On 02/13/2014 11:47 PM, H. Peter Anvin wrote:
On 02/13/2014 02:44 PM, Daniel Borkmann wrote:
Well, if that would be the case, then seccomp would have had JIT support
long ago. ;-) Right now BPF filters with seccomp are not JIT compiled
for _any_ architecture.
Really, I was under the impression there were. They *should be*, that
was an important concept in the development of the seccomp filters.
$ git grep -n BPF_S_ANC_SECCOMP_LD_W
include/linux/filter.h:153: BPF_S_ANC_SECCOMP_LD_W,
kernel/seccomp.c:136: ftest->code = BPF_S_ANC_SECCOMP_LD_W;
net/core/filter.c:389: case BPF_S_ANC_SECCOMP_LD_W:
net/core/filter.c:812: [BPF_S_ANC_SECCOMP_LD_W] = BPF_LD|BPF_B|BPF_ABS,
Afaik, there had been attempts to support it, but had flaws in it.
-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
