[PATCH v4 2/3] powerpc: Relax secure computing on syscall entry trace

[PATCH v4 0/3] powerpc: Enable seccomp filter support · Bogdan Purcareata <hidden> · 2015-02-18
[PATCH v4 1/3] powerpc: Don't force ENOSYS as error on syscall fail · Bogdan Purcareata <hidden> · 2015-02-18
[PATCH v4 3/3] powerpc: Enable HAVE_ARCH_SECCOMP_FILTER · Bogdan Purcareata <hidden> · 2015-02-18
[PATCH v4 2/3] powerpc: Relax secure computing on syscall entry trace · Bogdan Purcareata <hidden> · 2015-02-18
Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support · Purcareata Bogdan <hidden> · 2015-02-27
Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support · Benjamin Herrenschmidt <benh@kernel.crashing.org> · 2015-02-27
Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support · Purcareata Bogdan <hidden> · 2015-03-09
Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support · Purcareata Bogdan <hidden> · 2015-03-23
Re: [PATCH v4 0/3] powerpc: Enable seccomp filter support · Michael Ellerman <mpe@ellerman.id.au> · 2015-03-25

From: Bogdan Purcareata <hidden>
Date: 2015-02-18 08:31:21
Also in: lkml
Subsystem: linux for powerpc (32-bit and 64-bit), ptrace support, the rest · Maintainers: Madhavan Srinivasan, Michael Ellerman, Oleg Nesterov, Linus Torvalds

The secure_computing_strict will just force the kernel to panic on
secure_computing failure. Once SECCOMP_FILTER support is enabled in the kernel,
syscalls can be denied without system failure.

v4:
- rebase on top of 3.19

v3,v2: no changes

Signed-off-by: Bogdan Purcareata <redacted>
---
 arch/powerpc/kernel/ptrace.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index 2edae06..cb9fd33 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c

@@ -1772,7 +1772,9 @@ long do_syscall_trace_enter(struct pt_regs *regs)
 
 	user_exit();
 
-	secure_computing_strict(regs->gpr[0]);
+	/* Do the secure computing check first; failures should be fast. */
+	if (secure_computing() == -1)
+		return -1L;
 
 	if (test_thread_flag(TIF_SYSCALL_TRACE) &&
 	    tracehook_report_syscall_entry(regs)) {

-- 
2.1.4

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help