Hi Linus, Please pull these seccomp updates for v5.11-rc1. The major change here is finally gaining seccomp constant-action bitmaps, which internally reduces the seccomp overhead for many real-world syscall filters to O(1), as discussed at Plumbers this year.
Thanks! -Kees The following changes since commit 4c222f31fb1db4d590503a181a6268ced9252379: selftests/seccomp: sh: Fix register names (2020-11-20 11:03:08 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.11-rc1 for you to fetch changes up to 2c07343abd8932200a45ff7b10950e71081e9e77: selftests/seccomp: Update kernel config (2020-12-02 11:20:54 -0800) ---------------------------------------------------------------- seccomp updates for v5.11-rc1 - Improve seccomp performance via constant-action bitmaps (YiFei Zhu & Kees Cook) - Fix bogus __user annotations (Jann Horn) - Add missed CONFIG for improved selftest coverage (Mickaël Salaün) ---------------------------------------------------------------- Jann Horn (1): seccomp: Remove bogus __user annotations Kees Cook (5): x86: Enable seccomp architecture tracking selftests/seccomp: Compare bitmap vs filter overhead arm64: Enable seccomp architecture tracking arm: Enable seccomp architecture tracking Merge branch 'for-linus/seccomp' into for-next/seccomp Mickaël Salaün (1): selftests/seccomp: Update kernel config YiFei Zhu (10): seccomp/cache: Lookup syscall allowlist bitmap for fast path seccomp/cache: Add "emulator" to check if filter is constant allow csky: Enable seccomp architecture tracking parisc: Enable seccomp architecture tracking powerpc: Enable seccomp architecture tracking riscv: Enable seccomp architecture tracking s390: Enable seccomp architecture tracking sh: Enable seccomp architecture tracking xtensa: Enable seccomp architecture tracking seccomp/cache: Report cache data through /proc/pid/seccomp_cache arch/Kconfig | 17 ++ arch/arm/include/asm/Kbuild | 1 - arch/arm/include/asm/seccomp.h | 11 + arch/arm64/include/asm/seccomp.h | 9 + arch/csky/include/asm/Kbuild | 1 - arch/csky/include/asm/seccomp.h | 11 + arch/parisc/include/asm/Kbuild | 1 - arch/parisc/include/asm/seccomp.h | 22 ++ arch/powerpc/include/asm/seccomp.h | 23 ++ arch/riscv/include/asm/seccomp.h | 10 + arch/s390/include/asm/seccomp.h | 9 + arch/sh/include/asm/seccomp.h | 10 + arch/x86/include/asm/seccomp.h | 20 ++ arch/xtensa/include/asm/Kbuild | 1 - arch/xtensa/include/asm/seccomp.h | 11 + fs/proc/base.c | 6 + include/linux/seccomp.h | 7 + kernel/seccomp.c | 296 ++++++++++++++++++++- tools/testing/selftests/seccomp/config | 1 + .../testing/selftests/seccomp/seccomp_benchmark.c | 151 +++++++++-- tools/testing/selftests/seccomp/settings | 2 +- 21 files changed, 590 insertions(+), 30 deletions(-) create mode 100644 arch/arm/include/asm/seccomp.h create mode 100644 arch/csky/include/asm/seccomp.h create mode 100644 arch/parisc/include/asm/seccomp.h create mode 100644 arch/xtensa/include/asm/seccomp.h -- Kees Cook
