Real World Technologies - Forums - Thread: x86 - why unite when you can fragment?

By: Gian-Carlo Pascutto (gcp.delete@this.sjeng.org), March 16, 2021 1:40 pm

anon2 (anon.delete@this.anon.com) on March 15, 2021 8:00 pm wrote:
> uses a very different architecture that does not farm out
> all requests via IPC to a broker service, but instead does the majority of the filtering inline via kernel
> facilities (namespaces, eBPF). I'll give you three guesses as to which model has better performance.

There's some misunderstanding here. On Linux desktop, Chrome does its API filtering via BPF (in seccomp) and Namespaces, with a fallback (via a setuid wrapper!) if those are not available.

But you need IPC if you need to get the remote party do something on your behalf outside of what the sandbox allows (or just to transfer data, really), and that's used extensively on *both* platforms.

--
GCP

< Previous Post in Thread

Next Post in Thread >

Topic	Posted By	Date
x86 - why unite when you can fragment?	anonymou5	2021/03/12 06:16 PM
x86 - why unite when you can fragment?	Linus Torvalds	2021/03/13 01:18 PM
x86 - why unite when you can fragment?	Jon Masters	2021/03/13 07:25 PM
x86 - why unite when you can fragment?	Jon Masters	2021/03/13 07:44 PM
x86 - why unite when you can fragment?	Yuhong Bao	2021/03/13 08:49 PM
x86 - why unite when you can fragment?	tt	2021/03/20 09:30 AM
x86 - why unite when you can fragment?	Andrey	2021/03/14 04:15 PM
x86 - why unite when you can fragment?	Linus Torvalds	2021/03/14 04:58 PM
x86 - why unite when you can fragment?	anonymou5	2021/03/14 05:31 PM
x86 - why unite when you can fragment?	anon2	2021/03/14 08:07 PM
Microkernel?	Anon	2021/03/14 11:49 PM
Microkernel?	none	2021/03/15 12:37 AM
Microkernel?	Anon	2021/03/15 01:56 AM
Microkernel?	anon2	2021/03/15 01:58 AM
Microkernel?	Simon Farnsworth	2021/03/15 03:12 AM
Microkernel?	anon2	2021/03/15 04:53 AM
Microkernel?	Simon Farnsworth	2021/03/15 06:56 AM
Microkernel?	iz	2021/03/15 08:10 AM
Microkernel?	Anon	2021/03/15 09:05 AM
Microkernel?	iz	2021/03/16 01:25 AM
Microkernel?	Andrey	2021/03/16 02:54 AM
Microkernel?	iz	2021/03/16 08:36 AM
Microkernel?	Andrey	2021/03/16 10:06 AM
Microkernel?	anonymou5	2021/03/16 11:44 AM
Microkernel?	iz	2021/03/21 02:58 AM
Microkernel?	Andrey	2021/03/21 09:34 AM
Microkernel?	anon2	2021/03/15 08:31 AM
Microkernel?	Simon Farnsworth	2021/03/16 04:42 AM
Microkernel?	Gabriele Svelto	2021/03/15 03:21 AM
Microkernel?	anon2	2021/03/15 04:56 AM
Microkernel?	Gabriele Svelto	2021/03/15 10:41 AM
Microkernel?	anon2	2021/03/15 08:00 PM
Microkernel?	Gabriele Svelto	2021/03/16 07:23 AM
Microkernel?	anon2	2021/03/16 05:13 PM
Microkernel?	anon2	2021/03/16 05:16 PM
Microkernel?	Gian-Carlo Pascutto	2021/03/16 01:40 PM
Microkernel?	anon2	2021/03/16 05:53 PM
Microkernel?	Linus Torvalds	2021/03/16 07:25 PM
Microkernel?	Doug S	2021/03/17 09:30 AM
Microkernel?	Linus Torvalds	2021/03/17 10:30 AM
Microkernel?	Brendan	2021/03/17 10:56 PM
Microkernel?	Michael S	2021/03/18 03:47 AM
Microkernel?	Brendan	2021/03/18 09:07 AM
Microkernel?	Jose	2021/03/18 09:35 AM
Microkernel?	zArchJon	2021/03/18 05:42 PM
Transputer	RichardC	2021/03/17 09:47 AM
Microkernel?	dmcq	2021/03/17 11:15 AM
Microkernel?	Linus Torvalds	2021/03/17 11:59 AM
Microkernel?	dmcq	2021/03/17 12:38 PM
Microkernel?	Adrian	2021/03/17 01:00 PM
Microkernel?	Ana R. Riano	2021/03/18 04:33 AM
Microkernel?	⚛	2021/04/30 04:52 PM
Microkernel?	NvaxPlus	2021/03/17 11:48 AM
Microkernel?	Michael S	2021/03/18 03:32 AM
Microkernel?	Adrian	2021/03/18 04:12 AM
Microkernel?	dmcq	2021/03/18 06:30 AM
Microkernel?	dmcq	2021/03/18 06:55 AM
Microkernel?	Adrian	2021/03/18 08:35 AM
Microkernel?	---	2021/03/18 09:49 AM
Microkernel?	dmcq	2021/03/18 10:59 AM
Microkernel?	dmcq	2021/03/18 04:09 PM
Microkernel?	---	2021/03/18 09:27 AM
Microkernel?	Kalle A. Sandström	2021/03/20 06:34 AM
Microkernel?	---	2021/03/20 08:35 AM
Microkernel?	anon2	2021/03/21 05:29 PM
Microkernel?	dmcq	2021/03/15 04:06 AM
Microkernel?	anon2	2021/03/15 04:59 AM
Microkernel?	dmcq	2021/03/15 11:51 AM
Microkernel?	anon2	2021/03/15 08:31 PM
Microkernel?	dmcq	2021/03/16 09:17 AM
Microkernel?	Jukka Larja	2021/03/16 11:22 AM
Microkernel?	dmcq	2021/03/16 04:06 PM
Microkernel?	Jukka Larja	2021/03/17 03:42 AM
Microkernel?	dmcq	2021/03/17 07:00 AM
Microkernel?	anon2	2021/03/16 05:26 PM
Microkernel?	---	2021/03/16 10:07 AM
Microkernel?	-.-	2021/03/15 08:15 PM
Microkernel?	anon2	2021/03/15 09:18 PM
Microkernel?	Foo_	2021/03/16 03:37 AM
Read the thread (NT)	anon2	2021/03/16 05:27 PM
Already did (NT)	Foo_	2021/03/17 02:55 AM
Already did	anon2	2021/03/17 03:46 AM
Already did	Etienne Lorrain	2021/03/18 02:31 AM
Microkernel?	-.-	2021/03/17 05:04 AM
Microkernel?	Gabriele Svelto	2021/03/17 08:53 AM
Microkernel?	-.-	2021/03/17 02:43 PM
Microkernel?	dmcq	2021/03/16 08:40 AM
x86 - why unite when you can fragment?	Konrad Schwarz	2021/03/17 10:19 AM
x86 - why unite when you can fragment?	anonon	2021/03/15 07:37 AM

Reply to this Topic
Name:
Email:
Topic:
Body:	No Text Gian-Carlo Pascutto (gcp.delete@this.sjeng.org) on March 16, 2021 1:40 pm wrote: > anon2 (anon.delete@this.anon.com) on March 15, 2021 8:00 pm wrote: > > uses a very different architecture that does not farm out > > all requests via IPC to a broker service, but instead does the majority of the filtering inline via kernel > > facilities (namespaces, eBPF). I'll give you three guesses as to which model has better performance. > > There's some misunderstanding here. On Linux desktop, Chrome does its API filtering via BPF (in > seccomp) and Namespaces, with a fallback (via a setuid wrapper!) if those are not available. > > But you need IPC if you need to get the remote party do something on your behalf outside of what the > sandbox allows (or just to transfer data, really), and that's used extensively on both platforms. > > -- > GCP
How do you spell avocado?

Microkernel?

Editor’s Picks

Intel’s Haswell CPU Microarchitecture

PhysX87: Software Deficiency

AMD’s Bulldozer Microarchitecture

RWT on Twitter