seccomp, filter: add and use bpf_prog_create_from_user from seccomp
authorDaniel Borkmann <daniel@iogearbox.net>
Wed, 6 May 2015 14:12:30 +0000 (16:12 +0200)
committerDavid S. Miller <davem@davemloft.net>
Sat, 9 May 2015 21:35:05 +0000 (17:35 -0400)
commitac67eb2c5347bd9976308c0e0cf1d9e7ca690342
tree0a4b80cd5adb5f5ce8ed3f74644da7ed029b1f77
parent658da9379d0e1aa1e3e40c9b795357ada818b1c8
seccomp, filter: add and use bpf_prog_create_from_user from seccomp

Seccomp has always been a special candidate when it comes to preparation
of its filters in seccomp_prepare_filter(). Due to the extra checks and
filter rewrite it partially duplicates code and has BPF internals exposed.

This patch adds a generic API inside the BPF code code that seccomp can use
and thus keep it's filter preparation code minimal and better maintainable.
The other side-effect is that now classic JITs can add seccomp support as
well by only providing a BPF_LDX | BPF_W | BPF_ABS translation.

Tested with seccomp and BPF test suites.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Nicolas Schichan <nschichan@freebox.fr>
Cc: Alexei Starovoitov <ast@plumgrid.com>
Cc: Kees Cook <keescook@chromium.org>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/filter.h
kernel/seccomp.c
net/core/filter.c