seccomp: Allow arch code to provide seccomp_data

populate_seccomp_data is expensive: it works by inspecting task_pt_regs and various other bits to piece together all the information, and it's does so in multiple partially redundant steps. Arch-specific code in the syscall entry path can do much better. Admittedly this adds a bit of additional room for error, but the speedup should be worth it. Signed-off-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Kees Cook <keescook@chromium.org>
author: Andy Lutomirski <luto@amacapital.net> 2014-07-21 21:49:16 -0400
committer: Kees Cook <keescook@chromium.org> 2014-09-03 17:58:17 -0400
commit: d39bd00deabe57420f2a3669eb71b0e0c4997184 (patch)
tree: bc32386d90df23c8d657b6b6a0051a0a59af11fe /include/linux/seccomp.h
parent: 13aa72f0fd0a9f98a41cefb662487269e2f1ad65 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
index 38851085e481..a19ddacdac30 100644
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -39,7 +39,7 @@ static inline int secure_computing(void)
 #define SECCOMP_PHASE1_OK       0
 #define SECCOMP_PHASE1_SKIP     1
-extern u32 seccomp_phase1(void);
+extern u32 seccomp_phase1(struct seccomp_data *sd);
 int seccomp_phase2(u32 phase1_result);
 #else
 extern void secure_computing_strict(int this_syscall);
author	Andy Lutomirski <luto@amacapital.net>	2014-07-21 21:49:16 -0400
committer	Kees Cook <keescook@chromium.org>	2014-09-03 17:58:17 -0400
commit	d39bd00deabe57420f2a3669eb71b0e0c4997184 (patch)
tree	bc32386d90df23c8d657b6b6a0051a0a59af11fe /include/linux/seccomp.h
parent	13aa72f0fd0a9f98a41cefb662487269e2f1ad65 (diff)

diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index 38851085e481..a19ddacdac30 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h
@@ -39,7 +39,7 @@ static inline int secure_computing(void)
39	#define SECCOMP_PHASE1_OK 0	39	#define SECCOMP_PHASE1_OK 0
40	#define SECCOMP_PHASE1_SKIP 1	40	#define SECCOMP_PHASE1_SKIP 1
41		41
42	extern u32 seccomp_phase1(void);	42	extern u32 seccomp_phase1(struct seccomp_data *sd);
43	int seccomp_phase2(u32 phase1_result);	43	int seccomp_phase2(u32 phase1_result);
44	#else	44	#else
45	extern void secure_computing_strict(int this_syscall);	45	extern void secure_computing_strict(int this_syscall);