> >> What do you mean "it doesn't seem the case"?
> > 
> > i meant, it's far from no-op.
> 
> Oh, yes, no argue about that. I think that the cost of it is relatively
> small. Anyway, I thought that, like myself, nobody else found it too
> expensive. But, see below:

my concern is not only about its runtime costs.
i concern its code quality as well.
for example, when veriexec is compiled in,
vn_open uses MAXPATHLEN-sized buffer on kernel stack.

YAMAMOTO Takashi