On 02/16/2012 04:48 PM, Indan Zupancic wrote:

On Thu, February 16, 2012 22:17, H. Peter Anvin wrote:

I would go for something like:

struct seccomp_data {
	int nr;
	__u32 arg_low[6];
	__u32 arg_high[6];
	__u32 instruction_pointer_low;
	__u32 instruction_pointer_high;
	__u32 __reserved[3];
};

Uh, that is the absolutely WORST way to do it - not only are you
creating two fields, they're not even adjacent.

(Not sure what use the IP is because that doesn't tell anything about how
the system call instruction was reached.)

The only way to avoid splitting args is to add 64-bit support to BPF.
That is probably the best way forwards, but would require breaking the
BPF ABI by either adding a 64-bit version directly or adding extra
instructions.

Or the compiler or whatever generates the BPF code just is going to have
to generate two instructions -- just like we always have to handle
[u]int64_t on 32-bit platforms.  There is no difference here.

	-hpa

-- 
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel.  I don't speak on their behalf.