diff options
author | Eric Dumazet <edumazet@google.com> | 2014-07-12 15:49:16 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-07-13 23:27:41 -0700 |
commit | ec31a05c4dfa95149b1754d9de92831a5a95c636 (patch) | |
tree | 239b9a7ac53a864e45a9159faab20a4af077a489 | |
parent | 66568b392539fc8224f4d7070a55d56e9d13c150 (diff) |
net: filter: sk_chk_filter() no longer mangles filter
Add const attribute to filter argument to make clear it is no
longer modified.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/linux/filter.h | 2 | ||||
-rw-r--r-- | net/core/filter.c | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/include/linux/filter.h b/include/linux/filter.h index b885dcb7eaca..c43c8258e682 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -362,7 +362,7 @@ void sk_unattached_filter_destroy(struct sk_filter *fp); int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk); int sk_detach_filter(struct sock *sk); -int sk_chk_filter(struct sock_filter *filter, unsigned int flen); +int sk_chk_filter(const struct sock_filter *filter, unsigned int flen); int sk_get_filter(struct sock *sk, struct sock_filter __user *filter, unsigned int len); diff --git a/net/core/filter.c b/net/core/filter.c index 87af1e3e56c0..b90ae7fb3b89 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1085,7 +1085,7 @@ err: * a cell if not previously written, and we check all branches to be sure * a malicious user doesn't try to abuse us. */ -static int check_load_and_stores(struct sock_filter *filter, int flen) +static int check_load_and_stores(const struct sock_filter *filter, int flen) { u16 *masks, memvalid = 0; /* One bit per cell, 16 cells */ int pc, ret = 0; @@ -1218,7 +1218,7 @@ static bool chk_code_allowed(u16 code_to_probe) * * Returns 0 if the rule set is legal or -EINVAL if not. */ -int sk_chk_filter(struct sock_filter *filter, unsigned int flen) +int sk_chk_filter(const struct sock_filter *filter, unsigned int flen) { bool anc_found; int pc; @@ -1228,7 +1228,7 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen) /* Check the filter code now */ for (pc = 0; pc < flen; pc++) { - struct sock_filter *ftest = &filter[pc]; + const struct sock_filter *ftest = &filter[pc]; /* May we actually operate on this code? */ if (!chk_code_allowed(ftest->code)) |