Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
kernel-fxtec-pro1x/net/netfilter
History
Daniel Borkmann b1fcd35cf5 net: filter: let unattached filters use sock_fprog_kern 
The sk_unattached_filter_create() API is used by BPF filters that
are not directly attached or related to sockets, and are used in
team, ptp, xt_bpf, cls_bpf, etc. As such all users do their own
internal managment of obtaining filter blocks and thus already
have them in kernel memory and set up before calling into
sk_unattached_filter_create(). As a result, due to __user annotation
in sock_fprog, sparse triggers false positives (incorrect type in
assignment [different address space]) when filters are set up before
passing them to sk_unattached_filter_create(). Therefore, let
sk_unattached_filter_create() API use sock_fprog_kern to overcome
this issue.

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-23 16:48:05 -04:00
..
ipset netfilter: Convert uses of __constant_<foo> to <foo> 2014-03-13 14:13:19 +01:00
ipvs net: rename local_df to ignore_df 2014-05-12 14:03:41 -04:00
core.c
Kconfig netfilter: nf_tables: add reject module for NFPROTO_INET 2014-02-06 09:44:18 +01:00
Makefile netfilter: nf_tables: add reject module for NFPROTO_INET 2014-02-06 09:44:18 +01:00
nf_conntrack_acct.c
nf_conntrack_amanda.c
nf_conntrack_broadcast.c
nf_conntrack_core.c netfilter: nf_conntrack: initialize net.ct.generation 2014-04-14 10:35:28 +02:00
nf_conntrack_ecache.c
nf_conntrack_expect.c netfilter: conntrack: seperate expect locking from nf_conntrack_lock 2014-03-07 11:41:01 +01:00
nf_conntrack_extend.c
nf_conntrack_ftp.c
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c netfilter: conntrack: seperate expect locking from nf_conntrack_lock 2014-03-07 11:41:01 +01:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: conntrack: remove central spinlock nf_conntrack_lock 2014-03-07 11:41:13 +01:00
nf_conntrack_irc.c
nf_conntrack_l3proto_generic.c
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: ctnetlink: don't add null bindings if no nat requested 2014-04-29 20:49:08 +02:00
nf_conntrack_pptp.c netfilter: nf_conntrack: flush net_gre->keymap_list only from gre helper 2014-04-08 10:56:12 +02:00
nf_conntrack_proto.c
nf_conntrack_proto_dccp.c
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c netfilter: nf_conntrack: flush net_gre->keymap_list only from gre helper 2014-04-08 10:56:12 +02:00
nf_conntrack_proto_sctp.c
nf_conntrack_proto_tcp.c
nf_conntrack_proto_udp.c
nf_conntrack_proto_udplite.c
nf_conntrack_sane.c
nf_conntrack_seqadj.c
nf_conntrack_sip.c netfilter: conntrack: seperate expect locking from nf_conntrack_lock 2014-03-07 11:41:01 +01:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c
nf_conntrack_tftp.c
nf_conntrack_timeout.c
nf_conntrack_timestamp.c
nf_internals.h
nf_log.c
nf_nat_amanda.c
nf_nat_core.c netfilter: ctnetlink: force null nat binding on insert 2014-02-18 00:13:51 +01:00
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_proto_common.c
nf_nat_proto_dccp.c
nf_nat_proto_sctp.c
nf_nat_proto_tcp.c
nf_nat_proto_udp.c
nf_nat_proto_udplite.c
nf_nat_proto_unknown.c
nf_nat_sip.c
nf_nat_tftp.c
nf_queue.c
nf_sockopt.c
nf_synproxy_core.c netfilter: nf_conntrack: don't release a conntrack with non-zero refcnt 2014-02-05 17:46:06 +01:00
nf_tables_api.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables 2014-05-22 12:06:23 -04:00
nf_tables_core.c netfilter: nf_tables: fix nft_cmp_fast failure on big endian for size < 4 2014-04-14 10:38:02 +02:00
nf_tables_inet.c netfilter: nf_tables: fix error path in the init functions 2014-01-09 23:25:48 +01:00
nfnetlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-12 13:19:14 -04:00
nfnetlink_acct.c
nfnetlink_cthelper.c
nfnetlink_cttimeout.c
nfnetlink_log.c netfilter: nfnetlink_log: remove unused code 2014-02-25 11:30:01 +01:00
nfnetlink_queue_core.c core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle errors 2014-03-27 15:29:38 -04:00
nfnetlink_queue_ct.c
nft_bitwise.c
nft_byteorder.c
nft_cmp.c netfilter: nf_tables: fix nft_cmp_fast failure on big endian for size < 4 2014-04-14 10:38:02 +02:00
nft_compat.c netfilter: nf_tables: restore context for expression destructors 2014-03-08 12:35:17 +01:00
nft_counter.c
nft_ct.c netfilter: nft_ct: split nft_ct_init() into two functions for get/set 2014-04-02 21:29:45 +02:00
nft_expr_template.c
nft_exthdr.c
nft_hash.c netfilter: nft_hash: use set global element counter instead of private one 2014-04-02 21:33:55 +02:00
nft_immediate.c netfilter: nf_tables: restore context for expression destructors 2014-03-08 12:35:17 +01:00
nft_limit.c
nft_log.c netfilter: nf_tables: restore context for expression destructors 2014-03-08 12:35:17 +01:00
nft_lookup.c netfilter: nf_tables: use new transaction infrastructure to handle sets 2014-05-19 12:06:10 +02:00
nft_meta.c netfilter: nf_tables: Make meta expression core functions public 2014-04-23 13:55:30 +02:00
nft_nat.c netfilter: nft_nat: fix family validation 2014-03-08 12:35:19 +01:00
nft_payload.c netfilter: nf_tables: check if payload length is a power of 2 2014-02-17 11:21:17 +01:00
nft_queue.c netfilter: nf_tables: fix log/queue expressions for NFPROTO_INET 2014-02-06 11:41:38 +01:00
nft_rbtree.c netfilter: nf_tables: implement proper set selection 2014-04-02 21:32:57 +02:00
nft_reject.c netfilter: nft_reject: split up reject module into IPv4 and IPv6 specifc parts 2014-02-06 09:44:10 +01:00
nft_reject_inet.c netfilter: nft_reject_inet: fix unintended fall-through in switch-statatement 2014-02-14 11:37:33 +01:00
x_tables.c
xt_addrtype.c
xt_AUDIT.c netfilter: Convert uses of __constant_<foo> to <foo> 2014-03-13 14:13:19 +01:00
xt_bpf.c net: filter: let unattached filters use sock_fprog_kern 2014-05-23 16:48:05 -04:00
xt_cgroup.c netfilter: x_tables: allow to use cgroup match for LOCAL_IN nf hooks 2014-04-03 23:52:17 +02:00
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c netfilter: connlimit: move lock array out of struct connlimit_data 2014-04-03 23:52:13 +02:00
xt_connmark.c
xt_CONNSECMARK.c
xt_conntrack.c
xt_cpu.c
xt_CT.c netfilter: nf_conntrack: don't release a conntrack with non-zero refcnt 2014-02-05 17:46:06 +01:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c
xt_helper.c
xt_hl.c
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c
xt_ipcomp.c netfilter: xt_ipcomp: Use ntohs to ease sparse warning 2014-02-19 11:41:25 +01:00
xt_iprange.c
xt_ipvs.c
xt_l2tp.c netfilter: introduce l2tp match extension 2014-01-09 21:36:39 +01:00
xt_LED.c
xt_length.c
xt_limit.c
xt_LOG.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c
xt_NETMAP.c
xt_nfacct.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_osf.c netfilter: Add {ipt,ip6t}_osf aliases for xt_osf 2014-04-03 23:52:22 +02:00
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_RATEEST.c
xt_rateest.c
xt_realm.c
xt_recent.c
xt_REDIRECT.c
xt_repldata.h
xt_sctp.c
xt_SECMARK.c
xt_set.c
xt_socket.c
xt_state.c
xt_statistic.c net: replace macros net_random and net_srandom with direct calls to prandom 2014-01-14 15:15:25 -08:00
xt_string.c
xt_TCPMSS.c
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c
xt_time.c
xt_TPROXY.c
xt_TRACE.c
xt_u32.c