• Linus Torvalds's avatar
    Merge tag 'seccomp-v5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · e994cc24
    Linus Torvalds authored
    Pull seccomp updates from Kees Cook:
     "The major change here is finally gaining seccomp constant-action
      bitmaps, which internally reduces the seccomp overhead for many
      real-world syscall filters to O(1), as discussed at Plumbers this
      year.
    
       - Improve seccomp performance via constant-action bitmaps (YiFei Zhu
         & Kees Cook)
    
       - Fix bogus __user annotations (Jann Horn)
    
       - Add missed CONFIG for improved selftest coverage (Mickaël Salaün)"
    
    * tag 'seccomp-v5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
      selftests/seccomp: Update kernel config
      seccomp: Remove bogus __user annotations
      seccomp/cache: Report cache data through /proc/pid/seccomp_cache
      xtensa: Enable seccomp architecture tracking
      sh: Enable seccomp architecture tracking
      s390: Enable seccomp architecture tracking
      riscv: Enable seccomp architecture tracking
      powerpc: Enable seccomp architecture tracking
      parisc: Enable seccomp architecture tracking
      csky: Enable seccomp architecture tracking
      arm: Enable seccomp architecture tracking
      arm64: Enable seccomp architecture tracking
      selftests/seccomp: Compare bitmap vs filter overhead
      x86: Enable seccomp architecture tracking
      seccomp/cache: Add "emulator" to check if filter is constant allow
      seccomp/cache: Lookup syscall allowlist bitmap for fast path
    e994cc24
seccomp.c 61.6 KB