Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFE: add seccomp_precompute() to the API #390

Merged
merged 2 commits into from
Sep 22, 2022
Merged

RFE: add seccomp_precompute() to the API #390

merged 2 commits into from
Sep 22, 2022

Conversation

pcmoore
Copy link
Member

@pcmoore pcmoore commented Sep 20, 2022

This patch adds a seccomp_precompute() API to precompute the seccomp filter prior to calling seccomp_load() or similar functions. Not only does this improve the performance of seccomp_load(), it ensures that seccomp_load() is async-signal-safe if no additional changes have been made since the filter was precomputed.

Resolves #123

@pcmoore pcmoore added this to the v2.6.0 milestone Sep 20, 2022
@pcmoore pcmoore self-assigned this Sep 20, 2022
@pcmoore pcmoore mentioned this pull request Sep 20, 2022
Closed
@coveralls
Copy link

coveralls commented Sep 20, 2022
edited
Loading

Coverage Status

Coverage increased (+0.07%) to 89.679% when pulling e797591 on pcmoore:working-precompute into 94f684f on seccomp:main.

drakenclimber
drakenclimber approved these changes Sep 21, 2022
View reviewed changes
Copy link
Member

@drakenclimber drakenclimber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this looks like a good improvement, @pcmoore.

I walked through all of the APIs looking for places that we could have missed a db_col_precompute_reset() call, but I couldn't find any. Nice!

doc/man/man3/seccomp_precompute.3 Outdated Show resolved Hide resolved
@pcmoore
all: use C style comments
8b9fd69 
Signed-off-by: Paul Moore <[email protected]>
@pcmoore
all: add seccomp_precompute() functionality
e797591 
This patch adds a seccomp_precompute() API to precompute the seccomp
filter prior to calling seccomp_load() or similar functions.  Not
only does this improve the performance of seccomp_load(), it ensures
that seccomp_load() is async-signal-safe if no additional changes
have been made since the filter was precomputed.

Python bindings, test, and manpage updates are included in this
patch.

One minor side effect of this change is that seccomp_export_bpf_mem()
now always return the length of the filter in the "len" function
parameter, even in cases where the passed buffer is too small.
Arguably seccomp_export_bpf_mem() should have always behaved this
way.

Signed-off-by: Paul Moore <[email protected]>
@pcmoore pcmoore merged commit e797591 into seccomp:main Sep 22, 2022
@lf- lf- mentioned this pull request Aug 5, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drakenclimber drakenclimber drakenclimber approved these changes

Assignees

@pcmoore pcmoore

Labels
enhancement priority/medium
Projects
None yet
Milestone
v2.6.0
Development

Successfully merging this pull request may close these issues.

RFE: async-signal safe load() of BPF
3 participants
@pcmoore @coveralls @drakenclimber