Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751541AbbD3OMo (ORCPT <rfc822;w@1wt.eu>);
	Thu, 30 Apr 2015 10:12:44 -0400
Received: from ns.iliad.fr ([212.27.33.1]:55814 "EHLO ns.iliad.fr"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1750795AbbD3OMm (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Thu, 30 Apr 2015 10:12:42 -0400
Message-ID: <55423858.9040108@freebox.fr>
Date: Thu, 30 Apr 2015 16:12:40 +0200
From: Nicolas Schichan <nschichan@freebox.fr>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Daniel Borkmann <daniel@iogearbox.net>, Kees Cook <keescook@chromium.org>,
        Andy Lutomirski <luto@amacapital.net>, Will Drewry <wad@chromium.org>,
        linux-kernel@vger.kernel.org, ast@plumgrid.com, davem@davemloft.net
Subject: Re: [PATCH 2/4] seccomp: rework seccomp_prepare_filter().
References: <1430314657-2552-1-git-send-email-nschichan@freebox.fr> <1430314657-2552-3-git-send-email-nschichan@freebox.fr> <5541110D.4020507@iogearbox.net> <55421FA5.2070906@freebox.fr> <5542242D.1090502@iogearbox.net>
In-Reply-To: <5542242D.1090502@iogearbox.net>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1828
Lines: 63

On 04/30/2015 02:46 PM, Daniel Borkmann wrote:
>> Just to be sure you want me to pass a pointer to seccomp_check_filter to
>> bpf_prepare_filter so that it can run it between bpf_check_classic() and
>> bpf_jit_compile ?
> 
> For example, what comes to mind is something along these lines:
> 
> struct bpf_prog *
> bpf_prepare_filter(struct bpf_prog *fp,
>            int (*aux_trans_classic)(struct sock_filter *filter,
>                         unsigned int flen))
> {
>     int err;
> 
>     fp->bpf_func = NULL;
>     fp->jited = false;
> 
>     err = bpf_check_classic(fp->insns, fp->len);
>     if (err) {
>         __bpf_prog_release(fp);
>         return ERR_PTR(err);
>     }
> 
>     /* There might be additional checks and transformations
>      * needed on classic filters, f.e. in case of seccomp.
>      */
>     if (aux_trans_classic) {
>         err = aux_trans_classic(fp->insns,
>                     fp->len);
>         if (err) {
>             __bpf_prog_release(fp);
>             return ERR_PTR(err);
>         }
>     }
> 
>     /* Probe if we can JIT compile the filter and if so, do
>      * the compilation of the filter.
>      */
>     bpf_jit_compile(fp);
> 
>     /* JIT compiler couldn't process this filter, so do the
>      * internal BPF translation for the optimized interpreter.
>      */
>     if (!fp->jited)
>         fp = bpf_migrate_filter(fp);
> 
>     return fp;
> }
> 
> From seccomp side, you invoke:
> 
> ... bpf_prepare_filter(fp, seccomp_check_filter);

Thanks for the precisions, I'll look into that.

-- 
Nicolas Schichan
Freebox SAS
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/