diff mbox

[net-next] filter: add XOR instruction for use with X/K

Message ID 20120924122359.GB25156@thinkbox
State Accepted, archived
Delegated to: David Miller
Headers show

Commit Message

Daniel Borkmann Sept. 24, 2012, 12:23 p.m. UTC 
BPF_S_ANC_ALU_XOR_X has been added a while ago, but as an 'ancillary'
operation that is invoked through a negative offset in K within BPF
load operations. Since BPF_MOD has recently been added, BPF_XOR should
also be part of the common ALU operations. Removing BPF_S_ANC_ALU_XOR_X
might not be an option since this is exposed to user space.

Signed-off-by: Daniel Borkmann <daniel.borkmann@tik.ee.ethz.ch>
---
 include/linux/filter.h |    3 +++
 net/core/filter.c      |   12 +++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Eric Dumazet Sept. 24, 2012, 1:43 p.m. UTC | #1 
On Mon, 2012-09-24 at 14:23 +0200, Daniel Borkmann wrote:
> BPF_S_ANC_ALU_XOR_X has been added a while ago, but as an 'ancillary'
> operation that is invoked through a negative offset in K within BPF
> load operations. Since BPF_MOD has recently been added, BPF_XOR should
> also be part of the common ALU operations. Removing BPF_S_ANC_ALU_XOR_X
> might not be an option since this is exposed to user space.

Please note we dont expose BPF_S_ANC_ALU_XOR_X to user space.

We expose SKF_AD_ALU_XOR_X instead.

But it seems easier to leave it to keep this patch small (not touching
various JIT implementations, even if followup are welcomed)

Acked-by: Eric Dumazet <edumazet@google.com>


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Daniel Borkmann Sept. 24, 2012, 1:50 p.m. UTC | #2 
Eric Dumazet <eric.dumazet@gmail.com> [2012-09-24 15:43:48 +0200] wrote:
> On Mon, 2012-09-24 at 14:23 +0200, Daniel Borkmann wrote:
> > BPF_S_ANC_ALU_XOR_X has been added a while ago, but as an 'ancillary'
> > operation that is invoked through a negative offset in K within BPF
> > load operations. Since BPF_MOD has recently been added, BPF_XOR should
> > also be part of the common ALU operations. Removing BPF_S_ANC_ALU_XOR_X
> > might not be an option since this is exposed to user space.
> 
> Please note we dont expose BPF_S_ANC_ALU_XOR_X to user space.
> 
> We expose SKF_AD_ALU_XOR_X instead.

Indeed. Sorry for that typo.
 
> But it seems easier to leave it to keep this patch small (not touching
> various JIT implementations, even if followup are welcomed)
> 
> Acked-by: Eric Dumazet <edumazet@google.com>
> 
> 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller Sept. 24, 2012, 8:50 p.m. UTC | #3 
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Mon, 24 Sep 2012 15:43:48 +0200

> On Mon, 2012-09-24 at 14:23 +0200, Daniel Borkmann wrote:
>> BPF_S_ANC_ALU_XOR_X has been added a while ago, but as an 'ancillary'
>> operation that is invoked through a negative offset in K within BPF
>> load operations. Since BPF_MOD has recently been added, BPF_XOR should
>> also be part of the common ALU operations. Removing BPF_S_ANC_ALU_XOR_X
>> might not be an option since this is exposed to user space.
> 
> Please note we dont expose BPF_S_ANC_ALU_XOR_X to user space.
> 
> We expose SKF_AD_ALU_XOR_X instead.
> 
> But it seems easier to leave it to keep this patch small (not touching
> various JIT implementations, even if followup are welcomed)
> 
> Acked-by: Eric Dumazet <edumazet@google.com>

I applied this, fixing the commit message to refer to SKF_AD_ALU_XOR_X
instead of BPF_S_ANC_ALU_XOR_X.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Daniel Borkmann Sept. 24, 2012, 9:02 p.m. UTC | #4 
David Miller <davem@davemloft.net> [2012-09-24 16:50:05 -0400] wrote:
> From: Eric Dumazet <eric.dumazet@gmail.com>
> Date: Mon, 24 Sep 2012 15:43:48 +0200
> > On Mon, 2012-09-24 at 14:23 +0200, Daniel Borkmann wrote:
> >> BPF_S_ANC_ALU_XOR_X has been added a while ago, but as an 'ancillary'
> >> operation that is invoked through a negative offset in K within BPF
> >> load operations. Since BPF_MOD has recently been added, BPF_XOR should
> >> also be part of the common ALU operations. Removing BPF_S_ANC_ALU_XOR_X
> >> might not be an option since this is exposed to user space.
> > 
> > Please note we dont expose BPF_S_ANC_ALU_XOR_X to user space.
> > 
> > We expose SKF_AD_ALU_XOR_X instead.
> > 
> > But it seems easier to leave it to keep this patch small (not touching
> > various JIT implementations, even if followup are welcomed)
> > 
> > Acked-by: Eric Dumazet <edumazet@google.com>
> 
> I applied this, fixing the commit message to refer to SKF_AD_ALU_XOR_X
> instead of BPF_S_ANC_ALU_XOR_X.

Thanks David!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/include/linux/filter.h b/include/linux/filter.h
index 3cf5fd5..2ded090 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -75,6 +75,7 @@  struct sock_fprog {	/* Required for SO_ATTACH_FILTER. */
 #define         BPF_RSH         0x70
 #define         BPF_NEG         0x80
 #define		BPF_MOD		0x90
+#define		BPF_XOR		0xa0
 
 #define         BPF_JA          0x00
 #define         BPF_JEQ         0x10
@@ -204,6 +205,8 @@  enum {
 	BPF_S_ALU_AND_X,
 	BPF_S_ALU_OR_K,
 	BPF_S_ALU_OR_X,
+	BPF_S_ALU_XOR_K,
+	BPF_S_ALU_XOR_X,
 	BPF_S_ALU_LSH_K,
 	BPF_S_ALU_LSH_X,
 	BPF_S_ALU_RSH_K,
diff --git a/net/core/filter.c b/net/core/filter.c
index fbe3a8d..3d92ebb 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -187,6 +187,13 @@  unsigned int sk_run_filter(const struct sk_buff *skb,
 		case BPF_S_ALU_OR_K:
 			A |= K;
 			continue;
+		case BPF_S_ANC_ALU_XOR_X:
+		case BPF_S_ALU_XOR_X:
+			A ^= X;
+			continue;
+		case BPF_S_ALU_XOR_K:
+			A ^= K;
+			continue;
 		case BPF_S_ALU_LSH_X:
 			A <<= X;
 			continue;
@@ -334,9 +341,6 @@  load_b:
 		case BPF_S_ANC_CPU:
 			A = raw_smp_processor_id();
 			continue;
-		case BPF_S_ANC_ALU_XOR_X:
-			A ^= X;
-			continue;
 		case BPF_S_ANC_NLATTR: {
 			struct nlattr *nla;
 
@@ -483,6 +487,8 @@  int sk_chk_filter(struct sock_filter *filter, unsigned int flen)
 		[BPF_ALU|BPF_AND|BPF_X]  = BPF_S_ALU_AND_X,
 		[BPF_ALU|BPF_OR|BPF_K]   = BPF_S_ALU_OR_K,
 		[BPF_ALU|BPF_OR|BPF_X]   = BPF_S_ALU_OR_X,
+		[BPF_ALU|BPF_XOR|BPF_K]  = BPF_S_ALU_XOR_K,
+		[BPF_ALU|BPF_XOR|BPF_X]  = BPF_S_ALU_XOR_X,
 		[BPF_ALU|BPF_LSH|BPF_K]  = BPF_S_ALU_LSH_K,
 		[BPF_ALU|BPF_LSH|BPF_X]  = BPF_S_ALU_LSH_X,
 		[BPF_ALU|BPF_RSH|BPF_K]  = BPF_S_ALU_RSH_K,