Hi Alexei and Daniel I have a question about seccomp.
It seems that after this patch, seccomp no longer needs a helper (seccomp_bpf_load()) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8 Are we detecting that a particular JIT code needs to call at least one function from the kernel at all ? If the filter contains self-contained code (no call, just inline code), then we could use any room in whole vmalloc space, not only from the modules (which is something like 2GB total on x86_64) Thanks.
