git.maquefel.me Git - linux.git/commit

author	Michael Schmitz <schmitzmic@gmail.com>
	Thu, 12 Jan 2023 03:55:28 +0000 (16:55 +1300)
committer	Geert Uytterhoeven <geert@linux-m68k.org>
	Mon, 30 Jan 2023 15:40:15 +0000 (16:40 +0100)
commit	6baaade15594b28195da369962208b1f658e7342
tree	52b25795388cc48527daad004758e1d7d539315c	tree \| snapshot
parent	2ca8a1de4437f21562e57f9ac123914747a8e7a1	commit \| diff

m68k: Add kernel seccomp support

Add secure_computing() call to syscall_trace_enter to actually
filter system calls.

Add necessary arch Kconfig options, define TIF_SECCOMP trace
flag and provide basic seccomp filter support in asm/syscall.h

syscall_get_nr currently uses the syscall nr stored in orig_d0
because we change d0 to a default return code before starting a
syscall trace. This may be inconsistent with syscall_rollback
copying orig_d0 to d0 (which we never check upon return from
trace). We use d0 for the return code from syscall_trace_enter
in entry.S currently, and could perhaps expand that to store
a new syscall number returned by the seccomp filter before
executing the syscall. This clearly needs some discussion.

seccomp_bpf self test on ARAnyM passes 81 out of 94 tests.

Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
Link: https://lore.kernel.org/r/20230112035529.13521-3-schmitzmic@gmail.com
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>

Documentation/features/seccomp/seccomp-filter/arch-support.txt		diff \| blob \| history
arch/m68k/Kconfig		diff \| blob \| history
arch/m68k/include/asm/seccomp.h	[new file with mode: 0644]	blob
arch/m68k/include/asm/syscall.h		diff \| blob \| history
arch/m68k/include/asm/thread_info.h		diff \| blob \| history
arch/m68k/kernel/entry.S		diff \| blob \| history
arch/m68k/kernel/ptrace.c		diff \| blob \| history