seccomp: Allow arch code to provide seccomp_data
populate_seccomp_data is expensive: it works by inspecting task_pt_regs and various other bits to piece together all the information, and it's does so in multiple partially redundant steps. Arch-specific code in the syscall entry path can do much better. Admittedly this adds a bit of additional room for error, but the speedup should be worth it. Signed-off-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Andy Lutomirski
Kees Cook
parent
13aa72f0fd
commit
d39bd00dea
2 changed files with 20 additions and 14 deletions
|
|
@ -39,7 +39,7 @@ static inline int secure_computing(void)
|
|||
#define SECCOMP_PHASE1_OK 0
|
||||
#define SECCOMP_PHASE1_SKIP 1
|
||||
|
||||
extern u32 seccomp_phase1(void);
|
||||
extern u32 seccomp_phase1(struct seccomp_data *sd);
|
||||
int seccomp_phase2(u32 phase1_result);
|
||||
#else
|
||||
extern void secure_computing_strict(int this_syscall);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue