diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2020-04-22 01:10:58 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2020-04-22 01:10:58 +0000 |
commit | e6e0449cfead44ed09668d0bffb52812266568d1 (patch) | |
tree | 2c6eb94f024d0fc06eea1d5a22cabb6ed88ededc | |
parent | 601c8f5efeb087e00d38cef439d23ebf0ddfc799 (diff) | |
parent | 7628ec22c1e35f7ed9bb6f634a312556a6ac2fbb (diff) | |
download | iptables-e6e0449cfead44ed09668d0bffb52812266568d1.tar.gz |
Snap for 6416172 from 7628ec22c1e35f7ed9bb6f634a312556a6ac2fbb to rvc-release
Change-Id: I4af311980e11990e7c273db39dadfb290d52f8f9
-rw-r--r-- | extensions/libxt_bpf.c | 26 | ||||
-rw-r--r-- | libiptc/libiptc.c | 7 |
2 files changed, 19 insertions, 14 deletions
diff --git a/extensions/libxt_bpf.c b/extensions/libxt_bpf.c index 92958247..eeae86e5 100644 --- a/extensions/libxt_bpf.c +++ b/extensions/libxt_bpf.c @@ -61,14 +61,26 @@ static const struct xt_option_entry bpf_opts_v1[] = { XTOPT_TABLEEND, }; -static int bpf_obj_get(const char *filepath) +static int bpf_obj_get_readonly(const char *filepath) { #if defined HAVE_LINUX_BPF_H && defined __NR_bpf && defined BPF_FS_MAGIC - union bpf_attr attr; - - memset(&attr, 0, sizeof(attr)); - attr.pathname = (__u64) filepath; - + /* union bpf_attr includes this in an anonymous struct, but the + * file_flags field and the BPF_F_RDONLY constant are only present + * in Linux 4.15+ kernel headers (include/uapi/linux/bpf.h) + */ + struct { // this part of union bpf_attr is for BPF_OBJ_* commands + __aligned_u64 pathname; + __u32 bpf_fd; + __u32 file_flags; + } attr = { + .pathname = (__u64)filepath, + .file_flags = (1U << 3), // BPF_F_RDONLY + }; + int fd = syscall(__NR_bpf, BPF_OBJ_GET, &attr, sizeof(attr)); + if (fd >= 0) return fd; + + /* on any error fallback to default R/W access for pre-4.15-rc1 kernels */ + attr.file_flags = 0; return syscall(__NR_bpf, BPF_OBJ_GET, &attr, sizeof(attr)); #else xtables_error(OTHER_PROBLEM, @@ -125,7 +137,7 @@ static void bpf_parse_string(struct sock_filter *pc, __u16 *lenp, __u16 len_max, static void bpf_parse_obj_pinned(struct xt_bpf_info_v1 *bi, const char *filepath) { - bi->fd = bpf_obj_get(filepath); + bi->fd = bpf_obj_get_readonly(filepath); if (bi->fd < 0) xtables_error(PARAMETER_PROBLEM, "bpf: failed to get bpf object"); diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index c3142424..58882015 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -67,13 +67,6 @@ static const char *hooknames[] = { }; /* Convenience structures */ -#undef ipt_error_target /* uapi includes this already. */ -struct ipt_error_target -{ - STRUCT_ENTRY_TARGET t; - char error[TABLE_MAXNAMELEN]; -}; - struct chain_head; struct rule_head; |