[PATCH V2 1/3] seccomp: add generic code for jitted seccomp filters.

Kees Cook keescook at chromium.org
Mon Apr 1 17:53:09 EDT 2013


On Mon, Mar 18, 2013 at 7:50 AM, Nicolas Schichan <nschichan at freebox.fr> wrote:
> Architecture must select HAVE_SECCOMP_FILTER_JIT and implement
> seccomp_jit_compile() and seccomp_jit_free() if they intend to support
> jitted seccomp filters.
>
> struct seccomp_filter has been moved to <linux/seccomp.h> to make its
> content available to the jit compilation code.
>
> In a way similar to the net BPF, the jit compilation code is expected
> to updates struct seccomp_filter.bpf_func pointer to the generated
> code.
>
> Signed-off-by: Nicolas Schichan <nschichan at freebox.fr>

Acked-by: Kees Cook <keescook at chromium.org>

I'd love to see this for x86 too. I suspect it'd be a small change
after this series lands.

Thanks,

-Kees

-- 
Kees Cook
Chrome OS Security



More information about the linux-arm-kernel mailing list