MIPS now has the infrastructure for dynamic seccomp-bpf filtering Reviewed-by: James Hogan <james.hogan@xxxxxxxxxx> Reviewed-by: Paul Burton <paul.burton@xxxxxxxxxx> Signed-off-by: Markos Chandras <markos.chandras@xxxxxxxxxx> --- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/ptrace.c | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/arch/mips/include/asm/ptrace.h b/arch/mips/include/asm/ptrace.h index 7bba9da..84257df 100644 --- a/arch/mips/include/asm/ptrace.h +++ b/arch/mips/include/asm/ptrace.h @@ -82,7 +82,7 @@ static inline long regs_return_value(struct pt_regs *regs) #define instruction_pointer(regs) ((regs)->cp0_epc) #define profile_pc(regs) instruction_pointer(regs) -extern asmlinkage void syscall_trace_enter(struct pt_regs *regs); +extern asmlinkage long syscall_trace_enter(struct pt_regs *regs); extern asmlinkage void syscall_trace_leave(struct pt_regs *regs); extern void die(const char *, struct pt_regs *) __noreturn; diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c index fe5af54..7f9bcaa 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c @@ -662,13 +662,14 @@ long arch_ptrace(struct task_struct *child, long request, * Notification of system call entry/exit * - triggered by current->work.syscall_trace */ -asmlinkage void syscall_trace_enter(struct pt_regs *regs) +asmlinkage long syscall_trace_enter(struct pt_regs *regs) { + long syscall = regs->regs[2]; long ret = 0; user_exit(); - /* do the secure computing check first */ - secure_computing_strict(regs->regs[2]); + if (secure_computing(syscall) == -1) + return -1; if (test_thread_flag(TIF_SYSCALL_TRACE) && tracehook_report_syscall_entry(regs)) @@ -678,9 +679,10 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) trace_sys_enter(regs, regs->regs[2]); audit_syscall_entry(syscall_get_arch(current, regs), - regs->regs[2], + syscall, regs->regs[4], regs->regs[5], regs->regs[6], regs->regs[7]); + return syscall; } /* -- 1.8.5.3