On Fri, Jul 18, 2014 at 3:16 PM, Kees Cook <keesc...@chromium.org> wrote: > On Fri, Jul 18, 2014 at 2:18 PM, Andy Lutomirski <l...@amacapital.net> wrote: >> populate_seccomp_data is expensive: it works by inspecting >> task_pt_regs and various other bits to piece together all the >> information, and it's does so in multiple partially redundant steps. >> >> Arch-specific code in the syscall entry path can do much better. >> >> Admittedly this adds a bit of additional room for error, but the >> speedup should be worth it. > > I still think we should gain either a note in the > HAVE_ARCH_SECCOMP_FILTER help text in arch/Kconfig, or possibly a new > section in Documentation/prctl/seccomp.txt (or similar) on how do > implement filter support for an architecture, that mentions the > arch-supplied seccomp_data and how two-phase can be done.
I would have sworn I did that. I distinctly remember typing that text. I must have failed to commit it. I'll send a followup patch. --Andy > > -Kees > > -- > Kees Cook > Chrome OS Security -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
