On Thu, Sep 24, 2020 at 2:37 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > This belongs over into patch 1. > > Thanks! I was rushing to get this posted so YiFei Zhu wouldn't spend > time fighting with arch and Kconfig stuff. :) I'll clean this (and the > other random cruft) up. Wait, what? I'm sorry. We have already begun fixing the mentioned issues (mostly the split bitmaps for different arches). Although yes it's nice to have another implementation to refer to so we get the best of both worlds (and yes I'm already copying some of the code I think are better here over there), don't you think it's not nice to say "Hey I've worked on this in June, it needed rework but I didn't send the newer version. Now you sent yours so I'll rush mine so your work is redundant."? That said, I do think this should be configurable. Users would be free to experiment with the bitmap on or off, just like users may turn seccomp off entirely. A choice also allows users to select different implementations, a few whom I work with have ideas on how to accelerate / cache argument dependent syscalls, for example. YiFei Zhu
