Re: [PATCH seccomp v2 0/8] seccomp: add bitmap cache support on remaining arches and report cache in procfs
On Wed, 11 Nov 2020 07:33:46 -0600, YiFei Zhu wrote: > This patch series enables bitmap cache for the remaining arches with > SECCOMP_FILTER, other than MIPS. > > I was unable to find any of the arches having subarch-specific NR_syscalls > macros, so generic NR_syscalls is used. SH's syscall_get_arch seems to > only have the 32-bit subarch implementation. I'm not sure if this is > expected. > > [...] Applied to for-next/seccomp, thanks! I made a small tweak to the last patch to add more details to the per-ARCH help text, and to drop the needless "depends on SECCOMP" (which "depends on SECCOMP_FILTER" was already present). I successfully build-tested on parisc, powerpc, riscv, s390, and sh. xtensa doesn't build using the existing Debian cross-compiler, and I can't make csky with clang work, but they look correct. *cross fingers* [1/8] csky: Enable seccomp architecture tracking https://git.kernel.org/kees/c/ee7ce951028f [2/8] parisc: Enable seccomp architecture tracking https://git.kernel.org/kees/c/7f049cc068a3 [3/8] powerpc: Enable seccomp architecture tracking https://git.kernel.org/kees/c/95f8ae2624a0 [4/8] riscv: Enable seccomp architecture tracking https://git.kernel.org/kees/c/8f9f0f44a37b [5/8] s390: Enable seccomp architecture tracking https://git.kernel.org/kees/c/5897106c6902 [6/8] sh: Enable seccomp architecture tracking https://git.kernel.org/kees/c/75186111c257 [7/8] xtensa: Enable seccomp architecture tracking https://git.kernel.org/kees/c/4f408bc643aa [8/8] seccomp/cache: Report cache data through /proc/pid/seccomp_cache https://git.kernel.org/kees/c/49a6968cc78f -- Kees Cook
[PATCH seccomp v2 0/8] seccomp: add bitmap cache support on remaining arches and report cache in procfs
From: YiFei Zhu
This patch series enables bitmap cache for the remaining arches with
SECCOMP_FILTER, other than MIPS.
I was unable to find any of the arches having subarch-specific NR_syscalls
macros, so generic NR_syscalls is used. SH's syscall_get_arch seems to
only have the 32-bit subarch implementation. I'm not sure if this is
expected.
This series has not been tested; I have not built all the cross compilers
necessary to build test, let alone run the kernel or benchmark the
performance, so help on making sure the bitmap cache works as expected
(selftests/seccomp/{seccomp_benchmark,seccomp_bpf}) would be appreciated.
The series applies on top of Kees's for-next/seccomp branch.
v1 -> v2:
* ppc, sh: s/__SECCOMP_ARCH_LE_BIT/__SECCOMP_ARCH_LE/
* ppc: add "le" suffix to arch name when the arch is little endian.
* ppc: add explanation of why __LITTLE_ENDIAN__ is used to commit message.
YiFei Zhu (8):
csky: Enable seccomp architecture tracking
parisc: Enable seccomp architecture tracking
powerpc: Enable seccomp architecture tracking
riscv: Enable seccomp architecture tracking
s390: Enable seccomp architecture tracking
sh: Enable seccomp architecture tracking
xtensa: Enable seccomp architecture tracking
seccomp/cache: Report cache data through /proc/pid/seccomp_cache
arch/Kconfig | 15
arch/csky/include/asm/Kbuild | 1 -
arch/csky/include/asm/seccomp.h| 11 ++
arch/parisc/include/asm/Kbuild | 1 -
arch/parisc/include/asm/seccomp.h | 22 +++
arch/powerpc/include/asm/seccomp.h | 23
arch/riscv/include/asm/seccomp.h | 10 +
arch/s390/include/asm/seccomp.h| 9 +
arch/sh/include/asm/seccomp.h | 10 +
arch/xtensa/include/asm/Kbuild | 1 -
arch/xtensa/include/asm/seccomp.h | 11 ++
fs/proc/base.c | 6 +++
include/linux/seccomp.h| 7
kernel/seccomp.c | 59 ++
14 files changed, 183 insertions(+), 3 deletions(-)
create mode 100644 arch/csky/include/asm/seccomp.h
create mode 100644 arch/parisc/include/asm/seccomp.h
create mode 100644 arch/xtensa/include/asm/seccomp.h
base-commit: 38c37e8fd3d2590c4234d8cfbc22158362f0eb04
--
2.29.2
