mirror of
https://github.com/torvalds/linux.git
synced 2024-11-10 14:11:52 +00:00
6baaade155
Add secure_computing() call to syscall_trace_enter to actually filter system calls. Add necessary arch Kconfig options, define TIF_SECCOMP trace flag and provide basic seccomp filter support in asm/syscall.h syscall_get_nr currently uses the syscall nr stored in orig_d0 because we change d0 to a default return code before starting a syscall trace. This may be inconsistent with syscall_rollback copying orig_d0 to d0 (which we never check upon return from trace). We use d0 for the return code from syscall_trace_enter in entry.S currently, and could perhaps expand that to store a new syscall number returned by the seccomp filter before executing the syscall. This clearly needs some discussion. seccomp_bpf self test on ARAnyM passes 81 out of 94 tests. Signed-off-by: Michael Schmitz <schmitzmic@gmail.com> Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org> Link: https://lore.kernel.org/r/20230112035529.13521-3-schmitzmic@gmail.com Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> |
||
|---|---|---|
| .. | ||
| core | ||
| debug | ||
| io/dma-contiguous | ||
| locking | ||
| perf | ||
| sched | ||
| scripts | ||
| seccomp/seccomp-filter | ||
| time | ||
| vm | ||
| arch-support.txt | ||
| list-arch.sh | ||