diff options
-rw-r--r-- | arch/microblaze/kernel/ptrace.c | 2 | ||||
-rw-r--r-- | arch/mips/kernel/ptrace.c | 2 | ||||
-rw-r--r-- | arch/powerpc/kernel/ptrace.c | 2 | ||||
-rw-r--r-- | arch/s390/kernel/ptrace.c | 2 | ||||
-rw-r--r-- | arch/sh/kernel/ptrace_32.c | 2 | ||||
-rw-r--r-- | arch/sh/kernel/ptrace_64.c | 2 | ||||
-rw-r--r-- | arch/sparc/kernel/ptrace_64.c | 2 | ||||
-rw-r--r-- | include/linux/seccomp.h | 7 |
8 files changed, 14 insertions, 7 deletions
diff --git a/arch/microblaze/kernel/ptrace.c b/arch/microblaze/kernel/ptrace.c index 6eb2aa927d89..ab1b9db661f3 100644 --- a/arch/microblaze/kernel/ptrace.c +++ b/arch/microblaze/kernel/ptrace.c | |||
@@ -136,7 +136,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) | |||
136 | { | 136 | { |
137 | long ret = 0; | 137 | long ret = 0; |
138 | 138 | ||
139 | secure_computing(regs->r12); | 139 | secure_computing_strict(regs->r12); |
140 | 140 | ||
141 | if (test_thread_flag(TIF_SYSCALL_TRACE) && | 141 | if (test_thread_flag(TIF_SYSCALL_TRACE) && |
142 | tracehook_report_syscall_entry(regs)) | 142 | tracehook_report_syscall_entry(regs)) |
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c index 7c24c2973c6d..4812c6d916e4 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c | |||
@@ -535,7 +535,7 @@ static inline int audit_arch(void) | |||
535 | asmlinkage void syscall_trace_enter(struct pt_regs *regs) | 535 | asmlinkage void syscall_trace_enter(struct pt_regs *regs) |
536 | { | 536 | { |
537 | /* do the secure computing check first */ | 537 | /* do the secure computing check first */ |
538 | secure_computing(regs->regs[2]); | 538 | secure_computing_strict(regs->regs[2]); |
539 | 539 | ||
540 | if (!(current->ptrace & PT_PTRACED)) | 540 | if (!(current->ptrace & PT_PTRACED)) |
541 | goto out; | 541 | goto out; |
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c index 8d8e028893be..dd5e214cdf21 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c | |||
@@ -1710,7 +1710,7 @@ long do_syscall_trace_enter(struct pt_regs *regs) | |||
1710 | { | 1710 | { |
1711 | long ret = 0; | 1711 | long ret = 0; |
1712 | 1712 | ||
1713 | secure_computing(regs->gpr[0]); | 1713 | secure_computing_strict(regs->gpr[0]); |
1714 | 1714 | ||
1715 | if (test_thread_flag(TIF_SYSCALL_TRACE) && | 1715 | if (test_thread_flag(TIF_SYSCALL_TRACE) && |
1716 | tracehook_report_syscall_entry(regs)) | 1716 | tracehook_report_syscall_entry(regs)) |
diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c index 02f300fbf070..4993e689b2c2 100644 --- a/arch/s390/kernel/ptrace.c +++ b/arch/s390/kernel/ptrace.c | |||
@@ -719,7 +719,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) | |||
719 | long ret = 0; | 719 | long ret = 0; |
720 | 720 | ||
721 | /* Do the secure computing check first. */ | 721 | /* Do the secure computing check first. */ |
722 | secure_computing(regs->gprs[2]); | 722 | secure_computing_strict(regs->gprs[2]); |
723 | 723 | ||
724 | /* | 724 | /* |
725 | * The sysc_tracesys code in entry.S stored the system | 725 | * The sysc_tracesys code in entry.S stored the system |
diff --git a/arch/sh/kernel/ptrace_32.c b/arch/sh/kernel/ptrace_32.c index 9698671444e6..81f999a672f6 100644 --- a/arch/sh/kernel/ptrace_32.c +++ b/arch/sh/kernel/ptrace_32.c | |||
@@ -503,7 +503,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) | |||
503 | { | 503 | { |
504 | long ret = 0; | 504 | long ret = 0; |
505 | 505 | ||
506 | secure_computing(regs->regs[0]); | 506 | secure_computing_strict(regs->regs[0]); |
507 | 507 | ||
508 | if (test_thread_flag(TIF_SYSCALL_TRACE) && | 508 | if (test_thread_flag(TIF_SYSCALL_TRACE) && |
509 | tracehook_report_syscall_entry(regs)) | 509 | tracehook_report_syscall_entry(regs)) |
diff --git a/arch/sh/kernel/ptrace_64.c b/arch/sh/kernel/ptrace_64.c index bc81e07dc098..af90339dadcd 100644 --- a/arch/sh/kernel/ptrace_64.c +++ b/arch/sh/kernel/ptrace_64.c | |||
@@ -522,7 +522,7 @@ asmlinkage long long do_syscall_trace_enter(struct pt_regs *regs) | |||
522 | { | 522 | { |
523 | long long ret = 0; | 523 | long long ret = 0; |
524 | 524 | ||
525 | secure_computing(regs->regs[9]); | 525 | secure_computing_strict(regs->regs[9]); |
526 | 526 | ||
527 | if (test_thread_flag(TIF_SYSCALL_TRACE) && | 527 | if (test_thread_flag(TIF_SYSCALL_TRACE) && |
528 | tracehook_report_syscall_entry(regs)) | 528 | tracehook_report_syscall_entry(regs)) |
diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c index 6f97c0767995..484dabac7045 100644 --- a/arch/sparc/kernel/ptrace_64.c +++ b/arch/sparc/kernel/ptrace_64.c | |||
@@ -1062,7 +1062,7 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs) | |||
1062 | int ret = 0; | 1062 | int ret = 0; |
1063 | 1063 | ||
1064 | /* do the secure computing check first */ | 1064 | /* do the secure computing check first */ |
1065 | secure_computing(regs->u_regs[UREG_G1]); | 1065 | secure_computing_strict(regs->u_regs[UREG_G1]); |
1066 | 1066 | ||
1067 | if (test_thread_flag(TIF_SYSCALL_TRACE)) | 1067 | if (test_thread_flag(TIF_SYSCALL_TRACE)) |
1068 | ret = tracehook_report_syscall_entry(regs); | 1068 | ret = tracehook_report_syscall_entry(regs); |
diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index 60f2b350ead7..84f6320da50f 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h | |||
@@ -75,6 +75,12 @@ static inline int secure_computing(int this_syscall) | |||
75 | return 0; | 75 | return 0; |
76 | } | 76 | } |
77 | 77 | ||
78 | /* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */ | ||
79 | static inline void secure_computing_strict(int this_syscall) | ||
80 | { | ||
81 | BUG_ON(secure_computing(this_syscall) != 0); | ||
82 | } | ||
83 | |||
78 | extern long prctl_get_seccomp(void); | 84 | extern long prctl_get_seccomp(void); |
79 | extern long prctl_set_seccomp(unsigned long, char __user *); | 85 | extern long prctl_set_seccomp(unsigned long, char __user *); |
80 | 86 | ||
@@ -91,6 +97,7 @@ struct seccomp { }; | |||
91 | struct seccomp_filter { }; | 97 | struct seccomp_filter { }; |
92 | 98 | ||
93 | static inline int secure_computing(int this_syscall) { return 0; } | 99 | static inline int secure_computing(int this_syscall) { return 0; } |
100 | static inline void secure_computing_strict(int this_syscall) { return; } | ||
94 | 101 | ||
95 | static inline long prctl_get_seccomp(void) | 102 | static inline long prctl_get_seccomp(void) |
96 | { | 103 | { |