net: filter: sk_chk_filter() no longer mangles filter

Add const attribute to filter argument to make clear it is no longer modified. Signed-off-by: N Eric Dumazet <edumazet@google.com> Acked-by: N Daniel Borkmann <dborkman@redhat.com> Acked-by: N Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: N David S. Miller <davem@davemloft.net>

net: filter: sk_chk_filter() no longer mangles filter
Add const attribute to filter argument to make clear it is no longer modified. Signed-off-by: N Eric Dumazet <edumazet@google.com> Acked-by: N Daniel Borkmann <dborkman@redhat.com> Acked-by: N Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: N David S. Miller <davem@davemloft.net>
ec31a05c · Eric Dumazet · David S. Miller · 66568b39 · ec31a05c · ec31a05c
显示空白变更内容
内联并排

Showing with 4 addition and 4 deletion

include/linux/filter.h include/linux/filter.h +1 -1

net/core/filter.c net/core/filter.c +3 -3

未找到文件。
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -362,7 +362,7 @@ void sk_unattached_filter_destroy(struct sk_filter *fp);
 int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk);
 int sk_detach_filter(struct sock *sk);

-int sk_chk_filter(struct sock_filter *filter, unsigned int flen);
+int sk_chk_filter(const struct sock_filter *filter, unsigned int flen);
 int sk_get_filter(struct sock *sk, struct sock_filter __user *filter,
 		  unsigned int len);


--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -1085,7 +1085,7 @@ int sk_convert_filter(struct sock_filter *prog, int len,
 * a cell if not previously written, and we check all branches to be sure
 * a malicious user doesn't try to abuse us.
 */
-static int check_load_and_stores(struct sock_filter *filter, int flen)
+static int check_load_and_stores(const struct sock_filter *filter, int flen)
 {
 	u16 *masks, memvalid = 0; /* One bit per cell, 16 cells */
 	int pc, ret = 0;
@@ -1218,7 +1218,7 @@ static bool chk_code_allowed(u16 code_to_probe)
 *
 * Returns 0 if the rule set is legal or -EINVAL if not.
 */
-int sk_chk_filter(struct sock_filter *filter, unsigned int flen)
+int sk_chk_filter(const struct sock_filter *filter, unsigned int flen)
 {
 	bool anc_found;
 	int pc;
@@ -1228,7 +1228,7 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen)

 	/* Check the filter code now */
 	for (pc = 0; pc < flen; pc++) {
-		struct sock_filter *ftest = &filter[pc];
+		const struct sock_filter *ftest = &filter[pc];

 		/* May we actually operate on this code? */
 		if (!chk_code_allowed(ftest->code))