diff options
| author | Nicolas Schichan <nschichan@freebox.fr> | 2013-04-26 10:58:53 +1000 |
|---|---|---|
| committer | Stephen Rothwell <sfr@canb.auug.org.au> | 2013-04-26 17:33:12 +1000 |
| commit | bbfe84e5abab6501ec2690a53e82f49ed77956aa (patch) | |
| tree | a32dd763570fada3f0ccdf47e55da73c69ed1276 | |
| parent | e4c67f4c0479d8e3cb0bdedd97c08598217e329b (diff) | |
ARM: net: bpf_jit: add support for jitted seccomp filters.
Select HAVE_SECCOMP_FILTER_JIT in the ARM Kconfig file, implement
seccomp_jit_compile() and seccomp_jit_free() and add support for
BPF_S_ANC_SECCOMP_LD_W instruction.
BPF_S_ANC_SECCOMP_LD_W instructions trigger the generation of a call to C
function seccomp_bpf_load().
Signed-off-by: Nicolas Schichan <nschichan@freebox.fr>
Cc: Will Drewry <wad@chromium.org>
Cc: Mircea Gherzan <mgherzan@gmail.com>
Cc: Nicolas Schichan <nschichan@freebox.fr>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Daniel Borkmann <daniel.borkmann@tik.ee.ethz.ch>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
| -rw-r--r-- | arch/arm/Kconfig | 1 | ||||
| -rw-r--r-- | arch/arm/net/bpf_jit_32.c | 37 |
2 files changed, 38 insertions, 0 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index aeeb51addc48..c38921984c92 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -25,6 +25,7 @@ config ARM select HAVE_ARCH_SECCOMP_FILTER select HAVE_ARCH_TRACEHOOK select HAVE_BPF_JIT + select HAVE_SECCOMP_FILTER_JIT select HAVE_C_RECORDMCOUNT select HAVE_DEBUG_KMEMLEAK select HAVE_DMA_API_DEBUG diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c index 2dab3e69a9b7..9775261e7930 100644 --- a/arch/arm/net/bpf_jit_32.c +++ b/arch/arm/net/bpf_jit_32.c @@ -548,6 +548,15 @@ load_common: emit_err_ret(ARM_COND_NE, ctx); emit(ARM_MOV_R(r_A, ARM_R0), ctx); break; +#ifdef CONFIG_SECCOMP_FILTER_JIT + case BPF_S_ANC_SECCOMP_LD_W: + ctx->seen |= SEEN_CALL; + emit_mov_i(ARM_R3, (u32)seccomp_bpf_load, ctx); + emit_mov_i(ARM_R0, k, ctx); + emit_blx_r(ARM_R3, ctx); + emit(ARM_MOV_R(r_A, ARM_R0), ctx); + break; +#endif case BPF_S_LD_W_IND: load_order = 2; goto load_ind; @@ -955,3 +964,31 @@ void bpf_jit_free(struct sk_filter *fp) schedule_work(work); } } + +#ifdef CONFIG_SECCOMP_FILTER_JIT +void seccomp_jit_compile(struct seccomp_filter *fp) +{ + struct jit_ctx ctx; + + memset(&ctx, 0, sizeof(ctx)); + ctx.prog_len = seccomp_filter_get_len(fp); + ctx.prog_insns = seccomp_filter_get_insns(fp); + + __bpf_jit_compile(&ctx); + if (ctx.target) + seccomp_filter_set_bpf_func(fp, (void *)ctx.target); +} + +void seccomp_jit_free(struct seccomp_filter *fp) +{ + struct work_struct *work; + void *bpf_func = seccomp_filter_get_bpf_func(fp); + + if (bpf_func != sk_run_filter) { + work = (struct work_struct *)bpf_func; + + INIT_WORK(work, bpf_jit_free_worker); + schedule_work(work); + } +} +#endif |