diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2016-12-14 16:57:44 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-12-14 16:57:44 -0500 |
| commit | 683b96f4d1d132fcefa4a0bd11916649800d7361 (patch) | |
| tree | 95ba7e1c1edc15639be080773b4c32d2be60b0a4 /kernel/seccomp.c | |
| parent | 0f1d6dfe03ca4e36132221b918499c6f0b0f048d (diff) | |
| parent | 50523a29d900d5a403e0352d3d7aeda6a33df25c (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Generally pretty quiet for this release. Highlights:
Yama:
- allow ptrace access for original parent after re-parenting
TPM:
- add documentation
- many bugfixes & cleanups
- define a generic open() method for ascii & bios measurements
Integrity:
- Harden against malformed xattrs
SELinux:
- bugfixes & cleanups
Smack:
- Remove unnecessary smack_known_invalid label
- Do not apply star label in smack_setprocattr hook
- parse mnt opts after privileges check (fixes unpriv DoS vuln)"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (56 commits)
Yama: allow access for the current ptrace parent
tpm: adjust return value of tpm_read_log
tpm: vtpm_proxy: conditionally call tpm_chip_unregister
tpm: Fix handling of missing event log
tpm: Check the bios_dir entry for NULL before accessing it
tpm: return -ENODEV if np is not set
tpm: cleanup of printk error messages
tpm: replace of_find_node_by_name() with dev of_node property
tpm: redefine read_log() to handle ACPI/OF at runtime
tpm: fix the missing .owner in tpm_bios_measurements_ops
tpm: have event log use the tpm_chip
tpm: drop tpm1_chip_register(/unregister)
tpm: replace dynamically allocated bios_dir with a static array
tpm: replace symbolic permission with octal for securityfs files
char: tpm: fix kerneldoc tpm2_unseal_trusted name typo
tpm_tis: Allow tpm_tis to be bound using DT
tpm, tpm_vtpm_proxy: add kdoc comments for VTPM_PROXY_IOC_NEW_DEV
tpm: Only call pm_runtime_get_sync if device has a parent
tpm: define a generic open() method for ascii & bios measurements
Documentation: tpm: add the Physical TPM device tree binding documentation
...
Diffstat (limited to 'kernel/seccomp.c')
| -rw-r--r-- | kernel/seccomp.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c index bff9c774987a..f7ce79a46050 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c | |||
| @@ -41,8 +41,7 @@ | |||
| 41 | * outside of a lifetime-guarded section. In general, this | 41 | * outside of a lifetime-guarded section. In general, this |
| 42 | * is only needed for handling filters shared across tasks. | 42 | * is only needed for handling filters shared across tasks. |
| 43 | * @prev: points to a previously installed, or inherited, filter | 43 | * @prev: points to a previously installed, or inherited, filter |
| 44 | * @len: the number of instructions in the program | 44 | * @prog: the BPF program to evaluate |
| 45 | * @insnsi: the BPF program instructions to evaluate | ||
| 46 | * | 45 | * |
| 47 | * seccomp_filter objects are organized in a tree linked via the @prev | 46 | * seccomp_filter objects are organized in a tree linked via the @prev |
| 48 | * pointer. For any task, it appears to be a singly-linked list starting | 47 | * pointer. For any task, it appears to be a singly-linked list starting |
| @@ -168,8 +167,8 @@ static int seccomp_check_filter(struct sock_filter *filter, unsigned int flen) | |||
| 168 | } | 167 | } |
| 169 | 168 | ||
| 170 | /** | 169 | /** |
| 171 | * seccomp_run_filters - evaluates all seccomp filters against @syscall | 170 | * seccomp_run_filters - evaluates all seccomp filters against @sd |
| 172 | * @syscall: number of the current system call | 171 | * @sd: optional seccomp data to be passed to filters |
| 173 | * | 172 | * |
| 174 | * Returns valid seccomp BPF response codes. | 173 | * Returns valid seccomp BPF response codes. |
| 175 | */ | 174 | */ |