seccomp: Document two-phase seccomp and arch-provided seccomp_data

The description of how archs should implement seccomp filters was still strictly correct, but it failed to describe the newly available optimizations. Signed-off-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Kees Cook <keescook@chromium.org>
author: Andy Lutomirski <luto@amacapital.net> 2014-07-21 21:49:17 -0400
committer: Kees Cook <keescook@chromium.org> 2014-09-03 17:58:17 -0400
commit: ff27f38e0ef978aee4c9f7e3a4f3403aae832de2 (patch)
tree: 34fa7b7f8c1b74a29eed8f59de8d00c396433e14 /arch/Kconfig
parent: d39bd00deabe57420f2a3669eb71b0e0c4997184 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 0eae9df35b88..05d7a8a458d5 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -323,6 +323,17 @@ config HAVE_ARCH_SECCOMP_FILTER
            results in the system call being skipped immediately.
          - seccomp syscall wired up
+          For best performance, an arch should use seccomp_phase1 and
+          seccomp_phase2 directly.  It should call seccomp_phase1 for all
+          syscalls if TIF_SECCOMP is set, but seccomp_phase1 does not
+          need to be called from a ptrace-safe context.  It must then
+          call seccomp_phase2 if seccomp_phase1 returns anything other
+          than SECCOMP_PHASE1_OK or SECCOMP_PHASE1_SKIP.
+          As an additional optimization, an arch may provide seccomp_data
+          directly to seccomp_phase1; this avoids multiple calls
+          to the syscall_xyz helpers for every syscall.
 config SECCOMP_FILTER
        def_bool y
        depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET
author	Andy Lutomirski <luto@amacapital.net>	2014-07-21 21:49:17 -0400
committer	Kees Cook <keescook@chromium.org>	2014-09-03 17:58:17 -0400
commit	ff27f38e0ef978aee4c9f7e3a4f3403aae832de2 (patch)
tree	34fa7b7f8c1b74a29eed8f59de8d00c396433e14 /arch/Kconfig
parent	d39bd00deabe57420f2a3669eb71b0e0c4997184 (diff)

diff --git a/arch/Kconfig b/arch/Kconfig index 0eae9df35b88..05d7a8a458d5 100644 --- a/arch/Kconfig +++ b/arch/Kconfig
@@ -323,6 +323,17 @@ config HAVE_ARCH_SECCOMP_FILTER
323	results in the system call being skipped immediately.	323	results in the system call being skipped immediately.
324	- seccomp syscall wired up	324	- seccomp syscall wired up
325		325
		326	For best performance, an arch should use seccomp_phase1 and
		327	seccomp_phase2 directly. It should call seccomp_phase1 for all
		328	syscalls if TIF_SECCOMP is set, but seccomp_phase1 does not
		329	need to be called from a ptrace-safe context. It must then
		330	call seccomp_phase2 if seccomp_phase1 returns anything other
		331	than SECCOMP_PHASE1_OK or SECCOMP_PHASE1_SKIP.
		332
		333	As an additional optimization, an arch may provide seccomp_data
		334	directly to seccomp_phase1; this avoids multiple calls
		335	to the syscall_xyz helpers for every syscall.
		336
326	config SECCOMP_FILTER	337	config SECCOMP_FILTER
327	def_bool y	338	def_bool y
328	depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET	339	depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET