diff options
author | Helge Deller <deller@gmx.de> | 2014-08-27 14:39:56 +0200 |
---|---|---|
committer | Helge Deller <deller@gmx.de> | 2014-08-27 14:39:56 +0200 |
commit | c90f06943e05519a87140dc407cf589c220aeedf (patch) | |
tree | e2ae9c471881462dba751849fc1ea0a53dc36168 /arch/parisc/kernel | |
parent | 3335f75a8877ac50f27510cda1368108bca0f151 (diff) | |
download | op-kernel-dev-c90f06943e05519a87140dc407cf589c220aeedf.zip op-kernel-dev-c90f06943e05519a87140dc407cf589c220aeedf.tar.gz |
parisc: Wire up seccomp, getrandom and memfd_create syscalls
With secure computing we only support the SECCOMP_MODE_STRICT mode for
now.
Signed-off-by: Helge Deller <deller@gmx.de>
Diffstat (limited to 'arch/parisc/kernel')
-rw-r--r-- | arch/parisc/kernel/ptrace.c | 6 | ||||
-rw-r--r-- | arch/parisc/kernel/syscall_table.S | 3 |
2 files changed, 9 insertions, 0 deletions
diff --git a/arch/parisc/kernel/ptrace.c b/arch/parisc/kernel/ptrace.c index e842ee2..3bab724 100644 --- a/arch/parisc/kernel/ptrace.c +++ b/arch/parisc/kernel/ptrace.c @@ -270,6 +270,12 @@ long do_syscall_trace_enter(struct pt_regs *regs) { long ret = 0; + /* Do the secure computing check first. */ + if (secure_computing(regs->gr[20])) { + /* seccomp failures shouldn't expose any additional code. */ + return -1; + } + if (test_thread_flag(TIF_SYSCALL_TRACE) && tracehook_report_syscall_entry(regs)) ret = -1L; diff --git a/arch/parisc/kernel/syscall_table.S b/arch/parisc/kernel/syscall_table.S index 84c5d3a..b563d9c 100644 --- a/arch/parisc/kernel/syscall_table.S +++ b/arch/parisc/kernel/syscall_table.S @@ -433,6 +433,9 @@ ENTRY_SAME(sched_getattr) /* 335 */ ENTRY_COMP(utimes) ENTRY_SAME(renameat2) + ENTRY_SAME(seccomp) + ENTRY_SAME(getrandom) + ENTRY_SAME(memfd_create) /* 340 */ /* Nothing yet */ |