diff options
Diffstat (limited to 'arch/arm/net/bpf_jit_32.c')
| -rw-r--r-- | arch/arm/net/bpf_jit_32.c | 93 |
1 files changed, 75 insertions, 18 deletions
diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c index 1a643ee8e082..eb4daba5e228 100644 --- a/arch/arm/net/bpf_jit_32.c +++ b/arch/arm/net/bpf_jit_32.c @@ -55,7 +55,8 @@ #define FLAG_NEED_X_RESET (1 << 0) struct jit_ctx { - const struct sk_filter *skf; + unsigned short prog_len; + struct sock_filter *prog_insns; unsigned idx; unsigned prologue_bytes; int ret0_fp_idx; @@ -131,8 +132,8 @@ static u16 saved_regs(struct jit_ctx *ctx) { u16 ret = 0; - if ((ctx->skf->len > 1) || - (ctx->skf->insns[0].code == BPF_S_RET_A)) + if ((ctx->prog_len > 1) || + (ctx->prog_insns[0].code == BPF_S_RET_A)) ret |= 1 << r_A; #ifdef CONFIG_FRAME_POINTER @@ -181,7 +182,7 @@ static inline bool is_load_to_a(u16 inst) static void build_prologue(struct jit_ctx *ctx) { u16 reg_set = saved_regs(ctx); - u16 first_inst = ctx->skf->insns[0].code; + u16 first_inst = ctx->prog_insns[0].code; u16 off; #ifdef CONFIG_FRAME_POINTER @@ -279,7 +280,7 @@ static u16 imm_offset(u32 k, struct jit_ctx *ctx) ctx->imms[i] = k; /* constants go just after the epilogue */ - offset = ctx->offsets[ctx->skf->len]; + offset = ctx->offsets[ctx->prog_len]; offset += ctx->prologue_bytes; offset += ctx->epilogue_bytes; offset += i * 4; @@ -419,7 +420,7 @@ static inline void emit_err_ret(u8 cond, struct jit_ctx *ctx) emit(ARM_MOV_R(ARM_R0, ARM_R0), ctx); } else { _emit(cond, ARM_MOV_I(ARM_R0, 0), ctx); - _emit(cond, ARM_B(b_imm(ctx->skf->len, ctx)), ctx); + _emit(cond, ARM_B(b_imm(ctx->prog_len, ctx)), ctx); } } @@ -469,14 +470,13 @@ static inline void update_on_xread(struct jit_ctx *ctx) static int build_body(struct jit_ctx *ctx) { void *load_func[] = {jit_get_skb_b, jit_get_skb_h, jit_get_skb_w}; - const struct sk_filter *prog = ctx->skf; const struct sock_filter *inst; unsigned i, load_order, off, condt; int imm12; u32 k; - for (i = 0; i < prog->len; i++) { - inst = &(prog->insns[i]); + for (i = 0; i < ctx->prog_len; i++) { + inst = &(ctx->prog_insns[i]); /* K as an immediate value operand */ k = inst->k; @@ -548,6 +548,15 @@ load_common: emit_err_ret(ARM_COND_NE, ctx); emit(ARM_MOV_R(r_A, ARM_R0), ctx); break; +#ifdef CONFIG_SECCOMP_FILTER_JIT + case BPF_S_ANC_SECCOMP_LD_W: + ctx->seen |= SEEN_CALL; + emit_mov_i(ARM_R3, (u32)seccomp_bpf_load, ctx); + emit_mov_i(ARM_R0, k, ctx); + emit_blx_r(ARM_R3, ctx); + emit(ARM_MOV_R(r_A, ARM_R0), ctx); + break; +#endif case BPF_S_LD_W_IND: load_order = 2; goto load_ind; @@ -769,8 +778,8 @@ cmp_x: ctx->ret0_fp_idx = i; emit_mov_i(ARM_R0, k, ctx); b_epilogue: - if (i != ctx->skf->len - 1) - emit(ARM_B(b_imm(prog->len, ctx)), ctx); + if (i != ctx->prog_len - 1) + emit(ARM_B(b_imm(ctx->prog_len, ctx)), ctx); break; case BPF_S_MISC_TAX: /* X = A */ @@ -858,7 +867,7 @@ b_epilogue: } -void bpf_jit_compile(struct sk_filter *fp) +static void __bpf_jit_compile(struct jit_ctx *out_ctx) { struct jit_ctx ctx; unsigned tmp_idx; @@ -867,11 +876,10 @@ void bpf_jit_compile(struct sk_filter *fp) if (!bpf_jit_enable) return; - memset(&ctx, 0, sizeof(ctx)); - ctx.skf = fp; + ctx = *out_ctx; ctx.ret0_fp_idx = -1; - ctx.offsets = kzalloc(4 * (ctx.skf->len + 1), GFP_KERNEL); + ctx.offsets = kzalloc(4 * (ctx.prog_len + 1), GFP_KERNEL); if (ctx.offsets == NULL) return; @@ -919,14 +927,27 @@ void bpf_jit_compile(struct sk_filter *fp) if (bpf_jit_enable > 1) /* there are 2 passes here */ - bpf_jit_dump(fp->len, alloc_size, 2, ctx.target); - - fp->bpf_func = (void *)ctx.target; + bpf_jit_dump(ctx.prog_len, alloc_size, 2, ctx.target); out: kfree(ctx.offsets); + + *out_ctx = ctx; return; } +void bpf_jit_compile(struct sk_filter *fp) +{ + struct jit_ctx ctx; + + memset(&ctx, 0, sizeof(ctx)); + ctx.prog_len = fp->len; + ctx.prog_insns = fp->insns; + + __bpf_jit_compile(&ctx); + if (ctx.target) + fp->bpf_func = (void *)ctx.target; +} + static void bpf_jit_free_worker(struct work_struct *work) { module_free(NULL, work); @@ -937,9 +958,45 @@ void bpf_jit_free(struct sk_filter *fp) struct work_struct *work; if (fp->bpf_func != sk_run_filter) { + /* + * bpf_jit_free() can be called from softirq; module_free() + * requires process context. + */ work = (struct work_struct *)fp->bpf_func; INIT_WORK(work, bpf_jit_free_worker); schedule_work(work); } } + +#ifdef CONFIG_SECCOMP_FILTER_JIT +void seccomp_jit_compile(struct seccomp_filter *fp) +{ + struct jit_ctx ctx; + + memset(&ctx, 0, sizeof(ctx)); + ctx.prog_len = seccomp_filter_get_len(fp); + ctx.prog_insns = seccomp_filter_get_insns(fp); + + __bpf_jit_compile(&ctx); + if (ctx.target) + seccomp_filter_set_bpf_func(fp, (void *)ctx.target); +} + +void seccomp_jit_free(struct seccomp_filter *fp) +{ + struct work_struct *work; + void *bpf_func = seccomp_filter_get_bpf_func(fp); + + if (bpf_func != sk_run_filter) { + /* + * seccomp_jit_free() can be called from softirq; module_free() + * requires process context. + */ + work = (struct work_struct *)bpf_func; + + INIT_WORK(work, bpf_jit_free_worker); + schedule_work(work); + } +} +#endif |