--- v14
+++ v11
@@ -2,27 +2,14 @@
Wire up trusted_for(2) for all architectures.
+Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
+Reviewed-by: Thibaut Sautereau <thibaut.sautereau@ssi.gouv.fr>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Kees Cook <keescook@chromium.org>
-Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
-Reviewed-by: Thibaut Sautereau <thibaut.sautereau@ssi.gouv.fr>
-Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
-Reviewed-by: Kees Cook <keescook@chromium.org>
-Link: https://lore.kernel.org/r/20211008104840.1733385-3-mic@digikod.net
+Cc: Vincent Strubel <vincent.strubel@ssi.gouv.fr>
---
-
-Changes since v13:
-* Add Reviewed-by Kees Cook.
-
-Changes since v12:
-* Update syscall IDs to align with the new ones.
-
-Changes since v11:
-* Add Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
-* Rebase and leave space for watch_mount(2) and epoll_pwait2(2) from
- -next.
Changes since v9:
* Rename introspect_access(2) to trusted_for(2).
@@ -55,195 +42,195 @@
19 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl
-index e4a041cd5715..ee33f1631f6d 100644
+index ec8bed9e7b75..0175cfc0f66f 100644
--- a/arch/alpha/kernel/syscalls/syscall.tbl
+++ b/arch/alpha/kernel/syscalls/syscall.tbl
-@@ -488,3 +488,4 @@
- 556 common landlock_restrict_self sys_landlock_restrict_self
- # 557 reserved for memfd_secret
- 558 common process_mrelease sys_process_mrelease
-+559 common trusted_for sys_trusted_for
+@@ -479,3 +479,4 @@
+ 547 common openat2 sys_openat2
+ 548 common pidfd_getfd sys_pidfd_getfd
+ 549 common faccessat2 sys_faccessat2
++553 common trusted_for sys_trusted_for
diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl
-index e842209e135d..93edcdeda698 100644
+index 171077cbf419..db9c8d35e75b 100644
--- a/arch/arm/tools/syscall.tbl
+++ b/arch/arm/tools/syscall.tbl
-@@ -462,3 +462,4 @@
- 446 common landlock_restrict_self sys_landlock_restrict_self
- # 447 reserved for memfd_secret
- 448 common process_mrelease sys_process_mrelease
-+449 common trusted_for sys_trusted_for
+@@ -453,3 +453,4 @@
+ 437 common openat2 sys_openat2
+ 438 common pidfd_getfd sys_pidfd_getfd
+ 439 common faccessat2 sys_faccessat2
++443 common trusted_for sys_trusted_for
diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h
-index 3cb206aea3db..6bdb5f5db438 100644
+index 3b859596840d..d1f7d35f986e 100644
--- a/arch/arm64/include/asm/unistd.h
+++ b/arch/arm64/include/asm/unistd.h
@@ -38,7 +38,7 @@
#define __ARM_NR_compat_set_tls (__ARM_NR_COMPAT_BASE + 5)
#define __ARM_NR_COMPAT_END (__ARM_NR_COMPAT_BASE + 0x800)
--#define __NR_compat_syscalls 449
-+#define __NR_compat_syscalls 450
+-#define __NR_compat_syscalls 440
++#define __NR_compat_syscalls 444
#endif
#define __ARCH_WANT_SYS_CLONE
diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h
-index 844f6ae58662..3cb7df3a441c 100644
+index 734860ac7cf9..33716dd2c04c 100644
--- a/arch/arm64/include/asm/unistd32.h
+++ b/arch/arm64/include/asm/unistd32.h
-@@ -903,6 +903,8 @@ __SYSCALL(__NR_landlock_add_rule, sys_landlock_add_rule)
- __SYSCALL(__NR_landlock_restrict_self, sys_landlock_restrict_self)
- #define __NR_process_mrelease 448
- __SYSCALL(__NR_process_mrelease, sys_process_mrelease)
-+#define __NR_trusted_for 449
+@@ -887,6 +887,8 @@ __SYSCALL(__NR_openat2, sys_openat2)
+ __SYSCALL(__NR_pidfd_getfd, sys_pidfd_getfd)
+ #define __NR_faccessat2 439
+ __SYSCALL(__NR_faccessat2, sys_faccessat2)
++#define __NR_trusted_for 443
+__SYSCALL(__NR_trusted_for, sys_trusted_for)
/*
* Please add new compat syscalls above this comment and update
diff --git a/arch/ia64/kernel/syscalls/syscall.tbl b/arch/ia64/kernel/syscalls/syscall.tbl
-index 6fea1844fb95..50970d778005 100644
+index f52a41f4c340..68e56436b611 100644
--- a/arch/ia64/kernel/syscalls/syscall.tbl
+++ b/arch/ia64/kernel/syscalls/syscall.tbl
-@@ -369,3 +369,4 @@
- 446 common landlock_restrict_self sys_landlock_restrict_self
- # 447 reserved for memfd_secret
- 448 common process_mrelease sys_process_mrelease
-+449 common trusted_for sys_trusted_for
+@@ -360,3 +360,4 @@
+ 437 common openat2 sys_openat2
+ 438 common pidfd_getfd sys_pidfd_getfd
+ 439 common faccessat2 sys_faccessat2
++443 common trusted_for sys_trusted_for
diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl
-index 7976dff8f879..caee4759d9f4 100644
+index 81fc799d8392..67f0bc2fc4d0 100644
--- a/arch/m68k/kernel/syscalls/syscall.tbl
+++ b/arch/m68k/kernel/syscalls/syscall.tbl
-@@ -448,3 +448,4 @@
- 446 common landlock_restrict_self sys_landlock_restrict_self
- # 447 reserved for memfd_secret
- 448 common process_mrelease sys_process_mrelease
-+449 common trusted_for sys_trusted_for
+@@ -439,3 +439,4 @@
+ 437 common openat2 sys_openat2
+ 438 common pidfd_getfd sys_pidfd_getfd
+ 439 common faccessat2 sys_faccessat2
++443 common trusted_for sys_trusted_for
diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl
-index 6b0e11362bd2..25761d27aa9e 100644
+index b4e263916f41..acd3057886b7 100644
--- a/arch/microblaze/kernel/syscalls/syscall.tbl
+++ b/arch/microblaze/kernel/syscalls/syscall.tbl
-@@ -454,3 +454,4 @@
- 446 common landlock_restrict_self sys_landlock_restrict_self
- # 447 reserved for memfd_secret
- 448 common process_mrelease sys_process_mrelease
-+449 common trusted_for sys_trusted_for
+@@ -445,3 +445,4 @@
+ 437 common openat2 sys_openat2
+ 438 common pidfd_getfd sys_pidfd_getfd
+ 439 common faccessat2 sys_faccessat2
++443 common trusted_for sys_trusted_for
diff --git a/arch/mips/kernel/syscalls/syscall_n32.tbl b/arch/mips/kernel/syscalls/syscall_n32.tbl
-index 70e32de2bcaa..5e61c18fa3df 100644
+index f9df9edb67a4..8164dc51ebf8 100644
--- a/arch/mips/kernel/syscalls/syscall_n32.tbl
+++ b/arch/mips/kernel/syscalls/syscall_n32.tbl
-@@ -387,3 +387,4 @@
- 446 n32 landlock_restrict_self sys_landlock_restrict_self
- # 447 reserved for memfd_secret
- 448 n32 process_mrelease sys_process_mrelease
-+449 n32 trusted_for sys_trusted_for
+@@ -378,3 +378,4 @@
+ 437 n32 openat2 sys_openat2
+ 438 n32 pidfd_getfd sys_pidfd_getfd
+ 439 n32 faccessat2 sys_faccessat2
++443 n32 trusted_for sys_trusted_for
diff --git a/arch/mips/kernel/syscalls/syscall_n64.tbl b/arch/mips/kernel/syscalls/syscall_n64.tbl
-index 1ca7bc337932..9a4928032039 100644
+index 557f9954a2b9..28bc5bb76987 100644
--- a/arch/mips/kernel/syscalls/syscall_n64.tbl
+++ b/arch/mips/kernel/syscalls/syscall_n64.tbl
-@@ -363,3 +363,4 @@
- 446 n64 landlock_restrict_self sys_landlock_restrict_self
- # 447 reserved for memfd_secret
- 448 n64 process_mrelease sys_process_mrelease
-+449 n64 trusted_for sys_trusted_for
+@@ -354,3 +354,4 @@
+ 437 n64 openat2 sys_openat2
+ 438 n64 pidfd_getfd sys_pidfd_getfd
+ 439 n64 faccessat2 sys_faccessat2
++443 n64 trusted_for sys_trusted_for
diff --git a/arch/mips/kernel/syscalls/syscall_o32.tbl b/arch/mips/kernel/syscalls/syscall_o32.tbl
-index a61c35edaa74..7fd966e720c2 100644
+index 195b43cf27c8..6a62cc5b4999 100644
--- a/arch/mips/kernel/syscalls/syscall_o32.tbl
+++ b/arch/mips/kernel/syscalls/syscall_o32.tbl
-@@ -436,3 +436,4 @@
- 446 o32 landlock_restrict_self sys_landlock_restrict_self
- # 447 reserved for memfd_secret
- 448 o32 process_mrelease sys_process_mrelease
-+449 o32 trusted_for sys_trusted_for
+@@ -427,3 +427,4 @@
+ 437 o32 openat2 sys_openat2
+ 438 o32 pidfd_getfd sys_pidfd_getfd
+ 439 o32 faccessat2 sys_faccessat2
++443 o32 trusted_for sys_trusted_for
diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl
-index bf751e0732b7..b43fe303922c 100644
+index def64d221cd4..654707acfa6c 100644
--- a/arch/parisc/kernel/syscalls/syscall.tbl
+++ b/arch/parisc/kernel/syscalls/syscall.tbl
-@@ -446,3 +446,4 @@
- 446 common landlock_restrict_self sys_landlock_restrict_self
- # 447 reserved for memfd_secret
- 448 common process_mrelease sys_process_mrelease
-+449 common trusted_for sys_trusted_for
+@@ -437,3 +437,4 @@
+ 437 common openat2 sys_openat2
+ 438 common pidfd_getfd sys_pidfd_getfd
+ 439 common faccessat2 sys_faccessat2
++443 common trusted_for sys_trusted_for
diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl
-index 7bef917cc84e..0de4795a4f85 100644
+index c2d737ff2e7b..eb1c6d7655e6 100644
--- a/arch/powerpc/kernel/syscalls/syscall.tbl
+++ b/arch/powerpc/kernel/syscalls/syscall.tbl
-@@ -528,3 +528,4 @@
- 446 common landlock_restrict_self sys_landlock_restrict_self
- # 447 reserved for memfd_secret
- 448 common process_mrelease sys_process_mrelease
-+449 common trusted_for sys_trusted_for
+@@ -529,3 +529,4 @@
+ 437 common openat2 sys_openat2
+ 438 common pidfd_getfd sys_pidfd_getfd
+ 439 common faccessat2 sys_faccessat2
++443 common trusted_for sys_trusted_for
diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl
-index df5261e5cfe1..b524343bb67d 100644
+index 10456bc936fb..6e77640e2976 100644
--- a/arch/s390/kernel/syscalls/syscall.tbl
+++ b/arch/s390/kernel/syscalls/syscall.tbl
-@@ -451,3 +451,4 @@
- 446 common landlock_restrict_self sys_landlock_restrict_self sys_landlock_restrict_self
- # 447 reserved for memfd_secret
- 448 common process_mrelease sys_process_mrelease sys_process_mrelease
-+449 common trusted_for sys_trusted_for sys_trusted_for
+@@ -442,3 +442,4 @@
+ 437 common openat2 sys_openat2 sys_openat2
+ 438 common pidfd_getfd sys_pidfd_getfd sys_pidfd_getfd
+ 439 common faccessat2 sys_faccessat2 sys_faccessat2
++443 common trusted_for sys_trusted_for sys_trusted_for
diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl
-index 208f131659c5..d4c925d83129 100644
+index ae0a00beea5f..f5fd0d63b43b 100644
--- a/arch/sh/kernel/syscalls/syscall.tbl
+++ b/arch/sh/kernel/syscalls/syscall.tbl
-@@ -451,3 +451,4 @@
- 446 common landlock_restrict_self sys_landlock_restrict_self
- # 447 reserved for memfd_secret
- 448 common process_mrelease sys_process_mrelease
-+449 common trusted_for sys_trusted_for
+@@ -442,3 +442,4 @@
+ 437 common openat2 sys_openat2
+ 438 common pidfd_getfd sys_pidfd_getfd
+ 439 common faccessat2 sys_faccessat2
++443 common trusted_for sys_trusted_for
diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl
-index c37764dc764d..158bf1b028ac 100644
+index 4af114e84f20..70806eb828b8 100644
--- a/arch/sparc/kernel/syscalls/syscall.tbl
+++ b/arch/sparc/kernel/syscalls/syscall.tbl
-@@ -494,3 +494,4 @@
- 446 common landlock_restrict_self sys_landlock_restrict_self
- # 447 reserved for memfd_secret
- 448 common process_mrelease sys_process_mrelease
-+449 common trusted_for sys_trusted_for
+@@ -485,3 +485,4 @@
+ 437 common openat2 sys_openat2
+ 438 common pidfd_getfd sys_pidfd_getfd
+ 439 common faccessat2 sys_faccessat2
++443 common trusted_for sys_trusted_for
diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl
-index 960a021d543e..a9eda13c86cd 100644
+index 9d1102873666..a0824f88fcfb 100644
--- a/arch/x86/entry/syscalls/syscall_32.tbl
+++ b/arch/x86/entry/syscalls/syscall_32.tbl
-@@ -453,3 +453,4 @@
- 446 i386 landlock_restrict_self sys_landlock_restrict_self
- 447 i386 memfd_secret sys_memfd_secret
- 448 i386 process_mrelease sys_process_mrelease
-+449 i386 trusted_for sys_trusted_for
+@@ -444,3 +444,4 @@
+ 437 i386 openat2 sys_openat2
+ 438 i386 pidfd_getfd sys_pidfd_getfd
+ 439 i386 faccessat2 sys_faccessat2
++443 i386 trusted_for sys_trusted_for
diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl
-index 18b5500ea8bf..c352f1b200ee 100644
+index f30d6ae9a688..0b0ce536acf1 100644
--- a/arch/x86/entry/syscalls/syscall_64.tbl
+++ b/arch/x86/entry/syscalls/syscall_64.tbl
-@@ -370,6 +370,7 @@
- 446 common landlock_restrict_self sys_landlock_restrict_self
- 447 common memfd_secret sys_memfd_secret
- 448 common process_mrelease sys_process_mrelease
-+449 common trusted_for sys_trusted_for
+@@ -361,6 +361,7 @@
+ 437 common openat2 sys_openat2
+ 438 common pidfd_getfd sys_pidfd_getfd
+ 439 common faccessat2 sys_faccessat2
++443 common trusted_for sys_trusted_for
#
- # Due to a historical design error, certain syscalls are numbered differently
+ # x32-specific system call numbers start at 512 to avoid cache impact
diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl
-index 104b327f8ac9..f26a1313a055 100644
+index 6276e3c2d3fc..22fd070f2565 100644
--- a/arch/xtensa/kernel/syscalls/syscall.tbl
+++ b/arch/xtensa/kernel/syscalls/syscall.tbl
-@@ -419,3 +419,4 @@
- 446 common landlock_restrict_self sys_landlock_restrict_self
- # 447 reserved for memfd_secret
- 448 common process_mrelease sys_process_mrelease
-+449 common trusted_for sys_trusted_for
+@@ -410,3 +410,4 @@
+ 437 common openat2 sys_openat2
+ 438 common pidfd_getfd sys_pidfd_getfd
+ 439 common faccessat2 sys_faccessat2
++443 common trusted_for sys_trusted_for
diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h
-index 1c5fb86d455a..67b4bebe7c87 100644
+index 995b36c2ea7d..6b55804d9df9 100644
--- a/include/uapi/asm-generic/unistd.h
+++ b/include/uapi/asm-generic/unistd.h
-@@ -879,9 +879,11 @@ __SYSCALL(__NR_memfd_secret, sys_memfd_secret)
- #endif
- #define __NR_process_mrelease 448
- __SYSCALL(__NR_process_mrelease, sys_process_mrelease)
-+#define __NR_trusted_for 449
+@@ -859,9 +859,11 @@ __SYSCALL(__NR_openat2, sys_openat2)
+ __SYSCALL(__NR_pidfd_getfd, sys_pidfd_getfd)
+ #define __NR_faccessat2 439
+ __SYSCALL(__NR_faccessat2, sys_faccessat2)
++#define __NR_trusted_for 443
+__SYSCALL(__NR_trusted_for, sys_trusted_for)
#undef __NR_syscalls
--#define __NR_syscalls 449
-+#define __NR_syscalls 450
+-#define __NR_syscalls 440
++#define __NR_syscalls 444
/*
* 32 bit systems traditionally used different
--
-2.32.0
-
+2.28.0
+