sparse complains about the argument type for filter that is passed to bpf_check_basics_ok(). There are two users of the function where the variable is with __user attribute one without. The pointer is only checked against NULL so there is no access to the content and so no need for any user-wrapper. Adding the __user to the declaration doesn't solve anything because there is one kernel user so it will be wrong again. Splitting the function in two seems an overkill because the function is small and simple. Make a macro based on the function which does not trigger a sparse warning. The change to a macro and "unsigned int" -> "u16" for `flen' alters gcc's code generation a bit. Signed-off-by: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx> --- net/core/filter.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/net/core/filter.c b/net/core/filter.c index 3f14c8019f26d..5747533ed5491 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1035,16 +1035,20 @@ static bool chk_code_allowed(u16 code_to_probe) return codes[code_to_probe]; } -static bool bpf_check_basics_ok(const struct sock_filter *filter, - unsigned int flen) -{ - if (filter == NULL) - return false; - if (flen == 0 || flen > BPF_MAXINSNS) - return false; - - return true; -} + /* macro instead of a function to avoid woring about _filter which might be a + * user or kernel pointer. It does not matter for the NULL check. + */ +#define bpf_check_basics_ok(fprog_filter, fprog_flen) \ +({ \ + bool __ret = true; \ + u16 __flen = fprog_flen; \ + \ + if (!(fprog_filter)) \ + __ret = false; \ + else if (__flen == 0 || __flen > BPF_MAXINSNS) \ + __ret = false; \ + __ret; \ +}) /** * bpf_check_classic - verify socket filter code -- 2.45.2