[PATCH v3 seccomp 2/5] seccomp/cache: Add "emulator" to check if filter is constant allow
YiFei Zhu
zhuyifei1999 at gmail.com
Thu Oct 1 11:28:32 UTC 2020
On Wed, Sep 30, 2020 at 5:24 PM Jann Horn <jannh at google.com> wrote:
> If you did the architecture enablement for X86 later in the series,
> you could move this part over into that patch, that'd be cleaner.
As in, patch 1: bitmap check logic. patch 2: emulator. patch 3: enable for x86?
> > + * Tis struct is ordered to minimize padding holes.
>
> I think this comment can probably go away, there isn't really much
> trickery around padding holes in the struct as it is now.
Oh right, I was trying the locks and adding bits to indicate if
certain arches are primed, then I undid that.
> > + set_bit(nr, bitmap);
>
> set_bit() is atomic, but since we only do this at filter setup, before
> the filter becomes globally visible, we don't need atomicity here. So
> this should probably use __set_bit() instead.
Right
YiFei Zhu
More information about the Containers
mailing list