ARM: 7888/1: seccomp: not compatible with ARM OABI

Make sure that seccomp filter won't be built when ARM OABI is in use,
since there is work needed to distinguish calling conventions. Until
that is done (which is likely never since OABI is deprecated), make
sure seccomp filter is unavailable in the OABI world.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

1 files changed, 6 insertions, 1 deletions

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index fa5c6003e304..085b31ba287a 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -24,7 +24,7 @@ config ARM
         select HARDIRQS_SW_RESEND
         select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL
         select HAVE_ARCH_KGDB
-        select HAVE_ARCH_SECCOMP_FILTER
+        select HAVE_ARCH_SECCOMP_FILTER if (AEABI && !OABI_COMPAT)
         select HAVE_ARCH_TRACEHOOK
         select HAVE_BPF_JIT
         select HAVE_CONTEXT_TRACKING
@@ -1726,6 +1726,11 @@ config OABI_COMPAT
           in memory differs between the legacy ABI and the new ARM EABI
           (only for non "thumb" binaries). This option adds a tiny
           overhead to all syscalls and produces a slightly larger kernel.
+
+          The seccomp filter system will not be available when this is
+          selected, since there is no way yet to sensibly distinguish
+          between calling conventions during filtering.
+
           If you know you'll be using only pure EABI user space then you
           can say N here. If this option is not selected and you attempt
           to execute a legacy ABI binary then the result will be