On Tue, Oct 27, 2020 at 05:19:59PM -0700, Kees Cook wrote: > To enable seccomp constant action bitmaps, we need to have a static > mapping to the audit architecture and system call table size. Add these > for arm64. > > Signed-off-by: Kees Cook <keesc...@chromium.org> > --- > arch/arm64/include/asm/seccomp.h | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/arch/arm64/include/asm/seccomp.h > b/arch/arm64/include/asm/seccomp.h > index c36387170936..40f325e7a404 100644 > --- a/arch/arm64/include/asm/seccomp.h > +++ b/arch/arm64/include/asm/seccomp.h > @@ -19,4 +19,19 @@ > > #include <asm-generic/seccomp.h> > > +#ifdef CONFIG_ARM64 > +# define SECCOMP_ARCH_NATIVE AUDIT_ARCH_AARCH64 > +# define SECCOMP_ARCH_NATIVE_NR NR_syscalls > +# define SECCOMP_ARCH_NATIVE_NAME "arm64"
"aarch64"? (to match ELF_PLATFORM; not sure what this is used for as SECCOMP_ARCH_NATIVE_NAME is not defined in 5.10-rc3) > +# ifdef CONFIG_COMPAT > +# define SECCOMP_ARCH_COMPAT AUDIT_ARCH_ARM > +# define SECCOMP_ARCH_COMPAT_NR __NR_compat_syscalls > +# define SECCOMP_ARCH_COMPAT_NAME "arm" > +# endif > +#else /* !CONFIG_ARM64 */ > +# define SECCOMP_ARCH_NATIVE AUDIT_ARCH_ARM > +# define SECCOMP_ARCH_NATIVE_NR NR_syscalls > +# define SECCOMP_ARCH_NATIVE_NAME "arm" > +#endif Why do we need a !CONFIG_ARM64 in an arm64 header file? -- Catalin
