Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c983f0e8 authored by Matt Redfearn's avatar Matt Redfearn Committed by Ralf Baechle
Browse files

seccomp: Get compat syscalls from asm-generic header 



Move retrieval of compat syscall numbers into inline function defined in
asm-generic header so that arches may override it.

[ralf@linux-mips.org: Resolve merge conflict.]

Suggested-by: default avatarPaul Burton <paul.burton@imgtec.com>
Signed-off-by: default avatarMatt Redfearn <matt.redfearn@imgtec.com>
Acked-by: default avatarKees Cook <keescook@chromium.org>
Cc: IMG-MIPSLinuxKerneldevelopers@imgtec.com
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: linux-arch@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/12978/


Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
parent a400bed6

include/asm-generic/seccomp.h

+14 −0
Original line number Diff line number Diff line
@@ -29,4 +29,18 @@ 
#define __NR_seccomp_sigreturn		__NR_rt_sigreturn

#endif



#ifdef CONFIG_COMPAT

#ifndef get_compat_mode1_syscalls

static inline const int *get_compat_mode1_syscalls(void)

{

	static const int mode1_syscalls_32[] = {

		__NR_seccomp_read_32, __NR_seccomp_write_32,

		__NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,

		0, /* null terminated */

	};

	return mode1_syscalls_32;

}

#endif

#endif /* CONFIG_COMPAT */



#endif /* _ASM_GENERIC_SECCOMP_H */

kernel/seccomp.c

+1 −8
Original line number Diff line number Diff line
@@ -518,19 +518,12 @@ static int mode1_syscalls[] = { 
	0, /* null terminated */

};



#ifdef CONFIG_COMPAT

static int mode1_syscalls_32[] = {

	__NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,

	0, /* null terminated */

};

#endif



static void __secure_computing_strict(int this_syscall)

{

	int *syscall_whitelist = mode1_syscalls;

#ifdef CONFIG_COMPAT

	if (in_compat_syscall())

		syscall_whitelist = mode1_syscalls_32;

		syscall_whitelist = get_compat_mode1_syscalls();

#endif

	do {

		if (*syscall_whitelist == this_syscall)