RFE: move arch/ABI syscall mapping tables into a common location #207
Labels
Milestone
Comments
|
This would also make pre-computing hash tables, like suggested in PR #204, much easier across all the ABIs. |
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Jan 31, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Jan 31, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 23, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 23, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 23, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 23, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 23, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 23, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 28, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 28, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 28, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 28, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 28, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 28, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 28, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 28, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 28, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 29, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 29, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Feb 29, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Mar 6, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Mar 9, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Mar 10, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Mar 10, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Mar 10, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Mar 10, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libseccomp
that referenced
this issue
Mar 11, 2020
use gperf to generate a perfect hash to lookup syscall names. It improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
pcmoore
pushed a commit
to pcmoore/misc-libseccomp
that referenced
this issue
Mar 22, 2020
improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com> [PM: dropped the arch-syscall-validate changes] [PM: replaced the syscalls.csv file] Signed-off-by: Paul Moore <paul@paul-moore.com>
pcmoore
pushed a commit
to pcmoore/misc-libseccomp
that referenced
this issue
Mar 22, 2020
improves significantly the complexity for seccomp_syscall_resolve_name.* since it replaces the expensive strcmp for each syscall in the database, with a lookup table. The complexity for syscall_resolve_num is not changed and it uses the linear search, that is anyway less expensive than seccomp_syscall_resolve_name.* as it uses an index for comparison instead of doing a string comparison. On my machine, calling 1000 seccomp_syscall_resolve_name_arch and seccomp_syscall_resolve_num_arch over the entire syscalls DB passed from ~0.45 sec to ~0.06s. Closes: seccomp#207 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com> [PM: dropped the arch-syscall-validate changes] [PM: replaced the syscalls.csv file] Signed-off-by: Paul Moore <paul@paul-moore.com>
|
Resolved with PR #223. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently updating the internal libseccomp syscall tables is a pain largely because the mapping information is spread across multiple files (e.g. "arch-*-syscalls.c"). I would like to propose we move all of the syscall mapping information into a common file which can then be used to generate the per-arch definitions at build time.
My current thought is to create a new CSV formatted file similar to the limited example below:
Maintaining this file (e.g. adding new syscalls and/or ABIs over time) should be relatively easy due to the number of tools/scripts available for working with CSV files and generating a per-ABI syscall table (arch-X-syscalls.h?) from the CSV should be easy enough. There are some complications for some ABIs which have a fixed offset, e.g. x32/arm/mips/etc., but that should be easy enough to solve with a
__SCMP_NR_BASEprefix similar to what we do today.The text was updated successfully, but these errors were encountered: