diff options
author | android-build-prod (mdb) <android-build-team-robot@google.com> | 2020-04-27 21:57:40 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2020-04-27 21:57:40 +0000 |
commit | 3909caa4e67386d46b4183c5b9985a218ada1207 (patch) | |
tree | 770ca42c9aa38c8c0e488cc7b4277be999d69701 | |
parent | c45505069ff61a78c6a84c53cb68422c9155d4cd (diff) | |
parent | 6dfe56e39d1ad28d737c3428913101f4a9822eb4 (diff) | |
download | platform_external_iptables-3909caa4e67386d46b4183c5b9985a218ada1207.tar.gz platform_external_iptables-3909caa4e67386d46b4183c5b9985a218ada1207.tar.bz2 platform_external_iptables-3909caa4e67386d46b4183c5b9985a218ada1207.zip |
Merge "Snap for 6435660 from e6cb0500d462d8016fe2c903c85ca74dedf8588f to sdk-release" into sdk-releaseplatform-tools-30.0.1
-rw-r--r-- | extensions/libxt_bpf.c | 26 | ||||
-rw-r--r-- | extensions/libxt_quota.c | 1 | ||||
-rw-r--r-- | libiptc/libiptc.c | 7 |
3 files changed, 19 insertions, 15 deletions
diff --git a/extensions/libxt_bpf.c b/extensions/libxt_bpf.c index 92958247..eeae86e5 100644 --- a/extensions/libxt_bpf.c +++ b/extensions/libxt_bpf.c @@ -61,14 +61,26 @@ static const struct xt_option_entry bpf_opts_v1[] = { XTOPT_TABLEEND, }; -static int bpf_obj_get(const char *filepath) +static int bpf_obj_get_readonly(const char *filepath) { #if defined HAVE_LINUX_BPF_H && defined __NR_bpf && defined BPF_FS_MAGIC - union bpf_attr attr; - - memset(&attr, 0, sizeof(attr)); - attr.pathname = (__u64) filepath; - + /* union bpf_attr includes this in an anonymous struct, but the + * file_flags field and the BPF_F_RDONLY constant are only present + * in Linux 4.15+ kernel headers (include/uapi/linux/bpf.h) + */ + struct { // this part of union bpf_attr is for BPF_OBJ_* commands + __aligned_u64 pathname; + __u32 bpf_fd; + __u32 file_flags; + } attr = { + .pathname = (__u64)filepath, + .file_flags = (1U << 3), // BPF_F_RDONLY + }; + int fd = syscall(__NR_bpf, BPF_OBJ_GET, &attr, sizeof(attr)); + if (fd >= 0) return fd; + + /* on any error fallback to default R/W access for pre-4.15-rc1 kernels */ + attr.file_flags = 0; return syscall(__NR_bpf, BPF_OBJ_GET, &attr, sizeof(attr)); #else xtables_error(OTHER_PROBLEM, @@ -125,7 +137,7 @@ static void bpf_parse_string(struct sock_filter *pc, __u16 *lenp, __u16 len_max, static void bpf_parse_obj_pinned(struct xt_bpf_info_v1 *bi, const char *filepath) { - bi->fd = bpf_obj_get(filepath); + bi->fd = bpf_obj_get_readonly(filepath); if (bi->fd < 0) xtables_error(PARAMETER_PROBLEM, "bpf: failed to get bpf object"); diff --git a/extensions/libxt_quota.c b/extensions/libxt_quota.c index 192cc717..bad77d23 100644 --- a/extensions/libxt_quota.c +++ b/extensions/libxt_quota.c @@ -48,7 +48,6 @@ static void quota_parse(struct xt_option_call *cb) xtables_option_parse(cb); if (cb->invert) info->flags |= XT_QUOTA_INVERT; - info->quota = cb->val.u64; } static int quota_xlate(struct xt_xlate *xl, diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index c3142424..58882015 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -67,13 +67,6 @@ static const char *hooknames[] = { }; /* Convenience structures */ -#undef ipt_error_target /* uapi includes this already. */ -struct ipt_error_target -{ - STRUCT_ENTRY_TARGET t; - char error[TABLE_MAXNAMELEN]; -}; - struct chain_head; struct rule_head; |