User: Password:
|
|
Subscribe / Log in / New account

A JIT for packet filters

A JIT for packet filters

Posted Apr 15, 2011 9:56 UTC (Fri) by rilder (guest, #59804)
Parent article: A JIT for packet filters

Since generation of the JIT code is a one-time task, can't a usermode helper in form of something like LLVM be used by the kernel then or atleast be made pluggable ? It will also support multiple architectures and may generate more optimized code


(Log in to post comments)

A JIT for packet filters

Posted Apr 17, 2011 1:40 UTC (Sun) by jzbiciak (subscriber, #5246) [Link]

I can understand some folks being, erm, jittery about being able to load arbitrary code into the kernel. Then again, we have loadable kernel modules, so why not?

I agree that doing this in userspace seems to make much more sense than doing it in the kernel if optimized performance is your main careabout, since you can bring more resources to bear on the problem without bloating the kernel. It then comes down to managing the potential security issues, and trusting the correctness of the translator since you lose any sandboxing the interpreter might have offered.

(Yes, the translator can insert the required bounds checks, but nothing requires it to if you're loading raw machine code into the kernel.)

A JIT for packet filters

Posted Apr 17, 2011 21:08 UTC (Sun) by rilder (guest, #59804) [Link]

Good points.
My thought process for this was influenced by:
1. Text processing algorithms which use request_module() to load at runtime for algorithms which are not in kernel. Again, if proper case is exercised here -- not loading outside modprobe path etc. it should be fine.
2. Coming back to usermode helpers, we already allow modules to be modprbed through external helpers, so a similar approach can be used. If someone can write to a sysctl/procfs maliciously, then system is already compromised. I was thinking of reading from a pipe using a usermode helper similar to how core dumping function uses it to write instead.

A JIT for packet filters

Posted Apr 26, 2011 2:16 UTC (Tue) by welinder (guest, #4699) [Link]

People at CMU played with that years and years ago. The programs
from user space would only be accepted if they came with a proof
of correctness (which is easy to verify). The buzz words were
"proof-carrying code", I think.

A JIT for packet filters

Posted May 21, 2011 11:56 UTC (Sat) by snemarch (guest, #75085) [Link]

Have the usermode LLVM-compiler generate pf bytecode, and have a small JIT'er in the kernel? Sounds like a reasonably safe scheme to me.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds