Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 351181cf authored by Andy Lutomirski's avatar Andy Lutomirski Committed by Greg Hackmann
Browse files

BACKPORT: seccomp: Add a seccomp_data parameter secure_computing() 



Currently, if arch code wants to supply seccomp_data directly to
seccomp (which is generally much faster than having seccomp do it
using the syscall_get_xyz() API), it has to use the two-phase
seccomp hooks. Add it to the easy hooks, too.

Cc: linux-arch@vger.kernel.org
Signed-off-by: default avatarAndy Lutomirski <luto@kernel.org>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
(cherry picked from commit 2f275de5d1ed7269913ef9b4c64a13952c0a38e8)

Bug: 119769499
Change-Id: I96876ecd8d1743c289ecef6d2deb65361d1f5baa
[ghackmann@google.com: drop changes to parisc, tile, and um, which
 didn't implement seccomp support in this kernel version]
Signed-off-by: default avatarGreg Hackmann <ghackmann@google.com>
parent 850872d9

arch/arm/kernel/ptrace.c

+1 −1
Original line number Diff line number Diff line
@@ -934,7 +934,7 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno) 


	/* Do the secure computing check first; failures should be fast. */

#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER

	if (secure_computing() == -1)

	if (secure_computing(NULL) == -1)

		return -1;

#else

	/* XXX: remove this once OABI gets fixed */

arch/arm64/kernel/ptrace.c

+1 −1
Original line number Diff line number Diff line
@@ -1255,7 +1255,7 @@ static void tracehook_report_syscall(struct pt_regs *regs, 
asmlinkage int syscall_trace_enter(struct pt_regs *regs)

{

	/* Do the secure computing check first; failures should be fast. */

	if (secure_computing() == -1)

	if (secure_computing(NULL) == -1)

		return -1;



	if (test_thread_flag(TIF_SYSCALL_TRACE))

arch/mips/kernel/ptrace.c

+1 −1
Original line number Diff line number Diff line
@@ -1023,7 +1023,7 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall) 


	current_thread_info()->syscall = syscall;



	if (secure_computing() == -1)

	if (secure_computing(NULL) == -1)

		return -1;



	if (test_thread_flag(TIF_SYSCALL_TRACE) &&

arch/powerpc/kernel/ptrace.c

+1 −1
Original line number Diff line number Diff line
@@ -1783,7 +1783,7 @@ static int do_seccomp(struct pt_regs *regs) 
	 * have already loaded -ENOSYS into r3, or seccomp has put

	 * something else in r3 (via SECCOMP_RET_ERRNO/TRACE).

	 */

	if (__secure_computing())

	if (__secure_computing(NULL))

		return -1;



	/*

arch/s390/kernel/ptrace.c

+1 −1
Original line number Diff line number Diff line
@@ -826,7 +826,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) 
	long ret = 0;



	/* Do the secure computing check first. */

	if (secure_computing()) {

	if (secure_computing(NULL)) {

		/* seccomp failures shouldn't expose any additional code. */

		ret = -1;

		goto out;