diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2017-12-03 04:20:38 +0300 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2018-01-05 19:43:39 +0300 |
commit | 040ee69226f8a96b7943645d68f41d5d44b5ff7d (patch) | |
tree | 225bf6fb67c3597b9def19f3412b476db1d6d4fa /net | |
parent | 9ee332d99e4d5a97548943b81c54668450ce641b (diff) | |
download | linux-040ee69226f8a96b7943645d68f41d5d44b5ff7d.tar.xz |
fix "netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'"
Descriptor table is a shared object; it's not a place where you can
stick temporary references to files, especially when we don't need
an opened file at all.
Cc: stable@vger.kernel.org # v4.14
Fixes: 98589a0998b8 ("netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/xt_bpf.c | 14 |
1 files changed, 2 insertions, 12 deletions
diff --git a/net/netfilter/xt_bpf.c b/net/netfilter/xt_bpf.c index 041da0d9c06f..fa2ca0a13619 100644 --- a/net/netfilter/xt_bpf.c +++ b/net/netfilter/xt_bpf.c @@ -52,18 +52,8 @@ static int __bpf_mt_check_fd(int fd, struct bpf_prog **ret) static int __bpf_mt_check_path(const char *path, struct bpf_prog **ret) { - mm_segment_t oldfs = get_fs(); - int retval, fd; - - set_fs(KERNEL_DS); - fd = bpf_obj_get_user(path, 0); - set_fs(oldfs); - if (fd < 0) - return fd; - - retval = __bpf_mt_check_fd(fd, ret); - sys_close(fd); - return retval; + *ret = bpf_prog_get_type_path(path, BPF_PROG_TYPE_SOCKET_FILTER); + return PTR_ERR_OR_ZERO(*ret); } static int bpf_mt_check(const struct xt_mtchk_param *par) |