diff options
| author | Heiko Carstens <heiko.carstens@de.ibm.com> | 2012-07-31 09:37:13 -0400 |
|---|---|---|
| committer | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2012-08-08 10:32:56 -0400 |
| commit | c63cb468f373f479ff52b4a1b75f8ecdeaaf4f16 (patch) | |
| tree | c89dce49ad36350db1eb224a130a183958f66161 /arch/s390 | |
| parent | e206d3da58803de5cd38dc728f6da5221ec18ab0 (diff) | |
s390/seccomp: add support for system call filtering using BPF
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch/s390')
| -rw-r--r-- | arch/s390/Kconfig | 1 | ||||
| -rw-r--r-- | arch/s390/include/asm/syscall.h | 10 | ||||
| -rw-r--r-- | arch/s390/kernel/ptrace.c | 7 |
3 files changed, 17 insertions, 1 deletions
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 76de6b68487c..107610e01a29 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig | |||
| @@ -124,6 +124,7 @@ config S390 | |||
| 124 | select GENERIC_TIME_VSYSCALL | 124 | select GENERIC_TIME_VSYSCALL |
| 125 | select GENERIC_CLOCKEVENTS | 125 | select GENERIC_CLOCKEVENTS |
| 126 | select KTIME_SCALAR if 32BIT | 126 | select KTIME_SCALAR if 32BIT |
| 127 | select HAVE_ARCH_SECCOMP_FILTER | ||
| 127 | 128 | ||
| 128 | config SCHED_OMIT_FRAME_POINTER | 129 | config SCHED_OMIT_FRAME_POINTER |
| 129 | def_bool y | 130 | def_bool y |
diff --git a/arch/s390/include/asm/syscall.h b/arch/s390/include/asm/syscall.h index fb214dd9b7e0..fe7b99759e12 100644 --- a/arch/s390/include/asm/syscall.h +++ b/arch/s390/include/asm/syscall.h | |||
| @@ -12,6 +12,7 @@ | |||
| 12 | #ifndef _ASM_SYSCALL_H | 12 | #ifndef _ASM_SYSCALL_H |
| 13 | #define _ASM_SYSCALL_H 1 | 13 | #define _ASM_SYSCALL_H 1 |
| 14 | 14 | ||
| 15 | #include <linux/audit.h> | ||
| 15 | #include <linux/sched.h> | 16 | #include <linux/sched.h> |
| 16 | #include <linux/err.h> | 17 | #include <linux/err.h> |
| 17 | #include <asm/ptrace.h> | 18 | #include <asm/ptrace.h> |
| @@ -87,4 +88,13 @@ static inline void syscall_set_arguments(struct task_struct *task, | |||
| 87 | regs->orig_gpr2 = args[0]; | 88 | regs->orig_gpr2 = args[0]; |
| 88 | } | 89 | } |
| 89 | 90 | ||
| 91 | static inline int syscall_get_arch(struct task_struct *task, | ||
| 92 | struct pt_regs *regs) | ||
| 93 | { | ||
| 94 | #ifdef CONFIG_COMPAT | ||
| 95 | if (test_tsk_thread_flag(task, TIF_31BIT)) | ||
| 96 | return AUDIT_ARCH_S390; | ||
| 97 | #endif | ||
| 98 | return sizeof(long) == 8 ? AUDIT_ARCH_S390X : AUDIT_ARCH_S390; | ||
| 99 | } | ||
| 90 | #endif /* _ASM_SYSCALL_H */ | 100 | #endif /* _ASM_SYSCALL_H */ |
diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c index f4eb37680b91..e4be113fbac6 100644 --- a/arch/s390/kernel/ptrace.c +++ b/arch/s390/kernel/ptrace.c | |||
| @@ -719,7 +719,11 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) | |||
| 719 | long ret = 0; | 719 | long ret = 0; |
| 720 | 720 | ||
| 721 | /* Do the secure computing check first. */ | 721 | /* Do the secure computing check first. */ |
| 722 | secure_computing_strict(regs->gprs[2]); | 722 | if (secure_computing(regs->gprs[2])) { |
| 723 | /* seccomp failures shouldn't expose any additional code. */ | ||
| 724 | ret = -1; | ||
| 725 | goto out; | ||
| 726 | } | ||
| 723 | 727 | ||
| 724 | /* | 728 | /* |
| 725 | * The sysc_tracesys code in entry.S stored the system | 729 | * The sysc_tracesys code in entry.S stored the system |
| @@ -745,6 +749,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) | |||
| 745 | regs->gprs[2], regs->orig_gpr2, | 749 | regs->gprs[2], regs->orig_gpr2, |
| 746 | regs->gprs[3], regs->gprs[4], | 750 | regs->gprs[3], regs->gprs[4], |
| 747 | regs->gprs[5]); | 751 | regs->gprs[5]); |
| 752 | out: | ||
| 748 | return ret ?: regs->gprs[2]; | 753 | return ret ?: regs->gprs[2]; |
| 749 | } | 754 | } |
| 750 | 755 | ||