diff options
author | Alexei Starovoitov <ast@plumgrid.com> | 2014-05-19 17:56:14 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-05-21 17:07:17 -0400 |
commit | 5fe821a9dee241fa450703ab7015d970ee0cfb8d (patch) | |
tree | 4ada90ac07b074b55ffc40220d8a14fcee3f305a /lib/test_bpf.c | |
parent | 21ea04fa2d26906a2c8bca40891a238414111f5f (diff) |
net: filter: cleanup invocation of internal BPF
Kernel API for classic BPF socket filters is:
sk_unattached_filter_create() - validate classic BPF, convert, JIT
SK_RUN_FILTER() - run it
sk_unattached_filter_destroy() - destroy socket filter
Cleanup internal BPF kernel API as following:
sk_filter_select_runtime() - final step of internal BPF creation.
Try to JIT internal BPF program, if JIT is not available select interpreter
SK_RUN_FILTER() - run it
sk_filter_free() - free internal BPF program
Disallow direct calls to BPF interpreter. Execution of the BPF program should
be done with SK_RUN_FILTER() macro.
Example of internal BPF create, run, destroy:
struct sk_filter *fp;
fp = kzalloc(sk_filter_size(prog_len), GFP_KERNEL);
memcpy(fp->insni, prog, prog_len * sizeof(fp->insni[0]));
fp->len = prog_len;
sk_filter_select_runtime(fp);
SK_RUN_FILTER(fp, ctx);
sk_filter_free(fp);
Sockets, seccomp, testsuite, tracing are using different ways to populate
sk_filter, so first steps of program creation are not common.
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'lib/test_bpf.c')
-rw-r--r-- | lib/test_bpf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/test_bpf.c b/lib/test_bpf.c index 3603ebcd5d65..e160934430eb 100644 --- a/lib/test_bpf.c +++ b/lib/test_bpf.c | |||
@@ -1489,7 +1489,7 @@ static __init int test_bpf(void) | |||
1489 | memcpy(fp_ext->insns, tests[i].insns_int, | 1489 | memcpy(fp_ext->insns, tests[i].insns_int, |
1490 | fprog.len * 8); | 1490 | fprog.len * 8); |
1491 | fp->len = fprog.len; | 1491 | fp->len = fprog.len; |
1492 | fp->bpf_func = sk_run_filter_int_skb; | 1492 | sk_filter_select_runtime(fp); |
1493 | } else { | 1493 | } else { |
1494 | err = sk_unattached_filter_create(&fp, &fprog); | 1494 | err = sk_unattached_filter_create(&fp, &fprog); |
1495 | if (tests[i].data_type == EXPECTED_FAIL) { | 1495 | if (tests[i].data_type == EXPECTED_FAIL) { |
@@ -1516,7 +1516,7 @@ static __init int test_bpf(void) | |||
1516 | if (tests[i].data_type != SKB_INT) | 1516 | if (tests[i].data_type != SKB_INT) |
1517 | sk_unattached_filter_destroy(fp); | 1517 | sk_unattached_filter_destroy(fp); |
1518 | else | 1518 | else |
1519 | kfree(fp); | 1519 | sk_filter_free(fp); |
1520 | 1520 | ||
1521 | if (err) { | 1521 | if (err) { |
1522 | pr_cont("FAIL %d\n", err); | 1522 | pr_cont("FAIL %d\n", err); |