Programming Languages Research Group: Git - firefly-linux-kernel-4.4.55.git/commit

author	Kees Cook <keescook@chromium.org>
	Wed, 25 Jun 2014 23:08:24 +0000 (16:08 -0700)
committer	JP Abgrall <jpa@google.com>
	Thu, 28 Aug 2014 01:51:54 +0000 (01:51 +0000)
commit	a75a29b16e1f3eb2afcb9b2567edfc4cd8899635
tree	6ff23d6e6711cba6c7e64f2d786a992fbf50f98b	tree \| snapshot
parent	1a63bcec4fb055acbed31a5cf1cc40e968cf0664	commit \| diff

seccomp: add "seccomp" syscall

This adds the new "seccomp" syscall with both an "operation" and "flags"
parameter for future expansion. The third argument is a pointer value,
used with the SECCOMP_SET_MODE_FILTER operation. Currently, flags must
be 0. This is functionally equivalent to prctl(PR_SET_SECCOMP, ...).

In addition to the TSYNC flag later in this patch series, there is a
non-zero chance that this syscall could be used for configuring a fixed
argument area for seccomp-tracer-aware processes to pass syscall arguments
in the future. Hence, the use of "seccomp" not simply "seccomp_add_filter"
for this syscall. Additionally, this syscall uses operation, flags,
and user pointer for arguments because strictly passing arguments via
a user pointer would mean seccomp itself would be unable to trivially
filter the seccomp syscall itself.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Conflicts:
arch/x86/syscalls/syscall_32.tbl
arch/x86/syscalls/syscall_64.tbl
include/uapi/asm-generic/unistd.h
kernel/seccomp.c

Change-Id: Id7a365079829fd9164315dec75d6ee415c29b176

arch/Kconfig		diff \| blob \| history
arch/x86/syscalls/syscall_32.tbl		diff \| blob \| history
arch/x86/syscalls/syscall_64.tbl		diff \| blob \| history
include/linux/syscalls.h		diff \| blob \| history
include/uapi/asm-generic/unistd.h		diff \| blob \| history
include/uapi/linux/seccomp.h		diff \| blob \| history
kernel/seccomp.c		diff \| blob \| history
kernel/sys_ni.c		diff \| blob \| history