[GIT PULL] seccomp updates for v5.11-rc1

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [GIT PULL] seccomp updates for v5.11-rc1
@ 2020-12-15 20:30 Kees Cook
  2020-12-16 19:44 ` pr-tracker-bot
  0 siblings, 1 reply; 2+ messages in thread
From: Kees Cook @ 2020-12-15 20:30 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: linux-kernel, Dimitrios Skarlatos, Heiko Carstens, Helge Deller,
	Jann Horn, Kees Cook, Mickaël Salaün, Shuah Khan,
	Tycho Andersen, Tyler Hicks, YiFei Zhu

Hi Linus,

Please pull these seccomp updates for v5.11-rc1. The major change here
is finally gaining seccomp constant-action bitmaps, which internally
reduces the seccomp overhead for many real-world syscall filters to O(1),
as discussed at Plumbers this year.

Thanks!

-Kees

The following changes since commit 4c222f31fb1db4d590503a181a6268ced9252379:

  selftests/seccomp: sh: Fix register names (2020-11-20 11:03:08 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.11-rc1

for you to fetch changes up to 2c07343abd8932200a45ff7b10950e71081e9e77:

  selftests/seccomp: Update kernel config (2020-12-02 11:20:54 -0800)

----------------------------------------------------------------
seccomp updates for v5.11-rc1

- Improve seccomp performance via constant-action bitmaps (YiFei Zhu & Kees Cook)

- Fix bogus __user annotations (Jann Horn)

- Add missed CONFIG for improved selftest coverage (Mickaël Salaün)

----------------------------------------------------------------
Jann Horn (1):
      seccomp: Remove bogus __user annotations

Kees Cook (5):
      x86: Enable seccomp architecture tracking
      selftests/seccomp: Compare bitmap vs filter overhead
      arm64: Enable seccomp architecture tracking
      arm: Enable seccomp architecture tracking
      Merge branch 'for-linus/seccomp' into for-next/seccomp

Mickaël Salaün (1):
      selftests/seccomp: Update kernel config

YiFei Zhu (10):
      seccomp/cache: Lookup syscall allowlist bitmap for fast path
      seccomp/cache: Add "emulator" to check if filter is constant allow
      csky: Enable seccomp architecture tracking
      parisc: Enable seccomp architecture tracking
      powerpc: Enable seccomp architecture tracking
      riscv: Enable seccomp architecture tracking
      s390: Enable seccomp architecture tracking
      sh: Enable seccomp architecture tracking
      xtensa: Enable seccomp architecture tracking
      seccomp/cache: Report cache data through /proc/pid/seccomp_cache

 arch/Kconfig                                       |  17 ++
 arch/arm/include/asm/Kbuild                        |   1 -
 arch/arm/include/asm/seccomp.h                     |  11 +
 arch/arm64/include/asm/seccomp.h                   |   9 +
 arch/csky/include/asm/Kbuild                       |   1 -
 arch/csky/include/asm/seccomp.h                    |  11 +
 arch/parisc/include/asm/Kbuild                     |   1 -
 arch/parisc/include/asm/seccomp.h                  |  22 ++
 arch/powerpc/include/asm/seccomp.h                 |  23 ++
 arch/riscv/include/asm/seccomp.h                   |  10 +
 arch/s390/include/asm/seccomp.h                    |   9 +
 arch/sh/include/asm/seccomp.h                      |  10 +
 arch/x86/include/asm/seccomp.h                     |  20 ++
 arch/xtensa/include/asm/Kbuild                     |   1 -
 arch/xtensa/include/asm/seccomp.h                  |  11 +
 fs/proc/base.c                                     |   6 +
 include/linux/seccomp.h                            |   7 +
 kernel/seccomp.c                                   | 296 ++++++++++++++++++++-
 tools/testing/selftests/seccomp/config             |   1 +
 .../testing/selftests/seccomp/seccomp_benchmark.c  | 151 +++++++++--
 tools/testing/selftests/seccomp/settings           |   2 +-
 21 files changed, 590 insertions(+), 30 deletions(-)
 create mode 100644 arch/arm/include/asm/seccomp.h
 create mode 100644 arch/csky/include/asm/seccomp.h
 create mode 100644 arch/parisc/include/asm/seccomp.h
 create mode 100644 arch/xtensa/include/asm/seccomp.h

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [GIT PULL] seccomp updates for v5.11-rc1
  2020-12-15 20:30 [GIT PULL] seccomp updates for v5.11-rc1 Kees Cook
@ 2020-12-16 19:44 ` pr-tracker-bot
  0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2020-12-16 19:44 UTC (permalink / raw)
  To: Kees Cook
  Cc: Linus Torvalds, linux-kernel, Dimitrios Skarlatos, Heiko Carstens,
	Helge Deller, Jann Horn, Kees Cook, Mickaël Salaün,
	Shuah Khan, Tycho Andersen, Tyler Hicks, YiFei Zhu

The pull request you sent on Tue, 15 Dec 2020 12:30:17 -0800:

> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.11-rc1

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/e994cc240a3b75744c33ca9b8d74f71f0fcd8852

Thank you!

-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-12-16 19:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-12-15 20:30 [GIT PULL] seccomp updates for v5.11-rc1 Kees Cook
2020-12-16 19:44 ` pr-tracker-bot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox