On Thu, May 14, 2020 at 01:04:38AM +0200, Daniel Borkmann wrote: > Aside from comments on list, the series looks reasonable to me. For BPF > the bpf_probe_read() helper would be slightly penalized for probing user > memory given we now test on copy_from_kernel_nofault() first and if that > fails only then fall back to copy_from_user_nofault(), but it seems > small enough that it shouldn't matter too much and aside from that we have > the newer bpf_probe_read_kernel() and bpf_probe_read_user() anyway that > BPF progs should use instead, so I think it's okay. > > For patch 14 and patch 15, do you roughly know the performance gain with > the new probe_kernel_read_loop() + arch_kernel_read() approach? I don't think there should be any measurable difference in performance for typical use cases. We'll save the stac/clac pair, but that's it. The real eason is to avoid that stac/clac pair that opens up a window for explots, and as a significant enabler for killing of set_fs based address limit overrides entirely.
