diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2016-07-29 20:38:46 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-07-29 20:38:46 -0400 |
| commit | 7a1e8b80fb1e8ead4cec15d1fc494ed290e4d2e9 (patch) | |
| tree | 55a36d4256f1ae793b5c8e88c0f158737447193f /arch/um/kernel | |
| parent | a867d7349e94b6409b08629886a819f802377e91 (diff) | |
| parent | 7616ac70d1bb4f2e9d25c1a82d283f3368a7b632 (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Highlights:
- TPM core and driver updates/fixes
- IPv6 security labeling (CALIPSO)
- Lots of Apparmor fixes
- Seccomp: remove 2-phase API, close hole where ptrace can change
syscall #"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (156 commits)
apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling
tpm: Add TPM 2.0 support to the Nuvoton i2c driver (NPCT6xx family)
tpm: Factor out common startup code
tpm: use devm_add_action_or_reset
tpm2_i2c_nuvoton: add irq validity check
tpm: read burstcount from TPM_STS in one 32-bit transaction
tpm: fix byte-order for the value read by tpm2_get_tpm_pt
tpm_tis_core: convert max timeouts from msec to jiffies
apparmor: fix arg_size computation for when setprocattr is null terminated
apparmor: fix oops, validate buffer size in apparmor_setprocattr()
apparmor: do not expose kernel stack
apparmor: fix module parameters can be changed after policy is locked
apparmor: fix oops in profile_unpack() when policy_db is not present
apparmor: don't check for vmalloc_addr if kvzalloc() failed
apparmor: add missing id bounds check on dfa verification
apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task
apparmor: use list_next_entry instead of list_entry_next
apparmor: fix refcount race when finding a child profile
apparmor: fix ref count leak when profile sha1 hash is read
apparmor: check that xindex is in trans_table bounds
...
Diffstat (limited to 'arch/um/kernel')
| -rw-r--r-- | arch/um/kernel/skas/syscall.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/arch/um/kernel/skas/syscall.c b/arch/um/kernel/skas/syscall.c index 48b0dcbd87be..ef4b8f949b51 100644 --- a/arch/um/kernel/skas/syscall.c +++ b/arch/um/kernel/skas/syscall.c | |||
| @@ -20,12 +20,12 @@ void handle_syscall(struct uml_pt_regs *r) | |||
| 20 | UPT_SYSCALL_NR(r) = PT_SYSCALL_NR(r->gp); | 20 | UPT_SYSCALL_NR(r) = PT_SYSCALL_NR(r->gp); |
| 21 | PT_REGS_SET_SYSCALL_RETURN(regs, -ENOSYS); | 21 | PT_REGS_SET_SYSCALL_RETURN(regs, -ENOSYS); |
| 22 | 22 | ||
| 23 | /* Do the secure computing check first; failures should be fast. */ | 23 | if (syscall_trace_enter(regs)) |
| 24 | if (secure_computing() == -1) | ||
| 25 | return; | 24 | return; |
| 26 | 25 | ||
| 27 | if (syscall_trace_enter(regs)) | 26 | /* Do the seccomp check after ptrace; failures should be fast. */ |
| 28 | goto out; | 27 | if (secure_computing(NULL) == -1) |
| 28 | return; | ||
| 29 | 29 | ||
| 30 | /* Update the syscall number after orig_ax has potentially been updated | 30 | /* Update the syscall number after orig_ax has potentially been updated |
| 31 | * with ptrace. | 31 | * with ptrace. |
| @@ -37,6 +37,5 @@ void handle_syscall(struct uml_pt_regs *r) | |||
| 37 | PT_REGS_SET_SYSCALL_RETURN(regs, | 37 | PT_REGS_SET_SYSCALL_RETURN(regs, |
| 38 | EXECUTE_SYSCALL(syscall, regs)); | 38 | EXECUTE_SYSCALL(syscall, regs)); |
| 39 | 39 | ||
| 40 | out: | ||
| 41 | syscall_trace_leave(regs); | 40 | syscall_trace_leave(regs); |
| 42 | } | 41 | } |