aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorAlexei Starovoitov <ast@plumgrid.com>2014-05-19 17:56:14 -0400
committerDavid S. Miller <davem@davemloft.net>2014-05-21 17:07:17 -0400
commit5fe821a9dee241fa450703ab7015d970ee0cfb8d (patch)
tree4ada90ac07b074b55ffc40220d8a14fcee3f305a /lib
parent21ea04fa2d26906a2c8bca40891a238414111f5f (diff)
net: filter: cleanup invocation of internal BPF
Kernel API for classic BPF socket filters is: sk_unattached_filter_create() - validate classic BPF, convert, JIT SK_RUN_FILTER() - run it sk_unattached_filter_destroy() - destroy socket filter Cleanup internal BPF kernel API as following: sk_filter_select_runtime() - final step of internal BPF creation. Try to JIT internal BPF program, if JIT is not available select interpreter SK_RUN_FILTER() - run it sk_filter_free() - free internal BPF program Disallow direct calls to BPF interpreter. Execution of the BPF program should be done with SK_RUN_FILTER() macro. Example of internal BPF create, run, destroy: struct sk_filter *fp; fp = kzalloc(sk_filter_size(prog_len), GFP_KERNEL); memcpy(fp->insni, prog, prog_len * sizeof(fp->insni[0])); fp->len = prog_len; sk_filter_select_runtime(fp); SK_RUN_FILTER(fp, ctx); sk_filter_free(fp); Sockets, seccomp, testsuite, tracing are using different ways to populate sk_filter, so first steps of program creation are not common. Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'lib')
-rw-r--r--lib/test_bpf.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/test_bpf.c b/lib/test_bpf.c
index 3603ebcd5d65..e160934430eb 100644
--- a/lib/test_bpf.c
+++ b/lib/test_bpf.c
@@ -1489,7 +1489,7 @@ static __init int test_bpf(void)
1489 memcpy(fp_ext->insns, tests[i].insns_int, 1489 memcpy(fp_ext->insns, tests[i].insns_int,
1490 fprog.len * 8); 1490 fprog.len * 8);
1491 fp->len = fprog.len; 1491 fp->len = fprog.len;
1492 fp->bpf_func = sk_run_filter_int_skb; 1492 sk_filter_select_runtime(fp);
1493 } else { 1493 } else {
1494 err = sk_unattached_filter_create(&fp, &fprog); 1494 err = sk_unattached_filter_create(&fp, &fprog);
1495 if (tests[i].data_type == EXPECTED_FAIL) { 1495 if (tests[i].data_type == EXPECTED_FAIL) {
@@ -1516,7 +1516,7 @@ static __init int test_bpf(void)
1516 if (tests[i].data_type != SKB_INT) 1516 if (tests[i].data_type != SKB_INT)
1517 sk_unattached_filter_destroy(fp); 1517 sk_unattached_filter_destroy(fp);
1518 else 1518 else
1519 kfree(fp); 1519 sk_filter_free(fp);
1520 1520
1521 if (err) { 1521 if (err) {
1522 pr_cont("FAIL %d\n", err); 1522 pr_cont("FAIL %d\n", err);