[PATCH] sparse: nf_sockopt() annotation

	netfilter set/getsockopt annotated.  That's a continuation of previous
patch - by now the only remaining place where setsockopt()/getsockopt()
userland pointers are not traced is vcc_[sg]etsockopt() and down into the
ATM drivers.  Everything from that area in net/* should be done by now.

	That's pretty much it as far as non-trivial splitting counts; remaining
patches in net/* are independent, tty and console stuff is also not hard to
split (not much of it, anyway) and what remains is arch-dependent code for
alpha and amd64.  Of course there'll be more stuff coming, but as far as I'm
concerned the rest of my pile is managable - and finally below 200Kb.  That'll
go tomorrow - right now I'm going down and getting some sleep...

include/linux/netfilter.h

@@ -64,11 +64,11 @@ struct nf_sockopt_ops
 	/* Non-inclusive ranges: use 0/0/NULL to never get called. */
 	int set_optmin;
 	int set_optmax;
-	int (*set)(struct sock *sk, int optval, void *user, unsigned int len);
+	int (*set)(struct sock *sk, int optval, void __user *user, unsigned int len);
 
 	int get_optmin;
 	int get_optmax;
-	int (*get)(struct sock *sk, int optval, void *user, int *len);
+	int (*get)(struct sock *sk, int optval, void __user *user, int *len);
 
 	/* Number of users inside set() or get(). */
 	unsigned int use;
@@ -156,9 +156,9 @@ int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb,
 		 int (*okfn)(struct sk_buff *), int thresh);
 
 /* Call setsockopt() */
-int nf_setsockopt(struct sock *sk, int pf, int optval, char *opt, 
+int nf_setsockopt(struct sock *sk, int pf, int optval, char __user *opt, 
 		  int len);
-int nf_getsockopt(struct sock *sk, int pf, int optval, char *opt,
+int nf_getsockopt(struct sock *sk, int pf, int optval, char __user *opt,
 		  int *len);
 
 /* Packet queuing */

net/bridge/netfilter/ebtables.c

@@ -902,7 +902,7 @@ static void get_counters(struct ebt_counter *oldcounters,
 }
 
 /* replace the table */
-static int do_replace(void *user, unsigned int len)
+static int do_replace(void __user *user, unsigned int len)
 {
 	int ret, i, countersize;
 	struct ebt_table_info *newinfo;
@@ -1217,7 +1217,7 @@ void ebt_unregister_table(struct ebt_table *table)
 }
 
 /* userspace just supplied us with counters */
-static int update_counters(void *user, unsigned int len)
+static int update_counters(void __user *user, unsigned int len)
 {
 	int i, ret;
 	struct ebt_counter *tmp;
@@ -1315,7 +1315,7 @@ static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
 }
 
 /* called with ebt_mutex down */
-static int copy_everything_to_user(struct ebt_table *t, void *user,
+static int copy_everything_to_user(struct ebt_table *t, void __user *user,
    int *len, int cmd)
 {
 	struct ebt_replace tmp;
@@ -1391,7 +1391,7 @@ static int copy_everything_to_user(struct ebt_table *t, void *user,
 }
 
 static int do_ebt_set_ctl(struct sock *sk,
-	int cmd, void *user, unsigned int len)
+	int cmd, void __user *user, unsigned int len)
 {
 	int ret;
 
@@ -1408,7 +1408,7 @@ static int do_ebt_set_ctl(struct sock *sk,
 	return ret;
 }
 
-static int do_ebt_get_ctl(struct sock *sk, int cmd, void *user, int *len)
+static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
 {
 	int ret;
 	struct ebt_replace tmp;

net/core/netfilter.c

@@ -286,7 +286,7 @@ void nf_debug_ip_finish_output2(struct sk_buff *skb)
 
 /* Call get/setsockopt() */
 static int nf_sockopt(struct sock *sk, int pf, int val, 
-		      char *opt, int *len, int get)
+		      char __user *opt, int *len, int get)
 {
 	struct list_head *i;
 	struct nf_sockopt_ops *ops;
@@ -329,13 +329,13 @@ static int nf_sockopt(struct sock *sk, int pf, int val,
 	return ret;
 }
 
-int nf_setsockopt(struct sock *sk, int pf, int val, char *opt,
+int nf_setsockopt(struct sock *sk, int pf, int val, char __user *opt,
 		  int len)
 {
 	return nf_sockopt(sk, pf, val, opt, &len, 0);
 }
 
-int nf_getsockopt(struct sock *sk, int pf, int val, char *opt, int *len)
+int nf_getsockopt(struct sock *sk, int pf, int val, char __user *opt, int *len)
 {
 	return nf_sockopt(sk, pf, val, opt, len, 1);
 }

net/ipv4/ipvs/ip_vs_ctl.c

@@ -1912,7 +1912,7 @@ static unsigned char set_arglen[SET_CMDID(IP_VS_SO_SET_MAX)+1] = {
 };
 
 static int
-do_ip_vs_set_ctl(struct sock *sk, int cmd, void *user, unsigned int len)
+do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
 {
 	int ret;
 	unsigned char arg[MAX_ARG_LEN];

net/ipv4/netfilter/arp_tables.c

@@ -778,7 +778,7 @@ static void get_counters(const struct arpt_table_info *t,
 
 static int copy_entries_to_user(unsigned int total_size,
 				struct arpt_table *table,
-				void *userptr)
+				void __user *userptr)
 {
 	unsigned int off, num, countersize;
 	struct arpt_entry *e;
@@ -838,7 +838,7 @@ static int copy_entries_to_user(unsigned int total_size,
 }
 
 static int get_entries(const struct arpt_get_entries *entries,
-		       struct arpt_get_entries *uptr)
+		       struct arpt_get_entries __user *uptr)
 {
 	int ret;
 	struct arpt_table *t;
@@ -864,7 +864,7 @@ static int get_entries(const struct arpt_get_entries *entries,
 	return ret;
 }
 
-static int do_replace(void *user, unsigned int len)
+static int do_replace(void __user *user, unsigned int len)
 {
 	int ret;
 	struct arpt_replace tmp;
@@ -980,7 +980,7 @@ static inline int add_counter_to_entry(struct arpt_entry *e,
 	return 0;
 }
 
-static int do_add_counters(void *user, unsigned int len)
+static int do_add_counters(void __user *user, unsigned int len)
 {
 	unsigned int i;
 	struct arpt_counters_info tmp, *paddc;
@@ -1027,7 +1027,7 @@ static int do_add_counters(void *user, unsigned int len)
 	return ret;
 }
 
-static int do_arpt_set_ctl(struct sock *sk, int cmd, void *user, unsigned int len)
+static int do_arpt_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
 {
 	int ret;
 
@@ -1051,7 +1051,7 @@ static int do_arpt_set_ctl(struct sock *sk, int cmd, void *user, unsigned int le
 	return ret;
 }
 
-static int do_arpt_get_ctl(struct sock *sk, int cmd, void *user, int *len)
+static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
 {
 	int ret;
 

net/ipv4/netfilter/ip_conntrack_core.c

@@ -1300,7 +1300,7 @@ ip_ct_selective_cleanup(int (*kill)(const struct ip_conntrack *i, void *data),
 /* Reversing the socket's dst/src point of view gives us the reply
    mapping. */
 static int
-getorigdst(struct sock *sk, int optval, void *user, int *len)
+getorigdst(struct sock *sk, int optval, void __user *user, int *len)
 {
 	struct inet_opt *inet = inet_sk(sk);
 	struct ip_conntrack_tuple_hash *h;

net/ipv4/netfilter/ip_fw_compat.c

@@ -181,7 +181,7 @@ static unsigned int fw_confirm(unsigned int hooknum,
 
 extern int ip_fw_ctl(int optval, void *m, unsigned int len);
 
-static int sock_fn(struct sock *sk, int optval, void *user, unsigned int len)
+static int sock_fn(struct sock *sk, int optval, void __user *user, unsigned int len)
 {
 	/* MAX of:
 	   2.2: sizeof(struct ip_fwtest) (~14x4 + 3x4 = 17x4)

net/ipv4/netfilter/ip_tables.c

@@ -942,7 +942,7 @@ get_counters(const struct ipt_table_info *t,
 static int
 copy_entries_to_user(unsigned int total_size,
 		     struct ipt_table *table,
-		     void *userptr)
+		     void __user *userptr)
 {
 	unsigned int off, num, countersize;
 	struct ipt_entry *e;
@@ -1020,7 +1020,7 @@ copy_entries_to_user(unsigned int total_size,
 
 static int
 get_entries(const struct ipt_get_entries *entries,
-	    struct ipt_get_entries *uptr)
+	    struct ipt_get_entries __user *uptr)
 {
 	int ret;
 	struct ipt_table *t;
@@ -1047,7 +1047,7 @@ get_entries(const struct ipt_get_entries *entries,
 }
 
 static int
-do_replace(void *user, unsigned int len)
+do_replace(void __user *user, unsigned int len)
 {
 	int ret;
 	struct ipt_replace tmp;
@@ -1173,7 +1173,7 @@ add_counter_to_entry(struct ipt_entry *e,
 }
 
 static int
-do_add_counters(void *user, unsigned int len)
+do_add_counters(void __user *user, unsigned int len)
 {
 	unsigned int i;
 	struct ipt_counters_info tmp, *paddc;
@@ -1221,7 +1221,7 @@ do_add_counters(void *user, unsigned int len)
 }
 
 static int
-do_ipt_set_ctl(struct sock *sk,	int cmd, void *user, unsigned int len)
+do_ipt_set_ctl(struct sock *sk,	int cmd, void __user *user, unsigned int len)
 {
 	int ret;
 
@@ -1246,7 +1246,7 @@ do_ipt_set_ctl(struct sock *sk,	int cmd, void *user, unsigned int len)
 }
 
 static int
-do_ipt_get_ctl(struct sock *sk, int cmd, void *user, int *len)
+do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
 {
 	int ret;
 

net/ipv6/netfilter/ip6_tables.c

@@ -1106,7 +1106,7 @@ copy_entries_to_user(unsigned int total_size,
 
 static int
 get_entries(const struct ip6t_get_entries *entries,
-	    struct ip6t_get_entries *uptr)
+	    struct ip6t_get_entries __user *uptr)
 {
 	int ret;
 	struct ip6t_table *t;
@@ -1133,7 +1133,7 @@ get_entries(const struct ip6t_get_entries *entries,
 }
 
 static int
-do_replace(void *user, unsigned int len)
+do_replace(void __user *user, unsigned int len)
 {
 	int ret;
 	struct ip6t_replace tmp;
@@ -1254,7 +1254,7 @@ add_counter_to_entry(struct ip6t_entry *e,
 }
 
 static int
-do_add_counters(void *user, unsigned int len)
+do_add_counters(void __user *user, unsigned int len)
 {
 	unsigned int i;
 	struct ip6t_counters_info tmp, *paddc;
@@ -1302,7 +1302,7 @@ do_add_counters(void *user, unsigned int len)
 }
 
 static int
-do_ip6t_set_ctl(struct sock *sk,	int cmd, void *user, unsigned int len)
+do_ip6t_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
 {
 	int ret;
 
@@ -1327,7 +1327,7 @@ do_ip6t_set_ctl(struct sock *sk,	int cmd, void *user, unsigned int len)
 }
 
 static int
-do_ip6t_get_ctl(struct sock *sk, int cmd, void *user, int *len)
+do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
 {
 	int ret;