This looks very similar to webassembly work going on right now, both use a secure VM, and both run in kernel space.
Would webassembly be a more general purpose way of accomplishing something like this?
A BPF interpreter can literally be ~100 LoC. A WebAssembly VM on the other hand will likely be ~1million LoC (without checking).
One is suitable for embedding into a kernel, the other isn't.
Where did you get ~1million number? https://github.com/bytecodealliance/wasm-micro-runtime is less than 100K LoC for example.