Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752599Ab2BQEvl (ORCPT ); Thu, 16 Feb 2012 23:51:41 -0500 Received: from smarthost1.greenhost.nl ([195.190.28.78]:39516 "EHLO smarthost1.greenhost.nl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751036Ab2BQEvi (ORCPT ); Thu, 16 Feb 2012 23:51:38 -0500 Message-ID: In-Reply-To: <4F3DD30A.6030008@zytor.com> References: <1329422549-16407-1-git-send-email-wad@chromium.org> <1329422549-16407-3-git-send-email-wad@chromium.org> <4F3D61CB.2000301@zytor.com> <4F3D7250.6040504@zytor.com> <501858544d264abc6526f2b25a224f2b.squirrel@webmail.greenhost.nl> <4F3DAE5D.3080000@zytor.com> <4F3DB9E8.7040406@zytor.com> <4F3DD30A.6030008@zytor.com> Date: Fri, 17 Feb 2012 05:51:25 +0100 Subject: Re: [PATCH v8 3/8] seccomp: add system call filtering using BPF From: "Indan Zupancic" To: "H. Peter Anvin" Cc: "Andrew Lutomirski" , "Will Drewry" , linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, kernel-hardening@lists.openwall.com, netdev@vger.kernel.org, x86@kernel.org, arnd@arndb.de, davem@davemloft.net, mingo@redhat.com, oleg@redhat.com, peterz@infradead.org, rdunlap@xenotime.net, mcgrathr@chromium.org, tglx@linutronix.de, eparis@redhat.com, serge.hallyn@canonical.com, djm@mindrot.org, scarybeasts@gmail.com, pmoore@redhat.com, akpm@linux-foundation.org, corbet@lwn.net, eric.dumazet@gmail.com, markus@chromium.org, keescook@chromium.org User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 Content-Type: text/plain;charset=UTF-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Score: 0.1 X-Scan-Signature: 51a43cd7ff6838d9e9bce89dbcde6c26 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1336 Lines: 33 On Fri, February 17, 2012 05:09, H. Peter Anvin wrote: > On 02/16/2012 07:27 PM, Indan Zupancic wrote: >> >> A JIT won't be able to merge accesses because it also has to merge other >> instructions and recognize when 64-bit operations are done with 32-bit >> instructions. I think that will be too hard for a JIT. >> > > Please Google "peephole optimizer". I have written one for uni. Like I said, I think it will be too hard for a BPF JIT because the pattern is too complex. Keep in mind that there is no 64-bit register where you can load the data to, everything is done on 32-bit values. So you have to recognize 32-bit code emulating 64-bit ops. I don't think anyone will add all the different patterns of doing that to the JIT, there are too many. The current JIT is networking-only and is very simplistic. It is a very long way to a sophisticated enough JIT that does such complex peephole optimisations. I'm not saying it's impossible in general, just that the kernel BPF JIT won't be able to do it. It's a lot easier to just add 64-bit support to BPF instead. Greetings, Indan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/