]> git.baikalelectronics.ru Git - kernel.git/commit
bpf, seccomp: prepare for upcoming criu support
authorDaniel Borkmann <daniel@iogearbox.net>
Fri, 2 Oct 2015 13:17:33 +0000 (15:17 +0200)
committerDavid S. Miller <davem@davemloft.net>
Mon, 5 Oct 2015 13:47:05 +0000 (06:47 -0700)
commit50e976b6d179ab5a578767a7e4f7fbe3e032f3f3
tree1d561750b012be096fce1637fef60a65fbef1fa4
parentdf6a0717e52b6be10e34890d8a45a6fc786c4a9f
bpf, seccomp: prepare for upcoming criu support

The current ongoing effort to dump existing cBPF seccomp filters back
to user space requires to hold the pre-transformed instructions like
we do in case of socket filters from sk_attach_filter() side, so they
can be reloaded in original form at a later point in time by utilities
such as criu.

To prepare for this, simply extend the bpf_prog_create_from_user()
API to hold a flag that tells whether we should store the original
or not. Also, fanout filters could make use of that in future for
things like diag. While fanout filters already use bpf_prog_destroy(),
move seccomp over to them as well to handle original programs when
present.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Tycho Andersen <tycho.andersen@canonical.com>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Alexei Starovoitov <ast@plumgrid.com>
Tested-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/filter.h
kernel/seccomp.c
net/core/filter.c
net/packet/af_packet.c