aboutsummaryrefslogtreecommitdiffstats
path: root/arch/s390
diff options
context:
space:
mode:
authorHeiko Carstens <heiko.carstens@de.ibm.com>2012-07-31 09:37:13 -0400
committerMartin Schwidefsky <schwidefsky@de.ibm.com>2012-08-08 10:32:56 -0400
commitc63cb468f373f479ff52b4a1b75f8ecdeaaf4f16 (patch)
treec89dce49ad36350db1eb224a130a183958f66161 /arch/s390
parente206d3da58803de5cd38dc728f6da5221ec18ab0 (diff)
s390/seccomp: add support for system call filtering using BPF
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch/s390')
-rw-r--r--arch/s390/Kconfig1
-rw-r--r--arch/s390/include/asm/syscall.h10
-rw-r--r--arch/s390/kernel/ptrace.c7
3 files changed, 17 insertions, 1 deletions
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index 76de6b68487c..107610e01a29 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -124,6 +124,7 @@ config S390
124 select GENERIC_TIME_VSYSCALL 124 select GENERIC_TIME_VSYSCALL
125 select GENERIC_CLOCKEVENTS 125 select GENERIC_CLOCKEVENTS
126 select KTIME_SCALAR if 32BIT 126 select KTIME_SCALAR if 32BIT
127 select HAVE_ARCH_SECCOMP_FILTER
127 128
128config SCHED_OMIT_FRAME_POINTER 129config SCHED_OMIT_FRAME_POINTER
129 def_bool y 130 def_bool y
diff --git a/arch/s390/include/asm/syscall.h b/arch/s390/include/asm/syscall.h
index fb214dd9b7e0..fe7b99759e12 100644
--- a/arch/s390/include/asm/syscall.h
+++ b/arch/s390/include/asm/syscall.h
@@ -12,6 +12,7 @@
12#ifndef _ASM_SYSCALL_H 12#ifndef _ASM_SYSCALL_H
13#define _ASM_SYSCALL_H 1 13#define _ASM_SYSCALL_H 1
14 14
15#include <linux/audit.h>
15#include <linux/sched.h> 16#include <linux/sched.h>
16#include <linux/err.h> 17#include <linux/err.h>
17#include <asm/ptrace.h> 18#include <asm/ptrace.h>
@@ -87,4 +88,13 @@ static inline void syscall_set_arguments(struct task_struct *task,
87 regs->orig_gpr2 = args[0]; 88 regs->orig_gpr2 = args[0];
88} 89}
89 90
91static inline int syscall_get_arch(struct task_struct *task,
92 struct pt_regs *regs)
93{
94#ifdef CONFIG_COMPAT
95 if (test_tsk_thread_flag(task, TIF_31BIT))
96 return AUDIT_ARCH_S390;
97#endif
98 return sizeof(long) == 8 ? AUDIT_ARCH_S390X : AUDIT_ARCH_S390;
99}
90#endif /* _ASM_SYSCALL_H */ 100#endif /* _ASM_SYSCALL_H */
diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c
index f4eb37680b91..e4be113fbac6 100644
--- a/arch/s390/kernel/ptrace.c
+++ b/arch/s390/kernel/ptrace.c
@@ -719,7 +719,11 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
719 long ret = 0; 719 long ret = 0;
720 720
721 /* Do the secure computing check first. */ 721 /* Do the secure computing check first. */
722 secure_computing_strict(regs->gprs[2]); 722 if (secure_computing(regs->gprs[2])) {
723 /* seccomp failures shouldn't expose any additional code. */
724 ret = -1;
725 goto out;
726 }
723 727
724 /* 728 /*
725 * The sysc_tracesys code in entry.S stored the system 729 * The sysc_tracesys code in entry.S stored the system
@@ -745,6 +749,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
745 regs->gprs[2], regs->orig_gpr2, 749 regs->gprs[2], regs->orig_gpr2,
746 regs->gprs[3], regs->gprs[4], 750 regs->gprs[3], regs->gprs[4],
747 regs->gprs[5]); 751 regs->gprs[5]);
752out:
748 return ret ?: regs->gprs[2]; 753 return ret ?: regs->gprs[2];
749} 754}
750 755