Re: [PATCH v8 3/8] seccomp: add system call filtering using BPF

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On Fri, February 17, 2012 05:09, H. Peter Anvin wrote:
> On 02/16/2012 07:27 PM, Indan Zupancic wrote:
>> A JIT won't be able to merge accesses because it also has to merge other
>> instructions and recognize when 64-bit operations are done with 32-bit
>> instructions. I think that will be too hard for a JIT.
> Please Google "peephole optimizer".

I have written one for uni. Like I said, I think it will be too hard
for a BPF JIT because the pattern is too complex. Keep in mind that
there is no 64-bit register where you can load the data to, everything
is done on 32-bit values. So you have to recognize 32-bit code emulating
64-bit ops. I don't think anyone will add all the different patterns of
doing that to the JIT, there are too many.

The current JIT is networking-only and is very simplistic. It is a very
long way to a sophisticated enough JIT that does such complex peephole
optimisations. I'm not saying it's impossible in general, just that the
kernel BPF JIT won't be able to do it. It's a lot easier to just add
64-bit support to BPF instead.



To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

[Site Home]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Photo]     [Yosemite]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux