Re: [RFC PATCH v2 tip 0/7] 64-bit BPF insn set and tracing filters

From: Daniel Borkmann
Date: Thu Feb 13 2014 - 17:45:23 EST


On 02/13/2014 11:32 PM, H. Peter Anvin wrote:
On 02/06/2014 05:20 PM, Alexei Starovoitov wrote:

I believe that old BPF outlived itself and BPF64 should
replace it in all current use cases plus a lot more.
It just cannot happen at once.
BPF64 can come in. bpf32->bpf64 converter functioning.
JIT from bpf64->aarch64 and may be sparc64 needs to be in place.
Then old bpf can fade away.

I don't think that is doable any time soon. Right now pretty much all
mobile devices, for example, are 32 bits and they really want to use
syscall filtering for security. Performance matters greatly there.

Well, if that would be the case, then seccomp would have had JIT support
long ago. ;-) Right now BPF filters with seccomp are not JIT compiled
for _any_ architecture.

As such, 32-bit JIT support is going to be very important for a long
time to come.

True, I think that pretty much depends if we can manage to find a way
to cleanly integrate it into net/core/filter.c while still supporting
the old instructions as I've mentioned earlier.

-hpa


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/