Avoid beyond bounds copy while caching ACL
[zen-stable.git] / net / sched / act_pedit.c
blob10d3aed86560973f0b91daabcd3ddfb62777c3a9
1 /*
2 * net/sched/pedit.c Generic packet editor
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: Jamal Hadi Salim (2002-4)
12 #include <linux/types.h>
13 #include <linux/kernel.h>
14 #include <linux/string.h>
15 #include <linux/errno.h>
16 #include <linux/skbuff.h>
17 #include <linux/rtnetlink.h>
18 #include <linux/module.h>
19 #include <linux/init.h>
20 #include <linux/slab.h>
21 #include <net/netlink.h>
22 #include <net/pkt_sched.h>
23 #include <linux/tc_act/tc_pedit.h>
24 #include <net/tc_act/tc_pedit.h>
26 #define PEDIT_TAB_MASK 15
27 static struct tcf_common *tcf_pedit_ht[PEDIT_TAB_MASK + 1];
28 static u32 pedit_idx_gen;
29 static DEFINE_RWLOCK(pedit_lock);
31 static struct tcf_hashinfo pedit_hash_info = {
32 .htab = tcf_pedit_ht,
33 .hmask = PEDIT_TAB_MASK,
34 .lock = &pedit_lock,
37 static const struct nla_policy pedit_policy[TCA_PEDIT_MAX + 1] = {
38 [TCA_PEDIT_PARMS] = { .len = sizeof(struct tc_pedit) },
41 static int tcf_pedit_init(struct nlattr *nla, struct nlattr *est,
42 struct tc_action *a, int ovr, int bind)
44 struct nlattr *tb[TCA_PEDIT_MAX + 1];
45 struct tc_pedit *parm;
46 int ret = 0, err;
47 struct tcf_pedit *p;
48 struct tcf_common *pc;
49 struct tc_pedit_key *keys = NULL;
50 int ksize;
52 if (nla == NULL)
53 return -EINVAL;
55 err = nla_parse_nested(tb, TCA_PEDIT_MAX, nla, pedit_policy);
56 if (err < 0)
57 return err;
59 if (tb[TCA_PEDIT_PARMS] == NULL)
60 return -EINVAL;
61 parm = nla_data(tb[TCA_PEDIT_PARMS]);
62 ksize = parm->nkeys * sizeof(struct tc_pedit_key);
63 if (nla_len(tb[TCA_PEDIT_PARMS]) < sizeof(*parm) + ksize)
64 return -EINVAL;
66 pc = tcf_hash_check(parm->index, a, bind, &pedit_hash_info);
67 if (!pc) {
68 if (!parm->nkeys)
69 return -EINVAL;
70 pc = tcf_hash_create(parm->index, est, a, sizeof(*p), bind,
71 &pedit_idx_gen, &pedit_hash_info);
72 if (IS_ERR(pc))
73 return PTR_ERR(pc);
74 p = to_pedit(pc);
75 keys = kmalloc(ksize, GFP_KERNEL);
76 if (keys == NULL) {
77 kfree(pc);
78 return -ENOMEM;
80 ret = ACT_P_CREATED;
81 } else {
82 p = to_pedit(pc);
83 if (!ovr) {
84 tcf_hash_release(pc, bind, &pedit_hash_info);
85 return -EEXIST;
87 if (p->tcfp_nkeys && p->tcfp_nkeys != parm->nkeys) {
88 keys = kmalloc(ksize, GFP_KERNEL);
89 if (keys == NULL)
90 return -ENOMEM;
94 spin_lock_bh(&p->tcf_lock);
95 p->tcfp_flags = parm->flags;
96 p->tcf_action = parm->action;
97 if (keys) {
98 kfree(p->tcfp_keys);
99 p->tcfp_keys = keys;
100 p->tcfp_nkeys = parm->nkeys;
102 memcpy(p->tcfp_keys, parm->keys, ksize);
103 spin_unlock_bh(&p->tcf_lock);
104 if (ret == ACT_P_CREATED)
105 tcf_hash_insert(pc, &pedit_hash_info);
106 return ret;
109 static int tcf_pedit_cleanup(struct tc_action *a, int bind)
111 struct tcf_pedit *p = a->priv;
113 if (p) {
114 struct tc_pedit_key *keys = p->tcfp_keys;
115 if (tcf_hash_release(&p->common, bind, &pedit_hash_info)) {
116 kfree(keys);
117 return 1;
120 return 0;
123 static int tcf_pedit(struct sk_buff *skb, const struct tc_action *a,
124 struct tcf_result *res)
126 struct tcf_pedit *p = a->priv;
127 int i, munged = 0;
128 unsigned int off;
130 if (skb_cloned(skb) &&
131 pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
132 return p->tcf_action;
134 off = skb_network_offset(skb);
136 spin_lock(&p->tcf_lock);
138 p->tcf_tm.lastuse = jiffies;
140 if (p->tcfp_nkeys > 0) {
141 struct tc_pedit_key *tkey = p->tcfp_keys;
143 for (i = p->tcfp_nkeys; i > 0; i--, tkey++) {
144 u32 *ptr, _data;
145 int offset = tkey->off;
147 if (tkey->offmask) {
148 char *d, _d;
150 d = skb_header_pointer(skb, off + tkey->at, 1,
151 &_d);
152 if (!d)
153 goto bad;
154 offset += (*d & tkey->offmask) >> tkey->shift;
157 if (offset % 4) {
158 pr_info("tc filter pedit"
159 " offset must be on 32 bit boundaries\n");
160 goto bad;
162 if (offset > 0 && offset > skb->len) {
163 pr_info("tc filter pedit"
164 " offset %d can't exceed pkt length %d\n",
165 offset, skb->len);
166 goto bad;
169 ptr = skb_header_pointer(skb, off + offset, 4, &_data);
170 if (!ptr)
171 goto bad;
172 /* just do it, baby */
173 *ptr = ((*ptr & tkey->mask) ^ tkey->val);
174 if (ptr == &_data)
175 skb_store_bits(skb, off + offset, ptr, 4);
176 munged++;
179 if (munged)
180 skb->tc_verd = SET_TC_MUNGED(skb->tc_verd);
181 goto done;
182 } else
183 WARN(1, "pedit BUG: index %d\n", p->tcf_index);
185 bad:
186 p->tcf_qstats.overlimits++;
187 done:
188 bstats_update(&p->tcf_bstats, skb);
189 spin_unlock(&p->tcf_lock);
190 return p->tcf_action;
193 static int tcf_pedit_dump(struct sk_buff *skb, struct tc_action *a,
194 int bind, int ref)
196 unsigned char *b = skb_tail_pointer(skb);
197 struct tcf_pedit *p = a->priv;
198 struct tc_pedit *opt;
199 struct tcf_t t;
200 int s;
202 s = sizeof(*opt) + p->tcfp_nkeys * sizeof(struct tc_pedit_key);
204 /* netlink spinlocks held above us - must use ATOMIC */
205 opt = kzalloc(s, GFP_ATOMIC);
206 if (unlikely(!opt))
207 return -ENOBUFS;
209 memcpy(opt->keys, p->tcfp_keys,
210 p->tcfp_nkeys * sizeof(struct tc_pedit_key));
211 opt->index = p->tcf_index;
212 opt->nkeys = p->tcfp_nkeys;
213 opt->flags = p->tcfp_flags;
214 opt->action = p->tcf_action;
215 opt->refcnt = p->tcf_refcnt - ref;
216 opt->bindcnt = p->tcf_bindcnt - bind;
218 NLA_PUT(skb, TCA_PEDIT_PARMS, s, opt);
219 t.install = jiffies_to_clock_t(jiffies - p->tcf_tm.install);
220 t.lastuse = jiffies_to_clock_t(jiffies - p->tcf_tm.lastuse);
221 t.expires = jiffies_to_clock_t(p->tcf_tm.expires);
222 NLA_PUT(skb, TCA_PEDIT_TM, sizeof(t), &t);
223 kfree(opt);
224 return skb->len;
226 nla_put_failure:
227 nlmsg_trim(skb, b);
228 kfree(opt);
229 return -1;
232 static struct tc_action_ops act_pedit_ops = {
233 .kind = "pedit",
234 .hinfo = &pedit_hash_info,
235 .type = TCA_ACT_PEDIT,
236 .capab = TCA_CAP_NONE,
237 .owner = THIS_MODULE,
238 .act = tcf_pedit,
239 .dump = tcf_pedit_dump,
240 .cleanup = tcf_pedit_cleanup,
241 .lookup = tcf_hash_search,
242 .init = tcf_pedit_init,
243 .walk = tcf_generic_walker
246 MODULE_AUTHOR("Jamal Hadi Salim(2002-4)");
247 MODULE_DESCRIPTION("Generic Packet Editor actions");
248 MODULE_LICENSE("GPL");
250 static int __init pedit_init_module(void)
252 return tcf_register_action(&act_pedit_ops);
255 static void __exit pedit_cleanup_module(void)
257 tcf_unregister_action(&act_pedit_ops);
260 module_init(pedit_init_module);
261 module_exit(pedit_cleanup_module);