From: Alexei Starovoitov <alexei.starovoi...@gmail.com> Date: Fri, 22 Dec 2017 20:31:56 -0800
> Thoughts? Even though you propose it as the opposite, it sounds like a crutch for the verifier. If we strictly control objects that the eBPF program can access, verifier ensures this, and all other objects go through helpers, then I cannot see what kasan for bpf can buy us. To me it tells the world "yes, verifier and carefully designed helpers are insufficient" and that's not the message I have been giving to rooms full of hundreds of people listening to my xdp/bpf presentations.