From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shards.monkeyblade.net ([184.105.139.130]:45132 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751808AbeBTOzh (ORCPT ); Tue, 20 Feb 2018 09:55:37 -0500 Date: Tue, 20 Feb 2018 09:55:33 -0500 (EST) Message-Id: <20180220.095533.1556394952394943311.davem@davemloft.net> To: pablo@netfilter.org Cc: phil@nwl.cc, laforge@gnumonks.org, fw@strlen.de, daniel@iogearbox.net, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, alexei.starovoitov@gmail.com Subject: Re: [PATCH RFC 0/4] net: add bpfilter From: David Miller In-Reply-To: <20180220104431.xsrfvdaqbw6uxmwt@salvia> References: <20180219171411.GG15918@orbyte.nwl.cc> <20180219.122226.896334578399862770.davem@davemloft.net> <20180220104431.xsrfvdaqbw6uxmwt@salvia> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org List-ID: From: Pablo Neira Ayuso Date: Tue, 20 Feb 2018 11:44:31 +0100 > * Lack of sufficient abstraction: bpf is not only exposing its own > software bugs through its interface, but it will also bite the dust > with CPU bugs due to lack of glue code to hide details behind the > syscall interface curtain. That will need a kernel upgrade after all to > fix, so all benefits of adding new programs. We've even seem claims on > performance being more important than security in this mailing list. > Don't get me wrong, no software is safe from security issues, but if you > don't abstract your resources in the right way, you have more chance to > have experimence more problems. I find it surprising that the person who didn't even know that generating classical BPF was not appropriate in his patches is suddenly a complete expert on eBPF and all of it's shortcomings. Pablo, I am sincerely very disappointed in you, and if you continue to attack eBPF in such an ignorant way going forward we will have a very hard time taking you seriously at all. Thank you.