Re: Using ftrace/perf as a basis for generic seccomp

[Steven Rostedt]

On Wed, 2011-02-02 at 18:55 +0100, Ingo Molnar wrote:

> The filter expression engine executes in the kernel, when the event happens. The 
> user-space perf tool parses the --filter parameter and passes it to the kernel as a 
> string in essence. The kerner parses this into atomic predicaments which are linked 
> to the event structure. When the event happens the predicaments are executed by the 
> filter engine.
> 
> The expressions are simple, but rather flexible, so you can do 'fd==0||fd==1' and 
> more complex expressions, etc. The engine could also be extended.
> 
> The kernel code is mostly in kernel/trace/trace_events_filter.c.
> 
> I've Cc:-ed Tom, Frederic, Steve, Li Zefan and Arnaldo who have worked on the filter 
> engine, in case something is broken with this functionality or if there are other 
> questions :)

Yep, and I'm currently working on them as well. As they currently have a
32 pred limit (may seem like a lot, but I actually hit it). And I've
also added short circuits (0 && .... no need to process more).

I posted an RFC:

https://lkml.org/lkml/2011/1/27/438

and I'm again working on finishing it. Just a few more things to do. I
got side tracked because my employer actually asked me to do something
for them ;)

-- Steve


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/