On 06/02/2014 05:41 PM, Alexei Starovoitov wrote: ...
Glad you brought up this point :) 100% agree that current double verification done by seccomp is far from being generic and quite hard to maintain, since any change done to classic BPF verifier needs to be thought through from seccomp_check_filter() perspective as well.
Glad we're on the same page.
BPF's input context, set of allowed calls need to be expressed in a generic way. Obviously this split by itself won't make classic BPF all of a sudden generic. It rather defines a boundary of eBPF core.
Note, I'm not at all against using it in tracing, I think it's probably a good idea, but shouldn't we _first_ think about how to overcome such deficits as above by improving upon its in-kernel API design, thus to better prepare it to be generic? I feel this step is otherwise just skipped and quickly 'hacked' around ... ;) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
