[PATCH net-next 0/9] BPF updates

From: Daniel Borkmann <dborkman@redhat.com>
To: davem@davemloft.net
Cc: ast@plumgrid.com, netdev@vger.kernel.org
Subject: [PATCH net-next 0/9] BPF updates
Date: Fri, 21 Mar 2014 13:20:09 +0100	[thread overview]
Message-ID: <1395404418-25376-1-git-send-email-dborkman@redhat.com> (raw)

We sat down and have heavily reworked the whole previous patchset
from v10 [1] to address all comments/concerns. This patchset therefore
*replaces* the internal BPF interpreter with the new layout as
discussed in [1], and migrates some exotic callers to properly use the
BPF API for a transparent upgrade. All other callers that already use
the BPF API in a way it should be used, need no further changes to run
the new internals. We also removed the sysctl knob entirely, and do not
expose any structure to userland, so that implementation details only
reside in kernel space. Since we are replacing the interpreter we had
to migrate seccomp in one patch along with the interpreter to not break
anything. When attaching a new filter, the flow can be described as
following: i) test if jit compiler is enabled and can compile the user
BPF, ii) if so, then go for it, iii) if not, then transparently migrate
the filter into the new representation, and run it in the interpreter.
Also, we have scratched the jit flag from the len attribute and made it
as initial patch in this series as Pablo has suggested in the last
feedback, thanks. For details, please refer to the patches themself.

We did extensive testing of BPF and seccomp on the new interpreter
itself and also on the user ABIs and could not find any issues; new
performance numbers as posted in patch 8 are also still the same.

Please find more details in the patches themselves.

For all the previous history from v1 to v10, see [1]. We have decided
to drop the v11 as we have pedantically reworked the set, but of course,
included all previous feedback.

Rebased to latest net-next.

Thanks !

  [1] http://thread.gmane.org/gmane.linux.kernel/1665858

Alexei Starovoitov (2):
  net: filter: rework/optimize internal BPF interpreter's instruction set
  doc: filter: extend BPF documentation to document new internals

Daniel Borkmann (7):
  net: filter: add jited flag to indicate jit compiled filters
  net: filter: keep original BPF program around
  net: filter: move filter accounting to filter core
  net: ptp: use sk_unattached_filter_create() for BPF
  net: ptp: do not reimplement PTP/BPF classifier
  net: ppp: use sk_unattached_filter api
  net: isdn: use sk_unattached_filter api

 Documentation/networking/filter.txt                |  147 ++
 arch/arm/net/bpf_jit_32.c                          |    3 +-
 arch/powerpc/net/bpf_jit_comp.c                    |    3 +-
 arch/s390/net/bpf_jit_comp.c                       |    5 +-
 arch/sparc/net/bpf_jit_comp.c                      |    3 +-
 arch/x86/net/bpf_jit_comp.c                        |    3 +-
 drivers/isdn/i4l/isdn_ppp.c                        |   61 +-
 .../net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c   |   11 +-
 drivers/net/ethernet/ti/cpts.c                     |   10 +-
 drivers/net/ethernet/xscale/ixp4xx_eth.c           |   11 +-
 drivers/net/ppp/ppp_generic.c                      |   60 +-
 include/linux/filter.h                             |  110 +-
 include/linux/isdn_ppp.h                           |    5 +-
 include/linux/ptp_classify.h                       |   14 +-
 include/linux/seccomp.h                            |    1 -
 include/net/sock.h                                 |   27 -
 kernel/seccomp.c                                   |  119 +-
 net/core/filter.c                                  | 1523 ++++++++++++++++----
 net/core/sock_diag.c                               |   23 +-
 net/core/timestamping.c                            |   27 +-
 20 files changed, 1630 insertions(+), 536 deletions(-)

-- 
1.7.11.7