From: Andy Lutomirski <luto@amacapital.net>
To: linux-kernel@vger.kernel.org, Kees Cook <keescook@chromium.org>,
Will Drewry <wad@chromium.org>
Cc: Oleg Nesterov <oleg@redhat.com>,
x86@kernel.org, linux-arm-kernel@lists.infradead.org,
linux-mips@linux-mips.org, linux-arch@vger.kernel.org,
linux-security-module@vger.kernel.org,
Andy Lutomirski <luto@amacapital.net>
Subject: [RFC 0/5] Two-phase seccomp and an x86_64 fast path
Date: Wed, 11 Jun 2014 13:22:57 -0700 [thread overview]
Message-ID: <cover.1402517933.git.luto@amacapital.net> (raw)
On my VM, getpid takes about 70ns. Before this patchset, adding a
single-instruction always-accept seccomp filter added about 134ns of
overhead to getpid. With this patchset, the overhead is down to about
13ns.
I'd really appreciate careful review from all relevant arch
maintainers for patch 1.
This is an RFC for now. I'll submit a non-RFC version after the merge
window ends.
Andy Lutomirski (5):
seccomp,x86,arm,mips,s390: Remove nr parameter from secure_computing
x86_64,entry: Treat regs->ax the same in fastpath and slowpath
syscalls
seccomp: Refactor the filter callback and the API
seccomp: Allow arch code to provide seccomp_data
x86,seccomp: Add a seccomp fastpath
arch/arm/kernel/ptrace.c | 7 +-
arch/mips/kernel/ptrace.c | 2 +-
arch/s390/kernel/ptrace.c | 2 +-
arch/x86/include/asm/calling.h | 6 +-
arch/x86/kernel/entry_64.S | 52 ++++++++-
arch/x86/kernel/ptrace.c | 2 +-
arch/x86/kernel/vsyscall_64.c | 2 +-
include/linux/seccomp.h | 25 +++--
kernel/seccomp.c | 244 +++++++++++++++++++++++++++--------------
9 files changed, 241 insertions(+), 101 deletions(-)
--
1.9.3
next reply other threads:[~2014-06-11 20:23 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-11 20:22 Andy Lutomirski [this message]
2014-06-11 20:22 ` [RFC 1/5] seccomp,x86,arm,mips,s390: Remove nr parameter from secure_computing Andy Lutomirski
2014-06-11 20:22 ` Andy Lutomirski
2014-06-11 20:22 ` [RFC 2/5] x86_64,entry: Treat regs->ax the same in fastpath and slowpath syscalls Andy Lutomirski
2014-06-11 20:22 ` Andy Lutomirski
2014-06-11 20:23 ` [RFC 3/5] seccomp: Refactor the filter callback and the API Andy Lutomirski
2014-06-11 20:23 ` [RFC 4/5] seccomp: Allow arch code to provide seccomp_data Andy Lutomirski
2014-06-11 20:23 ` [RFC 5/5] x86,seccomp: Add a seccomp fastpath Andy Lutomirski
2014-06-11 21:29 ` Alexei Starovoitov
2014-06-11 21:29 ` Alexei Starovoitov
2014-06-11 21:56 ` Andy Lutomirski
2014-06-11 22:18 ` H. Peter Anvin
2014-06-11 22:18 ` H. Peter Anvin
2014-06-11 22:22 ` Andy Lutomirski
2014-06-11 22:22 ` Andy Lutomirski
2014-06-11 22:27 ` H. Peter Anvin
2014-06-11 22:27 ` H. Peter Anvin
2014-06-11 22:28 ` Andy Lutomirski
2014-06-11 22:32 ` Kees Cook
2014-06-13 16:29 ` Will Drewry
2014-06-13 16:29 ` Will Drewry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1402517933.git.luto@amacapital.net \
--to=luto@amacapital.net \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=linux-security-module@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=wad@chromium.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).