Re: [RFC PATCH net-next 0/6] seccomp filter JIT
From: Daniel Borkmann
Date: Fri Apr 26 2013 - 08:38:59 EST
On 04/26/2013 02:31 PM, Xi Wang wrote:
On Fri, Apr 26, 2013 at 7:46 AM, Daniel Borkmann <dborkman@xxxxxxxxxx> wrote:
I think BPF JIT for seccomp on ARM recently got applied to -mm tree
if I'm not mistaken. It was from Nicolas Schichan (cc):
http://thread.gmane.org/gmane.linux.ports.arm.kernel/233416/
Thanks for the pointer.
For the ARM part, looks like Nicolas's patch requires to implement two
wrappers for each arch:
void seccomp_jit_compile(struct seccomp_filter *fp);
void seccomp_jit_free(struct seccomp_filter *fp);
The implementation of these wrappers is almost identical to:
void bpf_jit_compile(struct sk_filter *fp);
void bpf_jit_free(struct sk_filter *fp);
While this patch uses a unified interface for both packet & seccomp filters.
bpf_func_t bpf_jit_compile(struct sock_filter *filter, unsigned int flen);
void bpf_jit_free(bpf_func_t bpf_func);
A unified interface seems more clean, imho.
Shouldn't be hard to merge though.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/