From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mga02.intel.com ([134.134.136.20]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fJjxf-0006hK-3O for speck@linutronix.de; Fri, 18 May 2018 20:18:40 +0200 Subject: [MODERATED] Re: Generic eBPF hardening References: <20180517222233.xk3favfebt4wiiid@ast-mbp> <20180517225448.GC4486@tassilo.jf.intel.com> <20180517232115.mwmns6w6t32mjeze@ast-mbp> From: Dave Hansen Message-ID: <31409ed3-62aa-cb1d-2145-203a686d98a7@linux.intel.com> Date: Fri, 18 May 2018 11:18:26 -0700 MIME-Version: 1.0 In-Reply-To: <20180517232115.mwmns6w6t32mjeze@ast-mbp> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On 05/17/2018 04:21 PM, speck for Alexei Starovoitov wrote: > The main use case for unprivileged bpf is so_reuseport and socket filters. > It's critical path of networking receive side. > Adding lfence after every program won't be cheap. Alexei, do you have any "benchmarks" or tests for these paths that you regularly run to look for performance regressions? I'd definitely want to run those as we look at potential mitigations.