || xs->queue_id != xdp->rxq->queue_index)
return -EINVAL;
- id = xskq_peek_id(xs->umem->fq);
- if (!id)
+ if (!xskq_peek_id(xs->umem->fq, &id))
return -ENOSPC;
- buffer = xdp_umem_get_data_with_headroom(xs->umem, *id);
+ buffer = xdp_umem_get_data_with_headroom(xs->umem, id);
memcpy(buffer, xdp->data, len);
- err = xskq_produce_batch_desc(xs->rx, *id, len,
+ err = xskq_produce_batch_desc(xs->rx, id, len,
xs->umem->frame_headroom);
if (!err)
xskq_discard_id(xs->umem->fq);
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 05:08:29 +0100