From: David Ahern <dsa@cumulusnetworks.com>
To: netdev@vger.kernel.org, alexei.starovoitov@gmail.com,
daniel@iogearbox.net
Cc: roopa@cumulusnetworks.com, David Ahern <dsa@cumulusnetworks.com>
Subject: [RFC PATCH net-next 1/2] bpf: Save original ebpf instructions
Date: Fri, 3 Feb 2017 12:38:22 -0800 [thread overview]
Message-ID: <1486154303-32278-2-git-send-email-dsa@cumulusnetworks.com> (raw)
In-Reply-To: <1486154303-32278-1-git-send-email-dsa@cumulusnetworks.com>
Similar to classic bpf, support saving original ebpf instructions
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
---
include/linux/filter.h | 5 ++++-
kernel/bpf/syscall.c | 36 ++++++++++++++++++++++++++++++++++++
2 files changed, 40 insertions(+), 1 deletion(-)
diff --git a/include/linux/filter.h b/include/linux/filter.h
index e4eb2546339a..86b1e3624463 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -391,7 +391,10 @@ struct compat_sock_fprog {
struct sock_fprog_kern {
u16 len;
- struct sock_filter *filter;
+ union {
+ struct sock_filter *filter;
+ struct bpf_insn *insn;
+ };
};
struct bpf_binary_header {
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 08a4d287226b..95e640a3ed99 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -694,11 +694,43 @@ static void bpf_prog_uncharge_memlock(struct bpf_prog *prog)
free_uid(user);
}
+static int bpf_prog_store_orig_insn(struct bpf_prog *prog)
+{
+ u32 isize = bpf_prog_insn_size(prog);
+ struct sock_fprog_kern *fkprog;
+
+ prog->orig_prog = kmalloc(sizeof(*fkprog), GFP_KERNEL);
+ if (!prog->orig_prog)
+ return -ENOMEM;
+
+ fkprog = prog->orig_prog;
+ fkprog->len = prog->len;
+
+ fkprog->insn = kmemdup(prog->insnsi, isize, GFP_KERNEL | __GFP_NOWARN);
+ if (!fkprog->insn) {
+ kfree(prog->orig_prog);
+ return -ENOMEM;
+ }
+
+ return 0;
+}
+
+static void bpf_release_orig_insn(struct bpf_prog *fp)
+{
+ struct sock_fprog_kern *fprog = fp->orig_prog;
+
+ if (fprog) {
+ kfree(fprog->insn);
+ kfree(fprog);
+ }
+}
+
static void __bpf_prog_put_rcu(struct rcu_head *rcu)
{
struct bpf_prog_aux *aux = container_of(rcu, struct bpf_prog_aux, rcu);
free_used_maps(aux);
+ bpf_release_orig_insn(aux->prog);
bpf_prog_uncharge_memlock(aux->prog);
bpf_prog_free(aux->prog);
}
@@ -885,6 +917,10 @@ static int bpf_prog_load(union bpf_attr *attr)
if (err < 0)
goto free_prog;
+ err = bpf_prog_store_orig_insn(prog);
+ if (err < 0)
+ goto free_prog;
+
/* run eBPF verifier */
err = bpf_check(&prog, attr);
if (err < 0)
--
2.1.4
next prev parent reply other threads:[~2017-02-03 20:38 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-03 20:38 [RFC PATCH net-next 0/2] bpf: Allow retrieval of ebpf filters David Ahern
2017-02-03 20:38 ` David Ahern [this message]
2017-02-03 21:09 ` [RFC PATCH net-next 1/2] bpf: Save original ebpf instructions Daniel Borkmann
2017-02-03 22:28 ` David Ahern
2017-02-06 10:56 ` Quentin Monnet
2017-02-06 14:13 ` Daniel Borkmann
2017-02-06 19:21 ` Alexei Starovoitov
2017-02-07 17:22 ` David Ahern
2017-02-08 10:52 ` Daniel Borkmann
2017-02-08 19:40 ` David Ahern
2017-02-09 1:28 ` David Ahern
2017-02-09 11:25 ` Daniel Borkmann
2017-02-10 5:22 ` Alexei Starovoitov
2017-02-10 22:45 ` Daniel Borkmann
2017-02-03 20:38 ` [RFC PATCH net-next 2/2] bpf: Add support to retrieve program attached to a cgroup David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1486154303-32278-2-git-send-email-dsa@cumulusnetworks.com \
--to=dsa@cumulusnetworks.com \
--cc=alexei.starovoitov@gmail.com \
--cc=daniel@iogearbox.net \
--cc=netdev@vger.kernel.org \
--cc=roopa@cumulusnetworks.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).