Re: [RFC PATCH net-next 0/6] seccomp filter JIT

[Nicolas Schichan]

On 04/26/2013 02:31 PM, Xi Wang wrote:
> Thanks for the pointer.
>
> For the ARM part, looks like Nicolas's patch requires to implement two
> wrappers for each arch:
>
>    void seccomp_jit_compile(struct seccomp_filter *fp);
>    void seccomp_jit_free(struct seccomp_filter *fp);
>
> The implementation of these wrappers is almost identical to:
>
>    void bpf_jit_compile(struct sk_filter *fp);
>    void bpf_jit_free(struct sk_filter *fp);
>
> While this patch uses a unified interface for both packet & seccomp filters.
>
>    bpf_func_t bpf_jit_compile(struct sock_filter *filter, unsigned int flen);
>    void bpf_jit_free(bpf_func_t bpf_func);
>
> Shouldn't be hard to merge though.

Hi,

I went for the solution I submitted because I wanted to avoid changes to the 
current bpf_jit_compile prototypes for all currently supported architectures 
(for most of which, I can only compile-test).

My solution also allows the seccomp jit code to be disabled while still 
allowing jit on socket filters (via a Kconfig option). This might be useful to 
some people.

Regards,

--
Nicolas Schichan
Freebox SAS
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/