aboutsummaryrefslogtreecommitdiffstats
path: root/net/core
diff options
context:
space:
mode:
authorWill Drewry <wad@chromium.org>2012-04-12 17:47:52 -0400
committerJames Morris <james.l.morris@oracle.com>2012-04-13 21:13:19 -0400
commit46b325c7eb01482674406701825ff67f561ccdd4 (patch)
tree3c6b4d424148c79820506bc2cda71b389798fbdb /net/core
parentc29bceb3967398cf2ac8bf8edf9634fdb722df7d (diff)
sk_run_filter: add BPF_S_ANC_SECCOMP_LD_W
Introduces a new BPF ancillary instruction that all LD calls will be mapped through when skb_run_filter() is being used for seccomp BPF. The rewriting will be done using a secondary chk_filter function that is run after skb_chk_filter. The code change is guarded by CONFIG_SECCOMP_FILTER which is added, along with the seccomp_bpf_load() function later in this series. This is based on http://lkml.org/lkml/2012/3/2/141 Suggested-by: Indan Zupancic <indan@nul.nu> Signed-off-by: Will Drewry <wad@chromium.org> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Eric Paris <eparis@redhat.com> v18: rebase ... v15: include seccomp.h explicitly for when seccomp_bpf_load exists. v14: First cut using a single additional instruction ... v13: made bpf functions generic. Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'net/core')
-rw-r--r--net/core/filter.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/net/core/filter.c b/net/core/filter.c
index 6f755cca4520..491e2e1ec277 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -38,6 +38,7 @@
38#include <linux/filter.h> 38#include <linux/filter.h>
39#include <linux/reciprocal_div.h> 39#include <linux/reciprocal_div.h>
40#include <linux/ratelimit.h> 40#include <linux/ratelimit.h>
41#include <linux/seccomp.h>
41 42
42/* No hurry in this branch 43/* No hurry in this branch
43 * 44 *
@@ -352,6 +353,11 @@ load_b:
352 A = 0; 353 A = 0;
353 continue; 354 continue;
354 } 355 }
356#ifdef CONFIG_SECCOMP_FILTER
357 case BPF_S_ANC_SECCOMP_LD_W:
358 A = seccomp_bpf_load(fentry->k);
359 continue;
360#endif
355 default: 361 default:
356 WARN_RATELIMIT(1, "Unknown code:%u jt:%u tf:%u k:%u\n", 362 WARN_RATELIMIT(1, "Unknown code:%u jt:%u tf:%u k:%u\n",
357 fentry->code, fentry->jt, 363 fentry->code, fentry->jt,