Message-ID: <5541110D.4020507@iogearbox.net>
Date: Wed, 29 Apr 2015 19:12:45 +0200
From: Daniel Borkmann <daniel@iogearbox.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Nicolas Schichan <nschichan@freebox.fr>, Kees Cook <keescook@chromium.org>,
        Andy Lutomirski <luto@amacapital.net>, Will Drewry <wad@chromium.org>,
        linux-kernel@vger.kernel.org, ast@plumgrid.com, davem@davemloft.net
Subject: Re: [PATCH 2/4] seccomp: rework seccomp_prepare_filter().
References: <1430314657-2552-1-git-send-email-nschichan@freebox.fr> <1430314657-2552-3-git-send-email-nschichan@freebox.fr>
In-Reply-To: <1430314657-2552-3-git-send-email-nschichan@freebox.fr>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1153
Lines: 27

On 04/29/2015 03:37 PM, Nicolas Schichan wrote:
> - Try to use the classic BPF JIT via bpf_jit_compile().
>
> - Use bpf_migrate_filter() from NET filter code instead of the double
>    bpf_convert_filter() followed by bpf_prog_select_runtime() if
>    classic bpf_jit_compile() did not succeed in producing native code.
>
> Signed-off-by: Nicolas Schichan <nschichan@freebox.fr>

[ I had to look that one up manually, would be good if you keep
   people in Cc, also netdev for BPF in general. ]

I see, you need that to make it available to the old bpf_jit_compile()
for probing on classic JITs. Actually, I really would prefer, if instead
of duplicating that code, you could export bpf_prepare_filter() and
pass seccomp_check_filter() as an argument to bpf_prepare_filter().

Otherwise, in case bpf_prepare_filter() changes, people will easily
forget to update seccomp related code, really.

Thanks,
Daniel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/