From: Greg KH <gregkh@linuxfoundation.org>
To: David Miller <davem@davemloft.net>
Cc: ast@kernel.org, daniel@iogearbox.net,
torvalds@linux-foundation.org, luto@amacapital.net,
mcgrof@kernel.org, keescook@chromium.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, kernel-team@fb.com
Subject: Re: [PATCH v3 net-next 0/2] bpfilter
Date: Wed, 23 May 2018 19:33:51 +0200 [thread overview]
Message-ID: <20180523173351.GA10104@kroah.com> (raw)
In-Reply-To: <20180523.132648.459690706167609338.davem@davemloft.net>
On Wed, May 23, 2018 at 01:26:48PM -0400, David Miller wrote:
> From: Alexei Starovoitov <ast@kernel.org>
> Date: Mon, 21 May 2018 19:22:28 -0700
>
> > v2->v3:
> > - followed Luis's suggestion and significantly simplied first patch
> > with shmem_kernel_file_setup+kernel_write. Added kdoc for new helper
> > - fixed typos and race to access pipes with mutex
> > - tested with bpfilter being 'builtin'. CONFIG_BPFILTER_UMH=y|m both work.
> > Interesting to see a usermode executable being embedded inside vmlinux.
> > - it doesn't hurt to enable bpfilter in .config.
> > ip_setsockopt commands sent to usermode via pipes and -ENOPROTOOPT is
> > returned from userspace, so kernel falls back to original iptables code
> >
> > v1->v2:
> > this patch set is almost a full rewrite of the earlier umh modules approach
> > The v1 of patches and follow up discussion was covered by LWN:
> > https://lwn.net/Articles/749108/
> >
> > I believe the v2 addresses all issues brought up by Andy and others.
> > Mainly there are zero changes to kernel/module.c
> > Instead of teaching module loading logic to recognize special
> > umh module, let normal kernel modules execute part of its own
> > .init.rodata as a new user space process (Andy's idea)
> > Patch 1 introduces this new helper:
> > int fork_usermode_blob(void *data, size_t len, struct umh_info *info);
> > Input:
> > data + len == executable file
> > Output:
> > struct umh_info {
> > struct file *pipe_to_umh;
> > struct file *pipe_from_umh;
> > pid_t pid;
> > };
>
> Series applied, let the madness begin... :-)
Yeah, this is going to be fun :)
next prev parent reply other threads:[~2018-05-23 17:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-22 2:22 [PATCH v3 net-next 0/2] bpfilter Alexei Starovoitov
2018-05-22 2:22 ` [PATCH v3 net-next 1/2] umh: introduce fork_usermode_blob() helper Alexei Starovoitov
2018-05-22 2:22 ` [PATCH v3 net-next 2/2] net: add skeleton of bpfilter kernel module Alexei Starovoitov
2018-05-23 17:26 ` [PATCH v3 net-next 0/2] bpfilter David Miller
2018-05-23 17:33 ` Greg KH [this message]
2018-05-24 1:33 ` Jakub Kicinski
2018-05-24 1:50 ` Jakub Kicinski
2018-05-24 2:09 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180523173351.GA10104@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=keescook@chromium.org \
--cc=kernel-team@fb.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mcgrof@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.