| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Mar 2014 15:04:28 -0800 From: Alexei Starovoitov <ast@...mgrid.com> To: Hagen Paul Pfeifer <hagen@...u.net> Cc: Daniel Borkmann <dborkman@...hat.com>, "David S. Miller" <davem@...emloft.net>, Ingo Molnar <mingo@...nel.org>, Steven Rostedt <rostedt@...dmis.org>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, "H. Peter Anvin" <hpa@...or.com>, Thomas Gleixner <tglx@...utronix.de>, Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, Tom Zanussi <tom.zanussi@...ux.intel.com>, Jovi Zhangwei <jovi.zhangwei@...il.com>, Eric Dumazet <edumazet@...gle.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, Frederic Weisbecker <fweisbec@...il.com>, Arnaldo Carvalho de Melo <acme@...radead.org>, Pekka Enberg <penberg@....fi>, Arjan van de Ven <arjan@...radead.org>, Christoph Hellwig <hch@...radead.org>, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, Jesse Gross <jesse@...ira.com> Subject: Re: [PATCH v3 net-next 1/1] bpf32->bpf64 mapper and bpf64 interpreter On Mon, Mar 3, 2014 at 2:05 AM, Hagen Paul Pfeifer <hagen@...u.net> wrote: > * Daniel Borkmann | 2014-03-01 01:30:00 [+0100]: > >>>>as in 'struct bpf_insn' the immediate value is 32 bit, so for 64 bit >>>>comparisons, you'd still need to load to immediate values, right? >>> >>>there is no insn that use 64-bit immediate, since 64-bit immediates >>>are extremely rare. grep x86-64 asm code for movabsq will return very few. >>>llvm or gcc can easily construct any constant by combination of mov, >>>shifts and ors. >>>bpf64 comparisons are all 64-bit right now. So far I didn't see a need to do >>>32-bit comparison, since old bpf is all unsigned, mapping 32->64 of >>>Jxx is painless. >> >>Hm, fair enough, I was just thinking for comparisons of IPv6 addresses >>when we do socket filtering. On the other hand, old and new insns are >>both 64 bit wide and can be used though the same api then. > > What about the long term idea to support JITed nftables? A 128 bit immediate > is required - maybe the biggest requirement for nftable support. I'm still planning to bring benefits of ebpf-JIT to nft. There are different ways to approach it. I'm not ready to debate details, since I don't have a working code for nft+bpf yet and code speaks better than words. But I'm confident that ebpf instruction set will not need 128-bit extensions. If something unforeseen is needed, we can always add it. Right now I'm testing ebpf+seccomp. As a micro benchmark I took a test from libseccomp and added dummy syscall loop. There is a nice speedup. will post a patch soon. Thanks Alexei -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists