From: Daniel Borkmann <dborkman@redhat.com>
To: Alexei Starovoitov <ast@plumgrid.com>
Cc: "David S. Miller" <davem@davemloft.net>,
Ingo Molnar <mingo@kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Chema Gonzalez <chema@google.com>,
Eric Dumazet <edumazet@google.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Arnaldo Carvalho de Melo <acme@infradead.org>,
Jiri Olsa <jolsa@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>,
Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Network Development <netdev@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 net-next 0/2] split BPF out of core networking
Date: Mon, 02 Jun 2014 19:04:38 +0200 [thread overview]
Message-ID: <538CAEA6.4060307@redhat.com> (raw)
In-Reply-To: <CAMEtUuzkjZCsReWH9cZs8AU0mJjZH9YOdCBTWusxe6-NZ9mQ=g@mail.gmail.com>
On 06/02/2014 05:41 PM, Alexei Starovoitov wrote:
...
> Glad you brought up this point :)
> 100% agree that current double verification done by seccomp is far from
> being generic and quite hard to maintain, since any change done to
> classic BPF verifier needs to be thought through from seccomp_check_filter()
> perspective as well.
Glad we're on the same page.
> BPF's input context, set of allowed calls need to be expressed in a generic way.
> Obviously this split by itself won't make classic BPF all of a sudden generic.
> It rather defines a boundary of eBPF core.
Note, I'm not at all against using it in tracing, I think it's probably
a good idea, but shouldn't we _first_ think about how to overcome such
deficits as above by improving upon its in-kernel API design, thus to
better prepare it to be generic? I feel this step is otherwise just
skipped and quickly 'hacked' around ... ;)
next prev parent reply other threads:[~2014-06-02 17:04 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-02 7:01 [PATCH v2 net-next 0/2] split BPF out of core networking Alexei Starovoitov
2014-06-02 7:01 ` [PATCH v2 net-next 1/2] net: filter: split filter.c into two files Alexei Starovoitov
2014-06-02 7:01 ` [PATCH v2 net-next 2/2] net: filter: split BPF out of core networking Alexei Starovoitov
2014-06-02 8:57 ` [PATCH v2 net-next 0/2] " Daniel Borkmann
2014-06-02 15:41 ` Alexei Starovoitov
2014-06-02 17:04 ` Daniel Borkmann [this message]
2014-06-02 19:02 ` Alexei Starovoitov
2014-06-03 8:56 ` Daniel Borkmann
2014-06-03 15:44 ` Alexei Starovoitov
2014-06-03 20:35 ` Daniel Borkmann
2014-06-03 20:58 ` Alexei Starovoitov
2014-06-03 21:40 ` Chema Gonzalez
2014-06-04 0:38 ` Alexei Starovoitov
2014-06-20 16:44 ` Chema Gonzalez
2014-06-23 9:18 ` David Laight
2014-06-23 21:57 ` Alexei Starovoitov
2014-06-24 8:33 ` Daniel Borkmann
2014-06-02 13:15 ` Jonathan Corbet
2014-06-02 13:24 ` Steven Rostedt
2014-06-02 14:16 ` Arnaldo Carvalho de Melo
2014-06-02 14:57 ` Alexei Starovoitov
2014-06-03 18:16 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=538CAEA6.4060307@redhat.com \
--to=dborkman@redhat.com \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=ast@plumgrid.com \
--cc=chema@google.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=hpa@zytor.com \
--cc=jolsa@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).