]> git.baikalelectronics.ru Git - kernel.git/commitdiff
Merge tag 'seccomp-v5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees...
authorLinus Torvalds <torvalds@linux-foundation.org>
Sun, 1 Dec 2019 01:23:16 +0000 (17:23 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Sun, 1 Dec 2019 01:23:16 +0000 (17:23 -0800)
Pull seccomp updates from Kees Cook:
 "Mostly this is implementing the new flag SECCOMP_USER_NOTIF_FLAG_CONTINUE,
  but there are cleanups as well.

   - implement SECCOMP_USER_NOTIF_FLAG_CONTINUE (Christian Brauner)

   - fixes to selftests (Christian Brauner)

   - remove secure_computing() argument (Christian Brauner)"

* tag 'seccomp-v5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  seccomp: rework define for SECCOMP_USER_NOTIF_FLAG_CONTINUE
  seccomp: fix SECCOMP_USER_NOTIF_FLAG_CONTINUE test
  seccomp: simplify secure_computing()
  seccomp: test SECCOMP_USER_NOTIF_FLAG_CONTINUE
  seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE
  seccomp: avoid overflow in implicit constant conversion

1  2 
arch/riscv/kernel/ptrace.c
tools/testing/selftests/seccomp/seccomp_bpf.c

index 0f84628b9385fc9db67cc1903c1ae83588d1dc36,3687514383669028d9717c35b956b21af5bb1c0e..407464201b91efe42fb3002bd78dd5498e729c55
@@@ -154,16 -154,6 +154,16 @@@ __visible void do_syscall_trace_enter(s
                if (tracehook_report_syscall_entry(regs))
                        syscall_set_nr(current, regs, -1);
  
-       if (secure_computing(NULL) == -1) {
 +      /*
 +       * Do the secure computing after ptrace; failures should be fast.
 +       * If this fails we might have return value in a0 from seccomp
 +       * (via SECCOMP_RET_ERRNO/TRACE).
 +       */
++      if (secure_computing() == -1) {
 +              syscall_set_nr(current, regs, -1);
 +              return;
 +      }
 +
  #ifdef CONFIG_HAVE_SYSCALL_TRACEPOINTS
        if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
                trace_sys_enter(regs, syscall_get_nr(current, regs));