On Tue, Feb 25, 2025 at 10:40:04PM +0800, Jiayuan Chen wrote:
> * An instance of /dev/ppp can be associated with either a ppp
> * interface unit or a ppp channel. In both cases, file->private_data
> @@ -1762,10 +1766,15 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb)
>
> if (proto < 0x8000) {
> #ifdef CONFIG_PPP_FILTER
> - /* check if we should pass this packet */
> - /* the filter instructions are constructed assuming
> - a four-byte PPP header on each packet */
> - *(u8 *)skb_push(skb, 2) = 1;
> + /* Check if we should pass this packet.
> + * The filter instructions are constructed assuming
> + * a four-byte PPP header on each packet. The first byte
> + * indicates the direction, and the second byte is meaningless,
> + * but we still need to initialize it to prevent crafted BPF
> + * programs from reading them which would cause reading of
> + * uninitialized data.
> + */
> + *(u16 *)skb_push(skb, 2) = htons(PPP_FILTER_OUTBOUND_TAG);
> if (ppp->pass_filter &&
> bpf_prog_run(ppp->pass_filter, skb) == 0) {
> if (ppp->debug & 1)
> --
> 2.47.1
>
My apologize, it will raise Sparse check WARNING:
drivers/net/ppp/ppp_generic.c:1777:42: warning: incorrect type in assignment (different base types)
drivers/net/ppp/ppp_generic.c:1777:42: expected unsigned short [usertype]
drivers/net/ppp/ppp_generic.c:1777:42: got restricted __be16 [usertype]
A new revision is here, all check passed:
https://lore.kernel.org/all/20250226013658.891214-1-jiayuan.chen@xxxxxxxxx/
pw-bot: cr
