From: Daniel Borkmann <dborkman@redhat.com>
To: Alexei Starovoitov <ast@plumgrid.com>
Cc: "David S. Miller" <davem@davemloft.net>,
Ingo Molnar <mingo@kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Chema Gonzalez <chema@google.com>,
Eric Dumazet <edumazet@google.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Arnaldo Carvalho de Melo <acme@infradead.org>,
Jiri Olsa <jolsa@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>,
Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Network Development <netdev@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 net-next 0/2] split BPF out of core networking
Date: Mon, 02 Jun 2014 19:04:38 +0200 [thread overview]
Message-ID: <538CAEA6.4060307@redhat.com> (raw)
In-Reply-To: <CAMEtUuzkjZCsReWH9cZs8AU0mJjZH9YOdCBTWusxe6-NZ9mQ=g@mail.gmail.com>
On 06/02/2014 05:41 PM, Alexei Starovoitov wrote:
...
> Glad you brought up this point :)
> 100% agree that current double verification done by seccomp is far from
> being generic and quite hard to maintain, since any change done to
> classic BPF verifier needs to be thought through from seccomp_check_filter()
> perspective as well.
Glad we're on the same page.
> BPF's input context, set of allowed calls need to be expressed in a generic way.
> Obviously this split by itself won't make classic BPF all of a sudden generic.
> It rather defines a boundary of eBPF core.
Note, I'm not at all against using it in tracing, I think it's probably
a good idea, but shouldn't we _first_ think about how to overcome such
deficits as above by improving upon its in-kernel API design, thus to
better prepare it to be generic? I feel this step is otherwise just
skipped and quickly 'hacked' around ... ;)
next prev parent reply other threads:[~2014-06-02 17:05 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-02 7:01 [PATCH v2 net-next 0/2] split BPF out of core networking Alexei Starovoitov
2014-06-02 7:01 ` [PATCH v2 net-next 1/2] net: filter: split filter.c into two files Alexei Starovoitov
2014-06-02 7:01 ` [PATCH v2 net-next 2/2] net: filter: split BPF out of core networking Alexei Starovoitov
2014-06-02 8:57 ` [PATCH v2 net-next 0/2] " Daniel Borkmann
2014-06-02 15:41 ` Alexei Starovoitov
2014-06-02 17:04 ` Daniel Borkmann [this message]
2014-06-02 19:02 ` Alexei Starovoitov
2014-06-03 8:56 ` Daniel Borkmann
2014-06-03 15:44 ` Alexei Starovoitov
2014-06-03 20:35 ` Daniel Borkmann
2014-06-03 20:58 ` Alexei Starovoitov
2014-06-03 21:40 ` Chema Gonzalez
2014-06-04 0:38 ` Alexei Starovoitov
2014-06-20 16:44 ` Chema Gonzalez
2014-06-23 9:18 ` David Laight
2014-06-23 9:18 ` David Laight
2014-06-23 21:57 ` Alexei Starovoitov
2014-06-24 8:33 ` Daniel Borkmann
2014-06-02 13:15 ` Jonathan Corbet
2014-06-02 13:24 ` Steven Rostedt
2014-06-02 14:16 ` Arnaldo Carvalho de Melo
2014-06-02 14:57 ` Alexei Starovoitov
2014-06-03 18:16 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=538CAEA6.4060307@redhat.com \
--to=dborkman@redhat.com \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=ast@plumgrid.com \
--cc=chema@google.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=hpa@zytor.com \
--cc=jolsa@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.