We now have the right pieces in place to enable seccomp-filter on
64-bit. We select HAVE_ARCH_SECCOMP_FILTER to enable the code, and we
also need to switch to using secure_computing() rather than the strict
variant.
Enabling support on 32-bit should just be a matter of fixing the
assembler in entry_32.S in a similar fashion to the 64-bit code.
Signed-off-by: Michael Ellerman <m...@ellerman.id.au>
---
arch/powerpc/Kconfig | 1 +
arch/powerpc/kernel/ptrace.c | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 190cc48abc0c..a90bbd2c3f3b 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -104,6 +104,7 @@ config PPC
select HAVE_EFFICIENT_UNALIGNED_ACCESS if !CPU_LITTLE_ENDIAN
select HAVE_KPROBES
select HAVE_ARCH_KGDB
+ select HAVE_ARCH_SECCOMP_FILTER if PPC64
select HAVE_KRETPROBES
select HAVE_ARCH_TRACEHOOK
select HAVE_MEMBLOCK
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index f21897b42057..473d555ce60c 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -1772,7 +1772,13 @@ long do_syscall_trace_enter(struct pt_regs *regs)
user_exit();
+#ifdef CONFIG_PPC64
+ /* Do the secure computing check first */
+ if (secure_computing() == -1)
+ return -1L;
+#else
secure_computing_strict(regs->gpr[0]);
+#endif
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
tracehook_report_syscall_entry(regs))
--
2.1.0
_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
