diff options
| author | Andy Lutomirski <luto@amacapital.net> | 2014-07-21 21:49:14 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2014-09-03 17:58:17 -0400 |
| commit | a4412fc9486ec85686c6c7929e7e829f62ae377e (patch) | |
| tree | a267720d880085452257406ecf6f672ec8cbdbf9 /include/linux/seccomp.h | |
| parent | 70c8038dd698b44daf7c8fc7e2eca142bec694c4 (diff) | |
seccomp,x86,arm,mips,s390: Remove nr parameter from secure_computing
The secure_computing function took a syscall number parameter, but
it only paid any attention to that parameter if seccomp mode 1 was
enabled. Rather than coming up with a kludge to get the parameter
to work in mode 2, just remove the parameter.
To avoid churn in arches that don't have seccomp filters (and may
not even support syscall_get_nr right now), this leaves the
parameter in secure_computing_strict, which is now a real function.
For ARM, this is a bit ugly due to the fact that ARM conditionally
supports seccomp filters. Fixing that would probably only be a
couple of lines of code, but it should be coordinated with the audit
maintainers.
This will be a slight slowdown on some arches. The right fix is to
pass in all of seccomp_data instead of trying to make just the
syscall nr part be fast.
This is a prerequisite for making two-phase seccomp work cleanly.
Cc: Russell King <linux@arm.linux.org.uk>
Cc: linux-arm-kernel@lists.infradead.org
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: linux-s390@vger.kernel.org
Cc: x86@kernel.org
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'include/linux/seccomp.h')
| -rw-r--r-- | include/linux/seccomp.h | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index 5d586a45a319..aa3c040230be 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h | |||
| @@ -27,19 +27,17 @@ struct seccomp { | |||
| 27 | struct seccomp_filter *filter; | 27 | struct seccomp_filter *filter; |
| 28 | }; | 28 | }; |
| 29 | 29 | ||
| 30 | extern int __secure_computing(int); | 30 | #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER |
| 31 | static inline int secure_computing(int this_syscall) | 31 | extern int __secure_computing(void); |
| 32 | static inline int secure_computing(void) | ||
| 32 | { | 33 | { |
| 33 | if (unlikely(test_thread_flag(TIF_SECCOMP))) | 34 | if (unlikely(test_thread_flag(TIF_SECCOMP))) |
| 34 | return __secure_computing(this_syscall); | 35 | return __secure_computing(); |
| 35 | return 0; | 36 | return 0; |
| 36 | } | 37 | } |
| 37 | 38 | #else | |
| 38 | /* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */ | 39 | extern void secure_computing_strict(int this_syscall); |
| 39 | static inline void secure_computing_strict(int this_syscall) | 40 | #endif |
| 40 | { | ||
| 41 | BUG_ON(secure_computing(this_syscall) != 0); | ||
| 42 | } | ||
| 43 | 41 | ||
| 44 | extern long prctl_get_seccomp(void); | 42 | extern long prctl_get_seccomp(void); |
| 45 | extern long prctl_set_seccomp(unsigned long, char __user *); | 43 | extern long prctl_set_seccomp(unsigned long, char __user *); |
| @@ -56,8 +54,11 @@ static inline int seccomp_mode(struct seccomp *s) | |||
| 56 | struct seccomp { }; | 54 | struct seccomp { }; |
| 57 | struct seccomp_filter { }; | 55 | struct seccomp_filter { }; |
| 58 | 56 | ||
| 59 | static inline int secure_computing(int this_syscall) { return 0; } | 57 | #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER |
| 58 | static inline int secure_computing(void) { return 0; } | ||
| 59 | #else | ||
| 60 | static inline void secure_computing_strict(int this_syscall) { return; } | 60 | static inline void secure_computing_strict(int this_syscall) { return; } |
| 61 | #endif | ||
| 61 | 62 | ||
| 62 | static inline long prctl_get_seccomp(void) | 63 | static inline long prctl_get_seccomp(void) |
| 63 | { | 64 | { |