[PATCH V2 1/3] seccomp: add generic code for jitted seccomp filters.

Will Drewry wad at chromium.org
Thu Apr 4 15:58:46 EDT 2013


On Mon, Apr 1, 2013 at 4:53 PM, Kees Cook <keescook at chromium.org> wrote:
> On Mon, Mar 18, 2013 at 7:50 AM, Nicolas Schichan <nschichan at freebox.fr> wrote:
>> Architecture must select HAVE_SECCOMP_FILTER_JIT and implement
>> seccomp_jit_compile() and seccomp_jit_free() if they intend to support
>> jitted seccomp filters.
>>
>> struct seccomp_filter has been moved to <linux/seccomp.h> to make its
>> content available to the jit compilation code.
>>
>> In a way similar to the net BPF, the jit compilation code is expected
>> to updates struct seccomp_filter.bpf_func pointer to the generated
>> code.
>>
>> Signed-off-by: Nicolas Schichan <nschichan at freebox.fr>
>
> Acked-by: Kees Cook <keescook at chromium.org>
>
> I'd love to see this for x86 too. I suspect it'd be a small change
> after this series lands.

Agreed - and thanks for working through the necessary changes!

Acked-By: Will Drewry <wad at chromium.org>
(for the series)



More information about the linux-arm-kernel mailing list