On Fri, Aug 1, 2014 at 12:03 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: >> > I think you can allocate the sk_filter once you get the final bpf >> > program, then you can memcpy() it. This adds some extra overhead in >> > the sk_attach_filter(), but that path is executed from user context >> > and it's also a rare operation (only once to attach the filter). It's >> > still not going to be a beauty, but IMO it's worth to focus on getting >> > that little speed up in the packet path at the cost of adding some >> > overhead on the socket attach path. >> >> memcpy of 'bpf_prog' is not just 'not a beauty', it won't work, since >> bpf_prog is freed via work_queue due to JIT. See bpf_jit_free() > [...] > > I see, in this patch you renamed sk_filter to bpf_prog in > bpf_jit_free() so no access to sk_filter anymore and alignment needs a > closer look. > > OK... let's stick to the struct bpf_prog pointer. great. Once nft comes along we can always revisit this bit. Dave, this patch has trivial conflict with Daniel's ("team: fix releasing uninitialized pointer to BPF prog") fix. Let me know if you want me to respin the series or you'll patch up the conflict yourself. Thanks -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html