--- v12
+++ v15
@@ -9,7 +9,15 @@
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: Thibaut Sautereau <thibaut.sautereau@ssi.gouv.fr>
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Link: https://lore.kernel.org/r/20211012192410.2356090-3-mic@digikod.net
---
+
+Changes since v13:
+* Add Reviewed-by Kees Cook.
+
+Changes since v12:
+* Update syscall IDs to align with the new ones.
Changes since v11:
* Add Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
@@ -47,195 +55,195 @@
19 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl
-index ee7b01bb7346..05e2232ba002 100644
+index e4a041cd5715..ee33f1631f6d 100644
--- a/arch/alpha/kernel/syscalls/syscall.tbl
+++ b/arch/alpha/kernel/syscalls/syscall.tbl
-@@ -480,3 +480,4 @@
- 548 common pidfd_getfd sys_pidfd_getfd
- 549 common faccessat2 sys_faccessat2
- 550 common process_madvise sys_process_madvise
-+553 common trusted_for sys_trusted_for
+@@ -488,3 +488,4 @@
+ 556 common landlock_restrict_self sys_landlock_restrict_self
+ # 557 reserved for memfd_secret
+ 558 common process_mrelease sys_process_mrelease
++559 common trusted_for sys_trusted_for
diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl
-index d056a548358e..2e54bae0b907 100644
+index e842209e135d..93edcdeda698 100644
--- a/arch/arm/tools/syscall.tbl
+++ b/arch/arm/tools/syscall.tbl
-@@ -454,3 +454,4 @@
- 438 common pidfd_getfd sys_pidfd_getfd
- 439 common faccessat2 sys_faccessat2
- 440 common process_madvise sys_process_madvise
-+443 common trusted_for sys_trusted_for
+@@ -462,3 +462,4 @@
+ 446 common landlock_restrict_self sys_landlock_restrict_self
+ # 447 reserved for memfd_secret
+ 448 common process_mrelease sys_process_mrelease
++449 common trusted_for sys_trusted_for
diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h
-index b3b2019f8d16..d1f7d35f986e 100644
+index 3cb206aea3db..6bdb5f5db438 100644
--- a/arch/arm64/include/asm/unistd.h
+++ b/arch/arm64/include/asm/unistd.h
@@ -38,7 +38,7 @@
#define __ARM_NR_compat_set_tls (__ARM_NR_COMPAT_BASE + 5)
#define __ARM_NR_COMPAT_END (__ARM_NR_COMPAT_BASE + 0x800)
--#define __NR_compat_syscalls 441
-+#define __NR_compat_syscalls 444
+-#define __NR_compat_syscalls 449
++#define __NR_compat_syscalls 450
#endif
#define __ARCH_WANT_SYS_CLONE
diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h
-index 107f08e03b9f..7f0e0fcd820c 100644
+index 844f6ae58662..3cb7df3a441c 100644
--- a/arch/arm64/include/asm/unistd32.h
+++ b/arch/arm64/include/asm/unistd32.h
-@@ -889,6 +889,8 @@ __SYSCALL(__NR_pidfd_getfd, sys_pidfd_getfd)
- __SYSCALL(__NR_faccessat2, sys_faccessat2)
- #define __NR_process_madvise 440
- __SYSCALL(__NR_process_madvise, sys_process_madvise)
-+#define __NR_trusted_for 443
+@@ -903,6 +903,8 @@ __SYSCALL(__NR_landlock_add_rule, sys_landlock_add_rule)
+ __SYSCALL(__NR_landlock_restrict_self, sys_landlock_restrict_self)
+ #define __NR_process_mrelease 448
+ __SYSCALL(__NR_process_mrelease, sys_process_mrelease)
++#define __NR_trusted_for 449
+__SYSCALL(__NR_trusted_for, sys_trusted_for)
/*
* Please add new compat syscalls above this comment and update
diff --git a/arch/ia64/kernel/syscalls/syscall.tbl b/arch/ia64/kernel/syscalls/syscall.tbl
-index b96ed8b8a508..777b23091b48 100644
+index 6fea1844fb95..50970d778005 100644
--- a/arch/ia64/kernel/syscalls/syscall.tbl
+++ b/arch/ia64/kernel/syscalls/syscall.tbl
-@@ -361,3 +361,4 @@
- 438 common pidfd_getfd sys_pidfd_getfd
- 439 common faccessat2 sys_faccessat2
- 440 common process_madvise sys_process_madvise
-+443 common trusted_for sys_trusted_for
+@@ -369,3 +369,4 @@
+ 446 common landlock_restrict_self sys_landlock_restrict_self
+ # 447 reserved for memfd_secret
+ 448 common process_mrelease sys_process_mrelease
++449 common trusted_for sys_trusted_for
diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl
-index 625fb6d32842..6705cd4ecdfb 100644
+index 7976dff8f879..caee4759d9f4 100644
--- a/arch/m68k/kernel/syscalls/syscall.tbl
+++ b/arch/m68k/kernel/syscalls/syscall.tbl
-@@ -440,3 +440,4 @@
- 438 common pidfd_getfd sys_pidfd_getfd
- 439 common faccessat2 sys_faccessat2
- 440 common process_madvise sys_process_madvise
-+443 common trusted_for sys_trusted_for
+@@ -448,3 +448,4 @@
+ 446 common landlock_restrict_self sys_landlock_restrict_self
+ # 447 reserved for memfd_secret
+ 448 common process_mrelease sys_process_mrelease
++449 common trusted_for sys_trusted_for
diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl
-index aae729c95cf9..02b7d13fc9ef 100644
+index 6b0e11362bd2..25761d27aa9e 100644
--- a/arch/microblaze/kernel/syscalls/syscall.tbl
+++ b/arch/microblaze/kernel/syscalls/syscall.tbl
-@@ -446,3 +446,4 @@
- 438 common pidfd_getfd sys_pidfd_getfd
- 439 common faccessat2 sys_faccessat2
- 440 common process_madvise sys_process_madvise
-+443 common trusted_for sys_trusted_for
+@@ -454,3 +454,4 @@
+ 446 common landlock_restrict_self sys_landlock_restrict_self
+ # 447 reserved for memfd_secret
+ 448 common process_mrelease sys_process_mrelease
++449 common trusted_for sys_trusted_for
diff --git a/arch/mips/kernel/syscalls/syscall_n32.tbl b/arch/mips/kernel/syscalls/syscall_n32.tbl
-index 32817c954435..d8e1bf91a1ab 100644
+index 70e32de2bcaa..5e61c18fa3df 100644
--- a/arch/mips/kernel/syscalls/syscall_n32.tbl
+++ b/arch/mips/kernel/syscalls/syscall_n32.tbl
-@@ -379,3 +379,4 @@
- 438 n32 pidfd_getfd sys_pidfd_getfd
- 439 n32 faccessat2 sys_faccessat2
- 440 n32 process_madvise sys_process_madvise
-+443 n32 trusted_for sys_trusted_for
+@@ -387,3 +387,4 @@
+ 446 n32 landlock_restrict_self sys_landlock_restrict_self
+ # 447 reserved for memfd_secret
+ 448 n32 process_mrelease sys_process_mrelease
++449 n32 trusted_for sys_trusted_for
diff --git a/arch/mips/kernel/syscalls/syscall_n64.tbl b/arch/mips/kernel/syscalls/syscall_n64.tbl
-index 9e4ea3c31b1c..35ac6d4d3286 100644
+index 1ca7bc337932..9a4928032039 100644
--- a/arch/mips/kernel/syscalls/syscall_n64.tbl
+++ b/arch/mips/kernel/syscalls/syscall_n64.tbl
-@@ -355,3 +355,4 @@
- 438 n64 pidfd_getfd sys_pidfd_getfd
- 439 n64 faccessat2 sys_faccessat2
- 440 n64 process_madvise sys_process_madvise
-+443 n64 trusted_for sys_trusted_for
+@@ -363,3 +363,4 @@
+ 446 n64 landlock_restrict_self sys_landlock_restrict_self
+ # 447 reserved for memfd_secret
+ 448 n64 process_mrelease sys_process_mrelease
++449 n64 trusted_for sys_trusted_for
diff --git a/arch/mips/kernel/syscalls/syscall_o32.tbl b/arch/mips/kernel/syscalls/syscall_o32.tbl
-index 29f5f28cf5ce..0bd1a85e2e4f 100644
+index a61c35edaa74..7fd966e720c2 100644
--- a/arch/mips/kernel/syscalls/syscall_o32.tbl
+++ b/arch/mips/kernel/syscalls/syscall_o32.tbl
-@@ -428,3 +428,4 @@
- 438 o32 pidfd_getfd sys_pidfd_getfd
- 439 o32 faccessat2 sys_faccessat2
- 440 o32 process_madvise sys_process_madvise
-+443 o32 trusted_for sys_trusted_for
+@@ -436,3 +436,4 @@
+ 446 o32 landlock_restrict_self sys_landlock_restrict_self
+ # 447 reserved for memfd_secret
+ 448 o32 process_mrelease sys_process_mrelease
++449 o32 trusted_for sys_trusted_for
diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl
-index f375ea528e59..8790d3c06afd 100644
+index bf751e0732b7..b43fe303922c 100644
--- a/arch/parisc/kernel/syscalls/syscall.tbl
+++ b/arch/parisc/kernel/syscalls/syscall.tbl
-@@ -438,3 +438,4 @@
- 438 common pidfd_getfd sys_pidfd_getfd
- 439 common faccessat2 sys_faccessat2
- 440 common process_madvise sys_process_madvise
-+443 common trusted_for sys_trusted_for
+@@ -446,3 +446,4 @@
+ 446 common landlock_restrict_self sys_landlock_restrict_self
+ # 447 reserved for memfd_secret
+ 448 common process_mrelease sys_process_mrelease
++449 common trusted_for sys_trusted_for
diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl
-index 1275daec7fec..29f2e70c26d1 100644
+index 7bef917cc84e..0de4795a4f85 100644
--- a/arch/powerpc/kernel/syscalls/syscall.tbl
+++ b/arch/powerpc/kernel/syscalls/syscall.tbl
-@@ -530,3 +530,4 @@
- 438 common pidfd_getfd sys_pidfd_getfd
- 439 common faccessat2 sys_faccessat2
- 440 common process_madvise sys_process_madvise
-+443 common trusted_for sys_trusted_for
+@@ -528,3 +528,4 @@
+ 446 common landlock_restrict_self sys_landlock_restrict_self
+ # 447 reserved for memfd_secret
+ 448 common process_mrelease sys_process_mrelease
++449 common trusted_for sys_trusted_for
diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl
-index 28c168000483..e4c0b060995f 100644
+index df5261e5cfe1..b524343bb67d 100644
--- a/arch/s390/kernel/syscalls/syscall.tbl
+++ b/arch/s390/kernel/syscalls/syscall.tbl
-@@ -443,3 +443,4 @@
- 438 common pidfd_getfd sys_pidfd_getfd sys_pidfd_getfd
- 439 common faccessat2 sys_faccessat2 sys_faccessat2
- 440 common process_madvise sys_process_madvise sys_process_madvise
-+443 common trusted_for sys_trusted_for sys_trusted_for
+@@ -451,3 +451,4 @@
+ 446 common landlock_restrict_self sys_landlock_restrict_self sys_landlock_restrict_self
+ # 447 reserved for memfd_secret
+ 448 common process_mrelease sys_process_mrelease sys_process_mrelease
++449 common trusted_for sys_trusted_for sys_trusted_for
diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl
-index 783738448ff5..d06b2f4e4ee4 100644
+index 208f131659c5..d4c925d83129 100644
--- a/arch/sh/kernel/syscalls/syscall.tbl
+++ b/arch/sh/kernel/syscalls/syscall.tbl
-@@ -443,3 +443,4 @@
- 438 common pidfd_getfd sys_pidfd_getfd
- 439 common faccessat2 sys_faccessat2
- 440 common process_madvise sys_process_madvise
-+443 common trusted_for sys_trusted_for
+@@ -451,3 +451,4 @@
+ 446 common landlock_restrict_self sys_landlock_restrict_self
+ # 447 reserved for memfd_secret
+ 448 common process_mrelease sys_process_mrelease
++449 common trusted_for sys_trusted_for
diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl
-index 78160260991b..e5360082fa97 100644
+index c37764dc764d..158bf1b028ac 100644
--- a/arch/sparc/kernel/syscalls/syscall.tbl
+++ b/arch/sparc/kernel/syscalls/syscall.tbl
-@@ -486,3 +486,4 @@
- 438 common pidfd_getfd sys_pidfd_getfd
- 439 common faccessat2 sys_faccessat2
- 440 common process_madvise sys_process_madvise
-+443 common trusted_for sys_trusted_for
+@@ -494,3 +494,4 @@
+ 446 common landlock_restrict_self sys_landlock_restrict_self
+ # 447 reserved for memfd_secret
+ 448 common process_mrelease sys_process_mrelease
++449 common trusted_for sys_trusted_for
diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl
-index 0d0667a9fbd7..d535ac0d9e04 100644
+index 960a021d543e..a9eda13c86cd 100644
--- a/arch/x86/entry/syscalls/syscall_32.tbl
+++ b/arch/x86/entry/syscalls/syscall_32.tbl
-@@ -445,3 +445,4 @@
- 438 i386 pidfd_getfd sys_pidfd_getfd
- 439 i386 faccessat2 sys_faccessat2
- 440 i386 process_madvise sys_process_madvise
-+443 i386 trusted_for sys_trusted_for
+@@ -453,3 +453,4 @@
+ 446 i386 landlock_restrict_self sys_landlock_restrict_self
+ 447 i386 memfd_secret sys_memfd_secret
+ 448 i386 process_mrelease sys_process_mrelease
++449 i386 trusted_for sys_trusted_for
diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl
-index 379819244b91..c61b22ff15fc 100644
+index 18b5500ea8bf..c352f1b200ee 100644
--- a/arch/x86/entry/syscalls/syscall_64.tbl
+++ b/arch/x86/entry/syscalls/syscall_64.tbl
-@@ -362,6 +362,7 @@
- 438 common pidfd_getfd sys_pidfd_getfd
- 439 common faccessat2 sys_faccessat2
- 440 common process_madvise sys_process_madvise
-+443 common trusted_for sys_trusted_for
+@@ -370,6 +370,7 @@
+ 446 common landlock_restrict_self sys_landlock_restrict_self
+ 447 common memfd_secret sys_memfd_secret
+ 448 common process_mrelease sys_process_mrelease
++449 common trusted_for sys_trusted_for
#
# Due to a historical design error, certain syscalls are numbered differently
diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl
-index b070f272995d..6ce67ce5eb7f 100644
+index 104b327f8ac9..f26a1313a055 100644
--- a/arch/xtensa/kernel/syscalls/syscall.tbl
+++ b/arch/xtensa/kernel/syscalls/syscall.tbl
-@@ -411,3 +411,4 @@
- 438 common pidfd_getfd sys_pidfd_getfd
- 439 common faccessat2 sys_faccessat2
- 440 common process_madvise sys_process_madvise
-+443 common trusted_for sys_trusted_for
+@@ -419,3 +419,4 @@
+ 446 common landlock_restrict_self sys_landlock_restrict_self
+ # 447 reserved for memfd_secret
+ 448 common process_mrelease sys_process_mrelease
++449 common trusted_for sys_trusted_for
diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h
-index 2056318988f7..f920999d5ddc 100644
+index 1c5fb86d455a..67b4bebe7c87 100644
--- a/include/uapi/asm-generic/unistd.h
+++ b/include/uapi/asm-generic/unistd.h
-@@ -859,9 +859,11 @@ __SYSCALL(__NR_pidfd_getfd, sys_pidfd_getfd)
- __SYSCALL(__NR_faccessat2, sys_faccessat2)
- #define __NR_process_madvise 440
- __SYSCALL(__NR_process_madvise, sys_process_madvise)
-+#define __NR_trusted_for 443
+@@ -879,9 +879,11 @@ __SYSCALL(__NR_memfd_secret, sys_memfd_secret)
+ #endif
+ #define __NR_process_mrelease 448
+ __SYSCALL(__NR_process_mrelease, sys_process_mrelease)
++#define __NR_trusted_for 449
+__SYSCALL(__NR_trusted_for, sys_trusted_for)
#undef __NR_syscalls
--#define __NR_syscalls 441
-+#define __NR_syscalls 444
+-#define __NR_syscalls 449
++#define __NR_syscalls 450
/*
* 32 bit systems traditionally used different
--
-2.29.2
-
+2.32.0
+