[PATCH] Remove netfilter warnings on copy_to_user

Rusty Russell rusty at rustcorp.com.au
Wed Dec 1 06:25:16 CET 2004


Name: Remove copy_to_user Warnings in Netfilter
Status: Trivial
Signed-off-by: Rusty Russell <rusty at rustcorp.com.au>

After changing firewall rules, we try to return the counters to
userspace.  We didn't fail at that point if the copy failed, but it
doesn't really matter.  Someone added a warn_unused_result attribute
to copy_to_user, so we get bogus warnings.

Index: linux-2.6.10-rc2-bk13-Netfilter/net/ipv4/netfilter/ip_tables.c
===================================================================
--- linux-2.6.10-rc2-bk13-Netfilter.orig/net/ipv4/netfilter/ip_tables.c	2004-11-30 12:45:23.000000000 +1100
+++ linux-2.6.10-rc2-bk13-Netfilter/net/ipv4/netfilter/ip_tables.c	2004-12-01 15:49:35.000000000 +1100
@@ -1141,12 +1141,12 @@
 	/* Decrease module usage counts and free resource */
 	IPT_ENTRY_ITERATE(oldinfo->entries, oldinfo->size, cleanup_entry,NULL);
 	vfree(oldinfo);
-	/* Silent error: too late now. */
-	copy_to_user(tmp.counters, counters,
-		     sizeof(struct ipt_counters) * tmp.num_counters);
+	if (copy_to_user(tmp.counters, counters,
+			 sizeof(struct ipt_counters) * tmp.num_counters) != 0)
+		ret = -EFAULT;
 	vfree(counters);
 	up(&ipt_mutex);
-	return 0;
+	return ret;
 
  put_module:
 	module_put(t->me);
Index: linux-2.6.10-rc2-bk13-Netfilter/net/ipv6/netfilter/ip6_tables.c
===================================================================
--- linux-2.6.10-rc2-bk13-Netfilter.orig/net/ipv6/netfilter/ip6_tables.c	2004-11-16 15:30:12.000000000 +1100
+++ linux-2.6.10-rc2-bk13-Netfilter/net/ipv6/netfilter/ip6_tables.c	2004-12-01 15:50:28.000000000 +1100
@@ -1222,11 +1222,12 @@
 	IP6T_ENTRY_ITERATE(oldinfo->entries, oldinfo->size, cleanup_entry,NULL);
 	vfree(oldinfo);
 	/* Silent error: too late now. */
-	copy_to_user(tmp.counters, counters,
-		     sizeof(struct ip6t_counters) * tmp.num_counters);
+	if (copy_to_user(tmp.counters, counters,
+			 sizeof(struct ip6t_counters) * tmp.num_counters) != 0)
+		ret = -EFAULT;
 	vfree(counters);
 	up(&ip6t_mutex);
-	return 0;
+	return ret;
 
  put_module:
 	module_put(t->me);
Index: linux-2.6.10-rc2-bk13-Netfilter/net/ipv4/netfilter/arp_tables.c
===================================================================
--- linux-2.6.10-rc2-bk13-Netfilter.orig/net/ipv4/netfilter/arp_tables.c	2004-11-16 15:30:12.000000000 +1100
+++ linux-2.6.10-rc2-bk13-Netfilter/net/ipv4/netfilter/arp_tables.c	2004-12-01 15:49:54.000000000 +1100
@@ -948,12 +948,12 @@
 	/* Decrease module usage counts and free resource */
 	ARPT_ENTRY_ITERATE(oldinfo->entries, oldinfo->size, cleanup_entry,NULL);
 	vfree(oldinfo);
-	/* Silent error: too late now. */
-	copy_to_user(tmp.counters, counters,
-		     sizeof(struct arpt_counters) * tmp.num_counters);
+	if (copy_to_user(tmp.counters, counters,
+			 sizeof(struct arpt_counters) * tmp.num_counters) != 0)
+		ret = -EFAULT;
 	vfree(counters);
 	up(&arpt_mutex);
-	return 0;
+	return ret;
 
  put_module:
 	module_put(t->me);

-- 
A bad analogy is like a leaky screwdriver -- Richard Braakman




More information about the netfilter-devel mailing list