On Fri, Aug 1, 2014 at 12:03 PM, Pablo Neira Ayuso [off-list ref] wrote:

quoted

quoted

I think you can allocate the sk_filter once you get the final bpf
program, then you can memcpy() it. This adds some extra overhead in
the sk_attach_filter(), but that path is executed from user context
and it's also a rare operation (only once to attach the filter). It's
still not going to be a beauty, but IMO it's worth to focus on getting
that little speed up in the packet path at the cost of adding some
overhead on the socket attach path.

memcpy of 'bpf_prog' is not just 'not a beauty', it won't work, since
bpf_prog is freed via work_queue due to JIT. See bpf_jit_free()

[...]

I see, in this patch you renamed sk_filter to bpf_prog in
bpf_jit_free() so no access to sk_filter anymore and alignment needs a
closer look.

OK... let's stick to the struct bpf_prog pointer.

great. Once nft comes along we can always revisit this bit.

Dave, this patch has trivial conflict with Daniel's
("team: fix releasing uninitialized pointer to BPF prog") fix.
Let me know if you want me to respin the series or you'll patch up
the conflict yourself.

Thanks