Merge tag 'seccomp-v4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

	    results in the system call being skipped immediately.

	  - seccomp syscall wired up

	  For best performance, an arch should use seccomp_phase1 and

	  seccomp_phase2 directly.  It should call seccomp_phase1 for all

	  syscalls if TIF_SECCOMP is set, but seccomp_phase1 does not

	  need to be called from a ptrace-safe context.  It must then

	  call seccomp_phase2 if seccomp_phase1 returns anything other

	  than SECCOMP_PHASE1_OK or SECCOMP_PHASE1_SKIP.

	  As an additional optimization, an arch may provide seccomp_data

	  directly to seccomp_phase1; this avoids multiple calls

	  to the syscall_xyz helpers for every syscall.

config SECCOMP_FILTER

	def_bool y

	depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET

	PT_REGS_SET_SYSCALL_RETURN(regs, -ENOSYS);

	if (syscall_trace_enter(regs))

		return;

		goto out;

	/* Do the seccomp check after ptrace; failures should be fast. */

	if (secure_computing(NULL) == -1)

		return;

		goto out;

	/* Update the syscall number after orig_ax has potentially been updated

	 * with ptrace.

	 */

	UPT_SYSCALL_NR(r) = PT_SYSCALL_NR(r->gp);

	syscall = UPT_SYSCALL_NR(r);

	if (syscall >= 0 && syscall <= __NR_syscall_max)

		PT_REGS_SET_SYSCALL_RETURN(regs,

				EXECUTE_SYSCALL(syscall, regs));

out:

	syscall_trace_leave(regs);

}

	case EAX:

	case EIP:

	case UESP:

		break;

	case ORIG_EAX:

		/* Update the syscall number. */

		UPT_SYSCALL_NR(&child->thread.regs.regs) = value;

		break;

	case FS:

		if (value && (value & 3) != 3)

	case RSI:

	case RDI:

	case RBP:

		break;

	case ORIG_RAX:

		/* Update the syscall number. */

		UPT_SYSCALL_NR(&child->thread.regs.regs) = value;

		break;

	case FS: