sh: Add SECCOMP_FILTER

Port sh to use the new SECCOMP_FILTER code.

Signed-off-by: Michael Karcher <kernel@mkarcher.dialup.fu-berlin.de>
Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Rich Felker <dalias@libc.org>

diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
index f86326b35b5105382066e531552cba4e637ce9f5..d20927128fce05b7e6e997733ce0336a82124e97 100644 (file)
--- a/arch/sh/Kconfig
+++ b/arch/sh/Kconfig
@@ -28,6 +28,7 @@ config SUPERH
        select GUP_GET_PTE_LOW_HIGH if X2TLB
        select HAVE_ARCH_AUDITSYSCALL
        select HAVE_ARCH_KGDB
+       select HAVE_ARCH_SECCOMP_FILTER
        select HAVE_ARCH_TRACEHOOK
        select HAVE_COPY_THREAD_TLS
        select HAVE_DEBUG_BUGVERBOSE

diff --git a/arch/sh/kernel/entry-common.S b/arch/sh/kernel/entry-common.S
index c4d88d61890d6596aadeba63f7e93ecd96e87c9b..ad963104d22d47fd2afdfb21bf135d4ded22921d 100644 (file)
--- a/arch/sh/kernel/entry-common.S
+++ b/arch/sh/kernel/entry-common.S
@@ -368,6 +368,8 @@ syscall_trace_entry:
        mov.l   7f, r11         ! Call do_syscall_trace_enter which notifies
        jsr     @r11            ! superior (will chomp R[0-7])
         nop
+       cmp/eq  #-1, r0
+       bt      syscall_exit
        mov.l   r0, @(OFF_R0,r15)       ! Save return value
        !                       Reload R0-R4 from kernel stack, where the
        !                       parent may have modified them using

diff --git a/arch/sh/kernel/ptrace_32.c b/arch/sh/kernel/ptrace_32.c
index 64bfb714943e2342a3bce06df689eb0e752f7bb3..25ccfbd02bfa08745f559cc4e5ff29fea57479cb 100644 (file)
--- a/arch/sh/kernel/ptrace_32.c
+++ b/arch/sh/kernel/ptrace_32.c
@@ -485,8 +485,6 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
 {
        long ret = 0;
 
-       secure_computing_strict(regs->regs[0]);
-
        if (test_thread_flag(TIF_SYSCALL_TRACE) &&
            tracehook_report_syscall_entry(regs))
                /*
@@ -496,6 +494,9 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
                 */
                ret = -1L;
 
+       if (secure_computing() == -1)
+               return -1;
+
        if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
                trace_sys_enter(regs, regs->regs[0]);
 

diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 252140a525531463cc2872a2ec3d7500fe06f4e8..6eb21685c88f28ae71f8d2f6622847d84144c61d 100644 (file)
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -122,6 +122,8 @@ struct seccomp_data {
 #  define __NR_seccomp 358
 # elif defined(__s390__)
 #  define __NR_seccomp 348
+# elif defined(__sh__)
+#  define __NR_seccomp 372
 # else
 #  warning "seccomp syscall number unknown for this architecture"
 #  define __NR_seccomp 0xffff
@@ -1622,6 +1624,10 @@ TEST_F(TRACE_poke, getpid_runs_normally)
 # define SYSCALL_SYSCALL_NUM regs[4]
 # define SYSCALL_RET   regs[2]
 # define SYSCALL_NUM_RET_SHARE_REG
+#elif defined(__sh__)
+# define ARCH_REGS     struct pt_regs
+# define SYSCALL_NUM   gpr[3]
+# define SYSCALL_RET   gpr[0]
 #else
 # error "Do not know how to find your architecture's registers and syscalls"
 #endif
@@ -1693,7 +1699,7 @@ void change_syscall(struct __test_metadata *_metadata,
        EXPECT_EQ(0, ret) {}
 
 #if defined(__x86_64__) || defined(__i386__) || defined(__powerpc__) || \
-       defined(__s390__) || defined(__hppa__) || defined(__riscv)
+       defined(__s390__) || defined(__hppa__) || defined(__riscv) || defined(__sh__)
        {
                regs.SYSCALL_NUM = syscall;
        }