Re: [PATCH 3/6] seccomp: Implement constant action bitmaps

From: YiFei Zhu
Date: Thu Sep 24 2020 - 04:22:44 EST

Next message: Zenghui Yu: "Re: [PATCH v10 04/11] vfio/pci: Add VFIO_REGION_TYPE_NESTED region type"
Previous message: Andy Shevchenko: "Re: [PATCH v9 11/20] gpiolib: cdev: support GPIO_V2_LINE_SET_VALUES_IOCTL"
In reply to: Kees Cook: "Re: [PATCH 3/6] seccomp: Implement constant action bitmaps"
Next in thread: Jann Horn: "Re: [PATCH 3/6] seccomp: Implement constant action bitmaps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 24, 2020 at 3:15 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> I was trying to be helpful: you hadn't seen the RFC, and it was missing
> the emulator piece, which I wanted to be small, so I put got it out the
> door today. I didn't want you to think you needed to port the larger
> emulator over, for example.

There's no architecture-dependent code in the emulator. It just has to
iterate through all the arch numbers. So I don't know what you are
referring to by "port ... over".
The logic is simple. If the emulator determines the filter must be an
allow for a given arch / syscall pair, then it is "cached by bitmap".

> I'm open to ideas, but I want to have a non-optional performance
> improvement as the first step. :)

How about "performance improvement by default"? It's not like most end
users / distros would turn off something that's enabled by default
when they upgrade to a new kernel.

YiFei Zhu

Next message: Zenghui Yu: "Re: [PATCH v10 04/11] vfio/pci: Add VFIO_REGION_TYPE_NESTED region type"
Previous message: Andy Shevchenko: "Re: [PATCH v9 11/20] gpiolib: cdev: support GPIO_V2_LINE_SET_VALUES_IOCTL"
In reply to: Kees Cook: "Re: [PATCH 3/6] seccomp: Implement constant action bitmaps"
Next in thread: Jann Horn: "Re: [PATCH 3/6] seccomp: Implement constant action bitmaps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]