| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch significantly improves the performance of
seccomp_syscall_resolve_name since it replaces the expensive strcmp
for each syscall in the database, with a lookup table.
The complexity for syscall_resolve_num is not changed and it
uses the linear search, that is anyway less expensive than
seccomp_syscall_resolve_name as it uses an index for comparison
instead of doing a string comparison.
On my machine, calling 1000 seccomp_syscall_resolve_name_arch and
seccomp_syscall_resolve_num_arch over the entire syscalls DB passed
from ~0.45 sec to ~0.06s.
PM: After talking with Giuseppe I made a number of additional
changes, some substantial, the highlights include:
* various style tweaks
* .gitignore fixes
* fixed subject line, tweaked the description
* dropped the arch-syscall-validate changes as they were masking
other problems
* extracted the syscalls.csv and file deletions to other patches
to keep this one more focused
* fixed the x86, x32, arm, all the MIPS ABIs, s390, and s390x ABIs as
the syscall offsets were not properly incorporated into this change
* cleaned up the ABI specific headers
* cleaned up generate_syscalls_perf.sh and renamed to
arch-gperf-generate
* fixed problems with automake's file packaging
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
[PM: see notes in the "PM" section above]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
| |
A variety of updates to reflect changes in the Linux Kernel and
the library itself with the goal of making sure the syscall
checking scripts continue to work.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
| |
Employer agnostic emails make things a lot easier in the long run so
make sure the paul-moore.com address is used whenever it makes sense.
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
|
|
|
|
|
|
|
|
| |
I've been putting off simplifing the arch specific code until we had
enough ABIs to know what simplifications made sense. Well, our
supported ABI list is not quite reasonable so go ahead and clean
things up a bit.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
| |
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two major issues resolved in this patch: proper support for
generating BPF on big endian systems, and ensuring we build the BPF
correctly when the host system does not share the same endianess as
the target platform.
Relevant discussion in LKML regarding BPF on big endian systems:
https://lkml.org/lkml/2012/4/8/87
Inspired by an earlier patch from Markos Chandras.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
| |
Since x86_64 and x32 share the same seccomp filter architecture token
in the kernel we need to do an extra step and verify the syscall
number when checking the architecture.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
| |
We may not always want to have statically defined syscall tables,
e.g. x32, so create a series of functions to access the syscall
tables which should provide us some flexibility.
Signed-off-by: Paul Moore <pmoore@redhat.com>
|
|
Signed-off-by: Paul Moore <pmoore@redhat.com>
|