Re: [PATCH 2/4] seccomp: rework seccomp_prepare_filter().

[Daniel Borkmann]

On 04/29/2015 03:37 PM, Nicolas Schichan wrote:
> - Try to use the classic BPF JIT via bpf_jit_compile().
>
> - Use bpf_migrate_filter() from NET filter code instead of the double
>    bpf_convert_filter() followed by bpf_prog_select_runtime() if
>    classic bpf_jit_compile() did not succeed in producing native code.
>
> Signed-off-by: Nicolas Schichan <nschichan@xxxxxxxxxx>

[ I had to look that one up manually, would be good if you keep
  people in Cc, also netdev for BPF in general. ]

I see, you need that to make it available to the old bpf_jit_compile()
for probing on classic JITs. Actually, I really would prefer, if instead
of duplicating that code, you could export bpf_prepare_filter() and
pass seccomp_check_filter() as an argument to bpf_prepare_filter().

Otherwise, in case bpf_prepare_filter() changes, people will easily
forget to update seccomp related code, really.

Thanks,
Daniel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/