On Thu, Sep 24, 2020 at 03:07:23AM -0500, YiFei Zhu wrote: > On Thu, Sep 24, 2020 at 2:37 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > > > This belongs over into patch 1. > > > > Thanks! I was rushing to get this posted so YiFei Zhu wouldn't spend > > time fighting with arch and Kconfig stuff. :) I'll clean this (and the > > other random cruft) up. > > Wait, what? I'm sorry. We have already begun fixing the mentioned > issues (mostly the split bitmaps for different arches). Although yes > it's nice to have another implementation to refer to so we get the > best of both worlds (and yes I'm already copying some of the code I > think are better here over there), don't you think it's not nice to > say "Hey I've worked on this in June, it needed rework but I didn't > send the newer version. Now you sent yours so I'll rush mine so your > work is redundant."? I was trying to be helpful: you hadn't seen the RFC, and it was missing the emulator piece, which I wanted to be small, so I put got it out the door today. I didn't want you to think you needed to port the larger emulator over, for example. > That said, I do think this should be configurable. Users would be free > to experiment with the bitmap on or off, just like users may turn > seccomp off entirely. A choice also allows users to select different > implementations, a few whom I work with have ideas on how to > accelerate / cache argument dependent syscalls, for example. I'm open to ideas, but I want to have a non-optional performance improvement as the first step. :) "seccomp is magically faster" was my driving goal. -- Kees Cook
