On Wed, Sep 23, 2020 at 2:26 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > Did you see the RFC series for this? > > https://lore.kernel.org/lkml/20200616074934.1600036-1-keescook@xxxxxxxxxxxx/ > [...] > Which also includes updated benchmarking: > > https://lore.kernel.org/lkml/20200616074934.1600036-6-keescook@xxxxxxxxxxxx/ Nice. I was not aware of that series. Looking at it, it seems that our reasoning for checking arch and nr only, and verify if the filter accesses anything else, is the same. However, the approach in that RFC used was some page table dark magic, and it has been concluded that an emulator is superior. Was there a seperate patch series with emulator? If not, would you mind me cherry-picking some of your changes in that series? Also, I see that BPF_AND is said to be used in the discussion of the linked series. I think it wouldn't hurt to emulate a few BPF_ALU so I'll add that. YiFei Zhu
