Re: BPF64: proposal of platform-independent hardware-friendly backwards-compatible eBPF alternative

["Poul-Henning Kamp" <phk%phk.freebsd.dk@localhost>]

David Chisnall writes:

> The thing I would like to see for our current use of semi-trusted Lua in 
> the kernel (ZFS channel programs) is a way of exposing them (under 
> /dev/something) as file descriptors and modifying the ioctls that run 
> them to take a file descriptor argument.  I would like to separate the 
> two operations:
>
>  - Load a channel program.
>  - Run a channel program.
>
> In the post-Spectre world, the former remains a privileged operation.  
> Even though Linux pretends it isn't, allowing arbitrary (even 
> arbitrary constrained) code to run in the kernel's address space 
> is a problem.  Invoking such code; however, should follow the same rules 
> as everything else.  A trusted entity should be able to load a pile of 
> Lua / eBPF / BPF64 / whatever programs into the kernel and then set up 
> permissions so that sandboxed programs (and jails) can use a defined 
> subset of them.

That would be a great way to do it.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk%FreeBSD.ORG@localhost         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.