pkt_sched: sch_drr: Fix oops in drr_change_class.

[safe/jmp/linux-2.6] / net / sched / cls_basic.c

diff --git a/net/sched/cls_basic.c b/net/sched/cls_basic.c
index 524b788..4e2bda8 100644 (file)
--- a/net/sched/cls_basic.c
+++ b/net/sched/cls_basic.c
@@ -35,7 +35,7 @@ struct basic_filter
        struct list_head        link;
 };
 
-static struct tcf_ext_map basic_ext_map = {
+static const struct tcf_ext_map basic_ext_map = {
        .action = TCA_BASIC_ACT,
        .police = TCA_BASIC_POLICE
 };
@@ -102,7 +102,7 @@ static inline void basic_delete_filter(struct tcf_proto *tp,
 
 static void basic_destroy(struct tcf_proto *tp)
 {
-       struct basic_head *head = (struct basic_head *) xchg(&tp->root, NULL);
+       struct basic_head *head = tp->root;
        struct basic_filter *f, *n;
 
        list_for_each_entry_safe(f, n, &head->flist, link) {
@@ -129,6 +129,11 @@ static int basic_delete(struct tcf_proto *tp, unsigned long arg)
        return -ENOENT;
 }
 
+static const struct nla_policy basic_policy[TCA_BASIC_MAX + 1] = {
+       [TCA_BASIC_CLASSID]     = { .type = NLA_U32 },
+       [TCA_BASIC_EMATCHES]    = { .type = NLA_NESTED },
+};
+
 static inline int basic_set_parms(struct tcf_proto *tp, struct basic_filter *f,
                                  unsigned long base, struct nlattr **tb,
                                  struct nlattr *est)
@@ -137,10 +142,6 @@ static inline int basic_set_parms(struct tcf_proto *tp, struct basic_filter *f,
        struct tcf_exts e;
        struct tcf_ematch_tree t;
 
-       if (tb[TCA_BASIC_CLASSID])
-               if (nla_len(tb[TCA_BASIC_CLASSID]) < sizeof(u32))
-                       return err;
-
        err = tcf_exts_validate(tp, tb, est, &e, &basic_ext_map);
        if (err < 0)
                return err;
@@ -150,7 +151,7 @@ static inline int basic_set_parms(struct tcf_proto *tp, struct basic_filter *f,
                goto errout;
 
        if (tb[TCA_BASIC_CLASSID]) {
-               f->res.classid = *(u32*)nla_data(tb[TCA_BASIC_CLASSID]);
+               f->res.classid = nla_get_u32(tb[TCA_BASIC_CLASSID]);
                tcf_bind_filter(tp, &f->res, base);
        }
 
@@ -174,7 +175,8 @@ static int basic_change(struct tcf_proto *tp, unsigned long base, u32 handle,
        if (tca[TCA_OPTIONS] == NULL)
                return -EINVAL;
 
-       err = nla_parse_nested(tb, TCA_BASIC_MAX, tca[TCA_OPTIONS], NULL);
+       err = nla_parse_nested(tb, TCA_BASIC_MAX, tca[TCA_OPTIONS],
+                              basic_policy);
        if (err < 0)
                return err;
 
@@ -246,29 +248,29 @@ static int basic_dump(struct tcf_proto *tp, unsigned long fh,
                      struct sk_buff *skb, struct tcmsg *t)
 {
        struct basic_filter *f = (struct basic_filter *) fh;
-       unsigned char *b = skb_tail_pointer(skb);
-       struct nlattr *nla;
+       struct nlattr *nest;
 
        if (f == NULL)
                return skb->len;
 
        t->tcm_handle = f->handle;
 
-       nla = (struct nlattr *) b;
-       NLA_PUT(skb, TCA_OPTIONS, 0, NULL);
+       nest = nla_nest_start(skb, TCA_OPTIONS);
+       if (nest == NULL)
+               goto nla_put_failure;
 
        if (f->res.classid)
-               NLA_PUT(skb, TCA_BASIC_CLASSID, sizeof(u32), &f->res.classid);
+               NLA_PUT_U32(skb, TCA_BASIC_CLASSID, f->res.classid);
 
        if (tcf_exts_dump(skb, &f->exts, &basic_ext_map) < 0 ||
            tcf_em_tree_dump(skb, &f->ematches, TCA_BASIC_EMATCHES) < 0)
                goto nla_put_failure;
 
-       nla->nla_len = skb_tail_pointer(skb) - b;
+       nla_nest_end(skb, nest);
        return skb->len;
 
 nla_put_failure:
-       nlmsg_trim(skb, b);
+       nla_nest_cancel(skb, nest);
        return -1;
 }