From: Matt Redfearn <matt.redfearn@imgtec.com>
To: IMG-MIPSLinuxKerneldevelopers@imgtec.com
Cc: Matt Redfearn <matt.redfearn@imgtec.com>,
linux-arch@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org,
Andy Lutomirski <luto@amacapital.net>,
Will Drewry <wad@chromium.org>
Subject: [PATCH v2 4/6] seccomp: Get compat syscalls from asm-generic header
Date: Tue, 29 Mar 2016 09:35:32 +0100 [thread overview]
Message-ID: <1459240534-8658-5-git-send-email-matt.redfearn@imgtec.com> (raw)
Message-ID: <20160329083532.qX6r2_ahF8P9OBzlXQKoTI04-d0HZprgnAQyPGbpMio@z> (raw)
In-Reply-To: <1459240534-8658-1-git-send-email-matt.redfearn@imgtec.com>
Move retrieval of compat syscall numbers into inline function defined in
asm-generic header so that arches may override it.
Suggested-by: Paul Burton <paul.burton@imgtec.com>
Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
---
Changes in v2: None
include/asm-generic/seccomp.h | 14 ++++++++++++++
kernel/seccomp.c | 9 +--------
2 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/include/asm-generic/seccomp.h b/include/asm-generic/seccomp.h
index c9ccafa0d99a..e74072d23e69 100644
--- a/include/asm-generic/seccomp.h
+++ b/include/asm-generic/seccomp.h
@@ -29,4 +29,18 @@
#define __NR_seccomp_sigreturn __NR_rt_sigreturn
#endif
+#ifdef CONFIG_COMPAT
+#ifndef get_compat_mode1_syscalls
+static inline const int *get_compat_mode1_syscalls(void)
+{
+ static const int mode1_syscalls_32[] = {
+ __NR_seccomp_read_32, __NR_seccomp_write_32,
+ __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,
+ 0, /* null terminated */
+ };
+ return mode1_syscalls_32;
+}
+#endif
+#endif /* CONFIG_COMPAT */
+
#endif /* _ASM_GENERIC_SECCOMP_H */
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 15a1795bbba1..b0082c14764f 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -518,19 +518,12 @@ static int mode1_syscalls[] = {
0, /* null terminated */
};
-#ifdef CONFIG_COMPAT
-static int mode1_syscalls_32[] = {
- __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,
- 0, /* null terminated */
-};
-#endif
-
static void __secure_computing_strict(int this_syscall)
{
int *syscall_whitelist = mode1_syscalls;
#ifdef CONFIG_COMPAT
if (is_compat_task())
- syscall_whitelist = mode1_syscalls_32;
+ syscall_whitelist = get_compat_mode1_syscalls();
#endif
do {
if (*syscall_whitelist == this_syscall)
--
2.5.0
next prev parent reply other threads:[~2016-03-29 8:35 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-29 8:35 [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups Matt Redfearn
2016-03-29 8:35 ` Matt Redfearn
2016-03-29 8:35 ` Matt Redfearn [this message]
2016-03-29 8:35 ` [PATCH v2 4/6] seccomp: Get compat syscalls from asm-generic header Matt Redfearn
2016-03-30 5:06 ` [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups Kees Cook
2016-03-31 8:57 ` Matt Redfearn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1459240534-8658-5-git-send-email-matt.redfearn@imgtec.com \
--to=matt.redfearn@imgtec.com \
--cc=IMG-MIPSLinuxKerneldevelopers@imgtec.com \
--cc=arnd@arndb.de \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).