Thanks Geert,
On 23/01/23 05:37, Geert Uytterhoeven wrote:
On Thu, Jan 12, 2023 at 4:55 AM Michael Schmitz <schmitzmic@xxxxxxxxx> wrote:
Add secure_computing() call to syscall_trace_enter to actually
filter system calls.
Add necessary arch Kconfig options, define TIF_SECCOMP trace
flag and provide basic seccomp filter support in asm/syscall.h
syscall_get_nr currently uses the syscall nr stored in orig_d0
because we change d0 to a default return code before starting a
syscall trace. This may be inconsistent with syscall_rollback
copying orig_d0 to d0 (which we never check upon return from
trace). We use d0 for the return code from syscall_trace_enter
in entry.S currently, and could perhaps expand that to store
a new syscall number returned by the seccomp filter before
executing the syscall. This clearly needs some discussion.
seccomp_bpf self test on ARAnyM passes 63 out of 89 tests.
Signed-off-by: Michael Schmitz <schmitzmic@xxxxxxxxx>
Thanks for your patch!
Reviewed-by: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
i.e. will queue in the m68k for-v6.3 branch.
--- a/arch/m68k/include/asm/syscall.h
+++ b/arch/m68k/include/asm/syscall.h
+static inline void syscall_set_return_value(struct task_struct *task,
+ struct pt_regs *regs,
+ int error, long val)
+{
+ regs->d0 = (long) error ? error : val;
I'll change this to "(long)error ?: val" while applying.
Sure - could you also update the commit message that I forgot to change?
It's 81 out of 94 tests now.
Many thanks also to Adrian for his libseccomp port work!
Cheers,
Michael
+}
+
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
