Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris: "New notable features: - The seccomp work from Will Drewry - PR_{GET,SET}_NO_NEW_PRIVS from Andy Lutomirski - Longer security labels for Smack from Casey Schaufler - Additional ptrace restriction modes for Yama by Kees Cook" Fix up trivial context conflicts in arch/x86/Kconfig and include/linux/filter.h * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (65 commits) apparmor: fix long path failure due to disconnected path apparmor: fix profile lookup for unconfined ima: fix filename hint to reflect script interpreter name KEYS: Don't check for NULL key pointer in key_validate() Smack: allow for significantly longer Smack labels v4 gfp flags for security_inode_alloc()? Smack: recursive tramsmute Yama: replace capable() with ns_capable() TOMOYO: Accept manager programs which do not start with / . KEYS: Add invalidation support KEYS: Do LRU discard in full keyrings KEYS: Permit in-place link replacement in keyring list KEYS: Perform RCU synchronisation on keys prior to key destruction KEYS: Announce key type (un)registration KEYS: Reorganise keys Makefile KEYS: Move the key config into security/keys/Kconfig KEYS: Use the compat keyctl() syscall wrapper on Sparc64 for Sparc32 compat Yama: remove an unused variable samples/seccomp: fix dependencies on arch macros Yama: add additional ptrace scopes ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2012-05-21 23:27:36 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2012-05-21 23:27:36 -0400
commit: cb60e3e65c1b96a4d6444a7a13dc7dd48bc15a2b (patch)
tree: 4322be35db678f6299348a76ad60a2023954af7d /include/asm-generic
parent: 99262a3dafa3290866512ddfb32609198f8973e9 (diff)
parent: ff2bb047c4bce9742e94911eeb44b4d6ff4734ab (diff)
2 files changed, 36 insertions, 0 deletions
diff --git a/include/asm-generic/siginfo.h b/include/asm-generic/siginfo.h
index 5e5e3865f1ed..8ed67779fc09 100644
--- a/include/asm-generic/siginfo.h
+++ b/include/asm-generic/siginfo.h
@@ -98,9 +98,18 @@ typedef struct siginfo {
                        __ARCH_SI_BAND_T _band; /* POLL_IN, POLL_OUT, POLL_MSG */
                        int _fd;
                } _sigpoll;
+                /* SIGSYS */
+                struct {
+                        void __user *_call_addr; /* calling user insn */
+                        int _syscall;   /* triggering system call number */
+                        unsigned int _arch;     /* AUDIT_ARCH_* of syscall */
+                } _sigsys;
        } _sifields;
 } __ARCH_SI_ATTRIBUTES siginfo_t;
+/* If the arch shares siginfo, then it has SIGSYS. */
+#define __ARCH_SIGSYS
 #endif
 /*
@@ -124,6 +133,11 @@ typedef struct siginfo {
 #define si_addr_lsb     _sifields._sigfault._addr_lsb
 #define si_band         _sifields._sigpoll._band
 #define si_fd           _sifields._sigpoll._fd
+#ifdef __ARCH_SIGSYS
+#define si_call_addr    _sifields._sigsys._call_addr
+#define si_syscall      _sifields._sigsys._syscall
+#define si_arch         _sifields._sigsys._arch
+#endif
 #ifdef __KERNEL__
 #define __SI_MASK       0xffff0000u
@@ -134,6 +148,7 @@ typedef struct siginfo {
 #define __SI_CHLD       (4 << 16)
 #define __SI_RT         (5 << 16)
 #define __SI_MESGQ      (6 << 16)
+#define __SI_SYS        (7 << 16)
 #define __SI_CODE(T,N)  ((T) | ((N) & 0xffff))
 #else
 #define __SI_KILL       0
@@ -143,6 +158,7 @@ typedef struct siginfo {
 #define __SI_CHLD       0
 #define __SI_RT         0
 #define __SI_MESGQ      0
+#define __SI_SYS        0
 #define __SI_CODE(T,N)  (N)
 #endif
@@ -240,6 +256,12 @@ typedef struct siginfo {
 #define NSIGPOLL        6
 /*
+ * SIGSYS si_codes
+ */
+#define SYS_SECCOMP             (__SI_SYS|1)    /* seccomp triggered */
+#define NSIGSYS 1
+/*
 * sigevent definitions
 * 
 * It seems likely that SIGEV_THREAD will have to be handled from 
diff --git a/include/asm-generic/syscall.h b/include/asm-generic/syscall.h
index 5c122ae6bfa6..5b09392db673 100644
--- a/include/asm-generic/syscall.h
+++ b/include/asm-generic/syscall.h
@@ -142,4 +142,18 @@ void syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
                           unsigned int i, unsigned int n,
                           const unsigned long *args);
+/**
+ * syscall_get_arch - return the AUDIT_ARCH for the current system call
+ * @task:       task of interest, must be in system call entry tracing
+ * @regs:       task_pt_regs() of @task
+ *
+ * Returns the AUDIT_ARCH_* based on the system call convention in use.
+ *
+ * It's only valid to call this when @task is stopped on entry to a system
+ * call, due to %TIF_SYSCALL_TRACE, %TIF_SYSCALL_AUDIT, or %TIF_SECCOMP.
+ *
+ * Architectures which permit CONFIG_HAVE_ARCH_SECCOMP_FILTER must
+ * provide an implementation of this.
+ */
+int syscall_get_arch(struct task_struct *task, struct pt_regs *regs);
 #endif  /* _ASM_SYSCALL_H */
author	Linus Torvalds <torvalds@linux-foundation.org>	2012-05-21 23:27:36 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2012-05-21 23:27:36 -0400
commit	cb60e3e65c1b96a4d6444a7a13dc7dd48bc15a2b (patch)
tree	4322be35db678f6299348a76ad60a2023954af7d /include/asm-generic
parent	99262a3dafa3290866512ddfb32609198f8973e9 (diff)
parent	ff2bb047c4bce9742e94911eeb44b4d6ff4734ab (diff)