From: Kees Cook <keescook@chromium.org>
To: YiFei Zhu <zhuyifei1999@gmail.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>,
Giuseppe Scrivano <gscrivan@redhat.com>,
Valentin Rothberg <vrothber@redhat.com>,
Jann Horn <jannh@google.com>, YiFei Zhu <yifeifz2@illinois.edu>,
Linux Containers <containers@lists.linux-foundation.org>,
Tobin Feldman-Fitzthum <tobin@ibm.com>,
kernel list <linux-kernel@vger.kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Hubertus Franke <frankeh@us.ibm.com>,
David Laight <David.Laight@aculab.com>,
Jack Chen <jianyan2@illinois.edu>,
Dimitrios Skarlatos <dskarlat@cs.cmu.edu>,
Josep Torrellas <torrella@illinois.edu>,
Will Drewry <wad@chromium.org>, bpf <bpf@vger.kernel.org>,
Tianyin Xu <tyxu@illinois.edu>
Subject: Re: [PATCH v4 seccomp 5/5] seccomp/cache: Report cache data through /proc/pid/seccomp_cache
Date: Thu, 22 Oct 2020 15:32:31 -0700 [thread overview]
Message-ID: <202010221520.44C5A7833E@keescook> (raw)
In-Reply-To: <CABqSeASc-3n_LXpYhb+PYkeAOsfSjih4qLMZ5t=q5yckv3w0nQ@mail.gmail.com>
On Thu, Oct 22, 2020 at 03:52:20PM -0500, YiFei Zhu wrote:
> On Mon, Oct 12, 2020 at 7:31 PM YiFei Zhu <zhuyifei1999@gmail.com> wrote:
> >
> > On Mon, Oct 12, 2020 at 5:57 PM Kees Cook <keescook@chromium.org> wrote:
> > > I think it's fine to just have this "dangle" with a help text update of
> > > "if seccomp action caching is supported by the architecture, provide the
> > > /proc/$pid ..."
> >
> > I think it would be weird if someone sees this help text and wonder...
> > "hmm does my architecture support seccomp action caching" and without
> > a clear pointer to how seccomp action cache works, goes and compiles
> > the kernel with this config option on for the purpose of knowing if
> > their arch supports it... Or, is it a common practice in the kernel to
> > leave dangling configs?
>
> Bump, in case this question was missed.
I've been going back and forth on this, and I think what I've settled
on is I'd like to avoid new CONFIG dependencies just for this feature.
Instead, how about we just fill in SECCOMP_NATIVE and SECCOMP_COMPAT
for all the HAVE_ARCH_SECCOMP_FILTER architectures, and then the
cache reporting can be cleanly tied to CONFIG_SECCOMP_FILTER? It
should be relatively simple to extract those details and make
SECCOMP_ARCH_{NATIVE,COMPAT}_NAME part of the per-arch enabling patches?
> I don't really want to miss the 5.10 merge window...
Sorry, the 5.10 merge window is already closed for stuff that hasn't
already been in -next. Most subsystem maintainers (myself included)
don't take new features into their trees between roughly N-rc6 and
(N+1)-rc1. My plan is to put this in my -next tree after -rc1 is released
(expected to be Oct 25th).
I'd still like to get more specific workload performance numbers too.
The microbenchmark is nice, but getting things like build times under
docker's default seccomp filter, etc would be lovely. I've almost gotten
there, but my benchmarks are still really noisy and CPU isolation
continues to frustrate me. :)
--
Kees Cook
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/containers
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: YiFei Zhu <zhuyifei1999@gmail.com>
Cc: Linux Containers <containers@lists.linux-foundation.org>,
YiFei Zhu <yifeifz2@illinois.edu>, bpf <bpf@vger.kernel.org>,
kernel list <linux-kernel@vger.kernel.org>,
Aleksa Sarai <cyphar@cyphar.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Andy Lutomirski <luto@amacapital.net>,
David Laight <David.Laight@aculab.com>,
Dimitrios Skarlatos <dskarlat@cs.cmu.edu>,
Giuseppe Scrivano <gscrivan@redhat.com>,
Hubertus Franke <frankeh@us.ibm.com>,
Jack Chen <jianyan2@illinois.edu>, Jann Horn <jannh@google.com>,
Josep Torrellas <torrella@illinois.edu>,
Tianyin Xu <tyxu@illinois.edu>,
Tobin Feldman-Fitzthum <tobin@ibm.com>,
Tycho Andersen <tycho@tycho.pizza>,
Valentin Rothberg <vrothber@redhat.com>,
Will Drewry <wad@chromium.org>
Subject: Re: [PATCH v4 seccomp 5/5] seccomp/cache: Report cache data through /proc/pid/seccomp_cache
Date: Thu, 22 Oct 2020 15:32:31 -0700 [thread overview]
Message-ID: <202010221520.44C5A7833E@keescook> (raw)
In-Reply-To: <CABqSeASc-3n_LXpYhb+PYkeAOsfSjih4qLMZ5t=q5yckv3w0nQ@mail.gmail.com>
On Thu, Oct 22, 2020 at 03:52:20PM -0500, YiFei Zhu wrote:
> On Mon, Oct 12, 2020 at 7:31 PM YiFei Zhu <zhuyifei1999@gmail.com> wrote:
> >
> > On Mon, Oct 12, 2020 at 5:57 PM Kees Cook <keescook@chromium.org> wrote:
> > > I think it's fine to just have this "dangle" with a help text update of
> > > "if seccomp action caching is supported by the architecture, provide the
> > > /proc/$pid ..."
> >
> > I think it would be weird if someone sees this help text and wonder...
> > "hmm does my architecture support seccomp action caching" and without
> > a clear pointer to how seccomp action cache works, goes and compiles
> > the kernel with this config option on for the purpose of knowing if
> > their arch supports it... Or, is it a common practice in the kernel to
> > leave dangling configs?
>
> Bump, in case this question was missed.
I've been going back and forth on this, and I think what I've settled
on is I'd like to avoid new CONFIG dependencies just for this feature.
Instead, how about we just fill in SECCOMP_NATIVE and SECCOMP_COMPAT
for all the HAVE_ARCH_SECCOMP_FILTER architectures, and then the
cache reporting can be cleanly tied to CONFIG_SECCOMP_FILTER? It
should be relatively simple to extract those details and make
SECCOMP_ARCH_{NATIVE,COMPAT}_NAME part of the per-arch enabling patches?
> I don't really want to miss the 5.10 merge window...
Sorry, the 5.10 merge window is already closed for stuff that hasn't
already been in -next. Most subsystem maintainers (myself included)
don't take new features into their trees between roughly N-rc6 and
(N+1)-rc1. My plan is to put this in my -next tree after -rc1 is released
(expected to be Oct 25th).
I'd still like to get more specific workload performance numbers too.
The microbenchmark is nice, but getting things like build times under
docker's default seccomp filter, etc would be lovely. I've almost gotten
there, but my benchmarks are still really noisy and CPU isolation
continues to frustrate me. :)
--
Kees Cook
next prev parent reply other threads:[~2020-10-22 22:32 UTC|newest]
Thread overview: 302+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-21 5:35 [RFC PATCH seccomp 0/2] seccomp: Add bitmap cache of arg-independent filter results that allow syscalls YiFei Zhu
2020-09-21 5:35 ` YiFei Zhu
2020-09-21 5:35 ` [RFC PATCH seccomp 1/2] seccomp/cache: Add "emulator" to check if filter is arg-dependent YiFei Zhu
2020-09-21 5:35 ` YiFei Zhu
2020-09-21 17:47 ` Jann Horn via Containers
2020-09-21 17:47 ` Jann Horn
2020-09-21 18:38 ` Jann Horn via Containers
2020-09-21 18:38 ` Jann Horn
2020-09-21 23:44 ` YiFei Zhu
2020-09-21 23:44 ` YiFei Zhu
2020-09-22 0:25 ` Jann Horn via Containers
2020-09-22 0:25 ` Jann Horn
2020-09-22 0:47 ` YiFei Zhu
2020-09-22 0:47 ` YiFei Zhu
2020-09-21 5:35 ` [RFC PATCH seccomp 2/2] seccomp/cache: Cache filter results that allow syscalls YiFei Zhu
2020-09-21 5:35 ` YiFei Zhu
2020-09-21 18:08 ` Jann Horn via Containers
2020-09-21 18:08 ` Jann Horn
2020-09-21 22:50 ` YiFei Zhu
2020-09-21 22:50 ` YiFei Zhu
2020-09-21 22:57 ` Jann Horn via Containers
2020-09-21 22:57 ` Jann Horn
2020-09-21 23:08 ` YiFei Zhu
2020-09-21 23:08 ` YiFei Zhu
2020-09-25 0:01 ` [PATCH v2 seccomp 2/6] asm/syscall.h: Add syscall_arches[] array Kees Cook
2020-09-25 0:01 ` Kees Cook
2020-09-25 0:15 ` Jann Horn via Containers
2020-09-25 0:15 ` Jann Horn
2020-09-25 0:18 ` Al Viro
2020-09-25 0:18 ` Al Viro
2020-09-25 0:24 ` Jann Horn via Containers
2020-09-25 0:24 ` Jann Horn
2020-09-25 1:27 ` YiFei Zhu
2020-09-25 1:27 ` YiFei Zhu
2020-09-25 3:09 ` Kees Cook
2020-09-25 3:09 ` Kees Cook
2020-09-25 3:28 ` YiFei Zhu
2020-09-25 3:28 ` YiFei Zhu
2020-09-25 16:39 ` YiFei Zhu
2020-09-25 16:39 ` YiFei Zhu
2020-09-21 5:48 ` [RFC PATCH seccomp 0/2] seccomp: Add bitmap cache of arg-independent filter results that allow syscalls Sargun Dhillon
2020-09-21 5:48 ` Sargun Dhillon
2020-09-21 7:13 ` YiFei Zhu
2020-09-21 7:13 ` YiFei Zhu
2020-09-21 8:30 ` Christian Brauner
2020-09-21 8:30 ` Christian Brauner
2020-09-21 8:44 ` YiFei Zhu
2020-09-21 8:44 ` YiFei Zhu
2020-09-21 13:51 ` Tycho Andersen
2020-09-21 13:51 ` Tycho Andersen
2020-09-21 15:27 ` YiFei Zhu
2020-09-21 15:27 ` YiFei Zhu
2020-09-21 16:39 ` Tycho Andersen
2020-09-21 16:39 ` Tycho Andersen
2020-09-21 22:57 ` YiFei Zhu
2020-09-21 22:57 ` YiFei Zhu
2020-09-21 19:16 ` Jann Horn via Containers
2020-09-21 19:16 ` Jann Horn
2020-09-21 19:35 ` Hubertus Franke
2020-09-21 19:45 ` Jann Horn via Containers
2020-09-21 19:45 ` Jann Horn
2020-09-23 19:26 ` Kees Cook
2020-09-23 19:26 ` Kees Cook
2020-09-23 22:54 ` YiFei Zhu
2020-09-23 22:54 ` YiFei Zhu
2020-09-24 6:52 ` Kees Cook
2020-09-24 6:52 ` Kees Cook
2020-09-24 12:06 ` [PATCH seccomp 0/6] " YiFei Zhu
2020-09-24 12:06 ` YiFei Zhu
2020-09-24 12:06 ` [PATCH seccomp 1/6] seccomp: Move config option SECCOMP to arch/Kconfig YiFei Zhu
2020-09-24 12:06 ` YiFei Zhu
2020-09-24 12:06 ` YiFei Zhu
2020-09-24 12:06 ` YiFei Zhu
2020-09-24 12:06 ` [PATCH seccomp 2/6] asm/syscall.h: Add syscall_arches[] array YiFei Zhu
2020-09-24 12:06 ` YiFei Zhu
2020-09-24 12:06 ` [PATCH seccomp 3/6] seccomp/cache: Add "emulator" to check if filter is arg-dependent YiFei Zhu
2020-09-24 12:06 ` YiFei Zhu
2020-09-24 12:06 ` [PATCH seccomp 4/6] seccomp/cache: Lookup syscall allowlist for fast path YiFei Zhu
2020-09-24 12:06 ` YiFei Zhu
2020-09-24 12:06 ` [PATCH seccomp 5/6] selftests/seccomp: Compare bitmap vs filter overhead YiFei Zhu
2020-09-24 12:06 ` YiFei Zhu
2020-09-24 12:06 ` [PATCH seccomp 6/6] seccomp/cache: Report cache data through /proc/pid/seccomp_cache YiFei Zhu
2020-09-24 12:06 ` YiFei Zhu
2020-09-24 12:44 ` [PATCH v2 seccomp 0/6] seccomp: Add bitmap cache of arg-independent filter results that allow syscalls YiFei Zhu
2020-09-24 12:44 ` YiFei Zhu
2020-09-24 12:44 ` [PATCH v2 seccomp 1/6] seccomp: Move config option SECCOMP to arch/Kconfig YiFei Zhu
2020-09-24 12:44 ` YiFei Zhu
2020-09-24 19:11 ` Kees Cook
2020-09-24 19:11 ` Kees Cook
2020-10-27 9:52 ` Geert Uytterhoeven
2020-10-27 9:52 ` Geert Uytterhoeven
2020-10-27 19:08 ` YiFei Zhu
2020-10-27 19:08 ` YiFei Zhu
2020-10-28 0:06 ` Kees Cook
2020-10-28 0:06 ` Kees Cook
2020-10-28 8:18 ` Geert Uytterhoeven
2020-10-28 8:18 ` Geert Uytterhoeven
2020-10-28 9:34 ` Jann Horn via Containers
2020-10-28 9:34 ` Jann Horn
2020-09-24 12:44 ` [PATCH v2 seccomp 2/6] asm/syscall.h: Add syscall_arches[] array YiFei Zhu
2020-09-24 12:44 ` YiFei Zhu
2020-09-24 13:47 ` David Laight
2020-09-24 13:47 ` David Laight
2020-09-24 14:16 ` YiFei Zhu
2020-09-24 14:16 ` YiFei Zhu
2020-09-24 14:20 ` David Laight
2020-09-24 14:20 ` David Laight
2020-09-24 14:37 ` YiFei Zhu
2020-09-24 14:37 ` YiFei Zhu
2020-09-24 16:02 ` YiFei Zhu
2020-09-24 16:02 ` YiFei Zhu
2020-09-24 12:44 ` [PATCH v2 seccomp 3/6] seccomp/cache: Add "emulator" to check if filter is arg-dependent YiFei Zhu
2020-09-24 12:44 ` YiFei Zhu
2020-09-24 23:25 ` Kees Cook
2020-09-24 23:25 ` Kees Cook
2020-09-25 3:04 ` YiFei Zhu
2020-09-25 3:04 ` YiFei Zhu
2020-09-25 16:45 ` YiFei Zhu
2020-09-25 16:45 ` YiFei Zhu
2020-09-25 19:42 ` Kees Cook
2020-09-25 19:42 ` Kees Cook
2020-09-25 19:51 ` Andy Lutomirski
2020-09-25 19:51 ` Andy Lutomirski
2020-09-25 20:37 ` Kees Cook
2020-09-25 20:37 ` Kees Cook
2020-09-25 21:07 ` Andy Lutomirski
2020-09-25 21:07 ` Andy Lutomirski
2020-09-25 23:49 ` Kees Cook
2020-09-25 23:49 ` Kees Cook
2020-09-26 0:34 ` Andy Lutomirski
2020-09-26 0:34 ` Andy Lutomirski
2020-09-26 1:23 ` YiFei Zhu
2020-09-26 1:23 ` YiFei Zhu
2020-09-26 2:47 ` Andy Lutomirski
2020-09-26 2:47 ` Andy Lutomirski
2020-09-26 4:35 ` Kees Cook
2020-09-26 4:35 ` Kees Cook
2020-09-24 12:44 ` [PATCH v2 seccomp 4/6] seccomp/cache: Lookup syscall allowlist for fast path YiFei Zhu
2020-09-24 12:44 ` YiFei Zhu
2020-09-24 23:46 ` Kees Cook
2020-09-24 23:46 ` Kees Cook
2020-09-25 1:55 ` YiFei Zhu
2020-09-25 1:55 ` YiFei Zhu
2020-09-24 12:44 ` [PATCH v2 seccomp 5/6] selftests/seccomp: Compare bitmap vs filter overhead YiFei Zhu
2020-09-24 12:44 ` YiFei Zhu
2020-09-24 23:47 ` Kees Cook
2020-09-24 23:47 ` Kees Cook
2020-09-25 1:35 ` YiFei Zhu
2020-09-25 1:35 ` YiFei Zhu
2020-09-24 12:44 ` [PATCH v2 seccomp 6/6] seccomp/cache: Report cache data through /proc/pid/seccomp_cache YiFei Zhu
2020-09-24 12:44 ` YiFei Zhu
2020-09-24 23:56 ` Kees Cook
2020-09-24 23:56 ` Kees Cook
2020-09-25 3:11 ` YiFei Zhu
2020-09-25 3:11 ` YiFei Zhu
2020-09-25 3:26 ` Kees Cook
2020-09-25 3:26 ` Kees Cook
2020-09-30 15:19 ` [PATCH v3 seccomp 0/5] seccomp: Add bitmap cache of constant allow filter results YiFei Zhu
2020-09-30 15:19 ` YiFei Zhu
2020-09-30 15:19 ` [PATCH v3 seccomp 1/5] x86: Enable seccomp architecture tracking YiFei Zhu
2020-09-30 15:19 ` YiFei Zhu
2020-09-30 21:21 ` Kees Cook
2020-09-30 21:21 ` Kees Cook
2020-09-30 21:33 ` Jann Horn via Containers
2020-09-30 21:33 ` Jann Horn
2020-09-30 22:53 ` Kees Cook
2020-09-30 22:53 ` Kees Cook
2020-09-30 23:15 ` Jann Horn via Containers
2020-09-30 23:15 ` Jann Horn
2020-09-30 15:19 ` [PATCH v3 seccomp 2/5] seccomp/cache: Add "emulator" to check if filter is constant allow YiFei Zhu
2020-09-30 15:19 ` YiFei Zhu
2020-09-30 22:24 ` Jann Horn via Containers
2020-09-30 22:24 ` Jann Horn
2020-09-30 22:49 ` Kees Cook
2020-09-30 22:49 ` Kees Cook
2020-10-01 11:28 ` YiFei Zhu
2020-10-01 11:28 ` YiFei Zhu
2020-10-01 21:08 ` Jann Horn via Containers
2020-10-01 21:08 ` Jann Horn
2020-09-30 22:40 ` Kees Cook
2020-09-30 22:40 ` Kees Cook
2020-10-01 11:52 ` YiFei Zhu
2020-10-01 11:52 ` YiFei Zhu
2020-10-01 21:05 ` Kees Cook
2020-10-01 21:05 ` Kees Cook
2020-10-02 11:08 ` YiFei Zhu
2020-10-02 11:08 ` YiFei Zhu
2020-10-09 4:47 ` YiFei Zhu
2020-10-09 4:47 ` YiFei Zhu
2020-10-09 5:41 ` Kees Cook
2020-10-09 5:41 ` Kees Cook
2020-09-30 15:19 ` [PATCH v3 seccomp 3/5] seccomp/cache: Lookup syscall allowlist for fast path YiFei Zhu
2020-09-30 15:19 ` YiFei Zhu
2020-09-30 21:32 ` Kees Cook
2020-09-30 21:32 ` Kees Cook
2020-10-09 0:17 ` YiFei Zhu
2020-10-09 0:17 ` YiFei Zhu
2020-10-09 5:35 ` Kees Cook
2020-10-09 5:35 ` Kees Cook
2020-09-30 15:19 ` [PATCH v3 seccomp 4/5] selftests/seccomp: Compare bitmap vs filter overhead YiFei Zhu
2020-09-30 15:19 ` YiFei Zhu
2020-09-30 15:19 ` [PATCH v3 seccomp 5/5] seccomp/cache: Report cache data through /proc/pid/seccomp_cache YiFei Zhu
2020-09-30 15:19 ` YiFei Zhu
2020-09-30 22:00 ` Jann Horn via Containers
2020-09-30 22:00 ` Jann Horn
2020-09-30 23:12 ` Kees Cook
2020-09-30 23:12 ` Kees Cook
2020-10-01 12:06 ` YiFei Zhu
2020-10-01 12:06 ` YiFei Zhu
2020-10-01 16:05 ` Jann Horn via Containers
2020-10-01 16:05 ` Jann Horn
2020-10-01 16:18 ` YiFei Zhu
2020-10-01 16:18 ` YiFei Zhu
2020-09-30 22:59 ` Kees Cook
2020-09-30 22:59 ` Kees Cook
2020-09-30 23:08 ` Jann Horn via Containers
2020-09-30 23:08 ` Jann Horn
2020-09-30 23:21 ` Kees Cook
2020-09-30 23:21 ` Kees Cook
2020-10-09 17:14 ` [PATCH v4 seccomp 0/5] seccomp: Add bitmap cache of constant allow filter results YiFei Zhu
2020-10-09 17:14 ` YiFei Zhu
2020-10-09 17:14 ` [PATCH v4 seccomp 1/5] seccomp/cache: Lookup syscall allowlist bitmap for fast path YiFei Zhu
2020-10-09 17:14 ` YiFei Zhu
2020-10-09 21:30 ` Jann Horn via Containers
2020-10-09 21:30 ` Jann Horn
2020-10-09 23:18 ` Kees Cook
2020-10-09 23:18 ` Kees Cook
2020-10-09 17:14 ` [PATCH v4 seccomp 2/5] seccomp/cache: Add "emulator" to check if filter is constant allow YiFei Zhu
2020-10-09 17:14 ` YiFei Zhu
2020-10-09 21:30 ` Jann Horn via Containers
2020-10-09 21:30 ` Jann Horn
2020-10-09 22:47 ` Kees Cook
2020-10-09 22:47 ` Kees Cook
2020-10-09 17:14 ` [PATCH v4 seccomp 3/5] x86: Enable seccomp architecture tracking YiFei Zhu
2020-10-09 17:14 ` YiFei Zhu
2020-10-09 17:25 ` Andy Lutomirski
2020-10-09 17:25 ` Andy Lutomirski
2020-10-09 18:32 ` YiFei Zhu
2020-10-09 18:32 ` YiFei Zhu
2020-10-09 20:59 ` Andy Lutomirski
2020-10-09 20:59 ` Andy Lutomirski
2020-10-09 17:14 ` [PATCH v4 seccomp 4/5] selftests/seccomp: Compare bitmap vs filter overhead YiFei Zhu
2020-10-09 17:14 ` YiFei Zhu
2020-10-09 17:14 ` [PATCH v4 seccomp 5/5] seccomp/cache: Report cache data through /proc/pid/seccomp_cache YiFei Zhu
2020-10-09 17:14 ` YiFei Zhu
2020-10-09 21:24 ` kernel test robot
2020-10-09 21:24 ` kernel test robot
2020-10-09 21:24 ` kernel test robot
2020-10-09 21:45 ` Jann Horn via Containers
2020-10-09 21:45 ` Jann Horn
2020-10-09 23:14 ` Kees Cook
2020-10-09 23:14 ` Kees Cook
2020-10-10 13:26 ` YiFei Zhu
2020-10-10 13:26 ` YiFei Zhu
2020-10-12 22:57 ` Kees Cook
2020-10-12 22:57 ` Kees Cook
2020-10-13 0:31 ` YiFei Zhu
2020-10-13 0:31 ` YiFei Zhu
2020-10-22 20:52 ` YiFei Zhu
2020-10-22 20:52 ` YiFei Zhu
2020-10-22 22:32 ` Kees Cook [this message]
2020-10-22 22:32 ` Kees Cook
2020-10-22 23:40 ` YiFei Zhu
2020-10-22 23:40 ` YiFei Zhu
2020-10-24 2:51 ` Kees Cook
2020-10-24 2:51 ` Kees Cook
2020-10-30 12:18 ` YiFei Zhu
2020-10-30 12:18 ` YiFei Zhu
2020-11-03 13:00 ` YiFei Zhu
2020-11-03 13:00 ` YiFei Zhu
2020-11-04 0:29 ` Kees Cook
2020-11-04 0:29 ` Kees Cook
2020-11-04 11:40 ` YiFei Zhu
2020-11-04 11:40 ` YiFei Zhu
2020-11-04 18:57 ` Kees Cook
2020-11-04 18:57 ` Kees Cook
2020-10-11 15:47 ` [PATCH v5 seccomp 0/5]seccomp: Add bitmap cache of constant allow filter results YiFei Zhu
2020-10-11 15:47 ` YiFei Zhu
2020-10-11 15:47 ` [PATCH v5 seccomp 1/5] seccomp/cache: Lookup syscall allowlist bitmap for fast path YiFei Zhu
2020-10-11 15:47 ` YiFei Zhu
2020-10-12 6:42 ` Jann Horn via Containers
2020-10-12 6:42 ` Jann Horn
2020-10-11 15:47 ` [PATCH v5 seccomp 2/5] seccomp/cache: Add "emulator" to check if filter is constant allow YiFei Zhu
2020-10-11 15:47 ` YiFei Zhu
2020-10-12 6:46 ` Jann Horn via Containers
2020-10-12 6:46 ` Jann Horn
2020-10-11 15:47 ` [PATCH v5 seccomp 3/5] x86: Enable seccomp architecture tracking YiFei Zhu
2020-10-11 15:47 ` YiFei Zhu
2020-10-11 15:47 ` [PATCH v5 seccomp 4/5] selftests/seccomp: Compare bitmap vs filter overhead YiFei Zhu
2020-10-11 15:47 ` YiFei Zhu
2020-10-11 15:47 ` [PATCH v5 seccomp 5/5] seccomp/cache: Report cache data through /proc/pid/seccomp_cache YiFei Zhu
2020-10-11 15:47 ` YiFei Zhu
2020-10-12 6:49 ` Jann Horn via Containers
2020-10-12 6:49 ` Jann Horn
2020-12-17 12:14 ` Geert Uytterhoeven
2020-12-17 12:14 ` Geert Uytterhoeven
2020-12-17 18:34 ` YiFei Zhu
2020-12-17 18:34 ` YiFei Zhu
2020-12-18 12:35 ` Geert Uytterhoeven
2020-12-18 12:35 ` Geert Uytterhoeven
2020-10-27 19:14 ` [PATCH v5 seccomp 0/5]seccomp: Add bitmap cache of constant allow filter results Kees Cook
2020-10-27 19:14 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202010221520.44C5A7833E@keescook \
--to=keescook@chromium.org \
--cc=David.Laight@aculab.com \
--cc=aarcange@redhat.com \
--cc=bpf@vger.kernel.org \
--cc=containers@lists.linux-foundation.org \
--cc=dskarlat@cs.cmu.edu \
--cc=frankeh@us.ibm.com \
--cc=gscrivan@redhat.com \
--cc=jannh@google.com \
--cc=jianyan2@illinois.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=tobin@ibm.com \
--cc=torrella@illinois.edu \
--cc=tyxu@illinois.edu \
--cc=vrothber@redhat.com \
--cc=wad@chromium.org \
--cc=yifeifz2@illinois.edu \
--cc=zhuyifei1999@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.