Re: [PATCH v4 net-next 5/5] net: filter: split 'struct sk_filter' into socket and bpf parts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 1, 2014 at 12:03 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>> > I think you can allocate the sk_filter once you get the final bpf
>> > program, then you can memcpy() it. This adds some extra overhead in
>> > the sk_attach_filter(), but that path is executed from user context
>> > and it's also a rare operation (only once to attach the filter). It's
>> > still not going to be a beauty, but IMO it's worth to focus on getting
>> > that little speed up in the packet path at the cost of adding some
>> > overhead on the socket attach path.
>>
>> memcpy of 'bpf_prog' is not just 'not a beauty', it won't work, since
>> bpf_prog is freed via work_queue due to JIT. See bpf_jit_free()
> [...]
>
> I see, in this patch you renamed sk_filter to bpf_prog in
> bpf_jit_free() so no access to sk_filter anymore and alignment needs a
> closer look.
>
> OK... let's stick to the struct bpf_prog pointer.

great. Once nft comes along we can always revisit this bit.

Dave, this patch has trivial conflict with Daniel's
("team: fix releasing uninitialized pointer to BPF prog") fix.
Let me know if you want me to respin the series or you'll patch up
the conflict yourself.

Thanks
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux