Commit 89c2e009 authored by Schichan Nicolas's avatar Schichan Nicolas Committed by Russell King

ARM: 7597/1: net: bpf_jit_32: fix kzalloc gfp/size mismatch.

Official prototype for kzalloc is:

void *kzalloc(size_t, gfp_t);

The ARM bpf_jit code was having the assumption that it was:

void *kzalloc(gfp_t, size);

This was resulting the use of some random GFP flags depending on the
size requested and some random overflows once the really needed size
was more than the value of GFP_KERNEL.

This bug was present since the original inclusion of bpf_jit for ARM
(ddecdfce: ARM: 7259/3: net: JIT compiler for packet filters).
Signed-off-by: default avatarNicolas Schichan <nschichan@freebox.fr>
Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
parent 026b7c6b
......@@ -845,7 +845,7 @@ void bpf_jit_compile(struct sk_filter *fp)
ctx.skf = fp;
ctx.ret0_fp_idx = -1;
ctx.offsets = kzalloc(GFP_KERNEL, 4 * (ctx.skf->len + 1));
ctx.offsets = kzalloc(4 * (ctx.skf->len + 1), GFP_KERNEL);
if (ctx.offsets == NULL)
return;
......@@ -864,7 +864,7 @@ void bpf_jit_compile(struct sk_filter *fp)
ctx.idx += ctx.imm_count;
if (ctx.imm_count) {
ctx.imms = kzalloc(GFP_KERNEL, 4 * ctx.imm_count);
ctx.imms = kzalloc(4 * ctx.imm_count, GFP_KERNEL);
if (ctx.imms == NULL)
goto out;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment