diff options
author | Andy Lutomirski <luto@kernel.org> | 2016-05-27 12:57:02 -0700 |
---|---|---|
committer | Amit Pundir <amit.pundir@linaro.org> | 2018-12-10 23:46:03 +0530 |
commit | ec8e12f60fa07742c6bc63ea9b495bb53276492d (patch) | |
tree | 840359c5103c77c475c436a97fe8ce5d0be764af /include | |
parent | 6b2efe86a1c2d2b27eda7b033649d5d5536df4fd (diff) |
BACKPORT: seccomp: Add a seccomp_data parameter secure_computing()
Currently, if arch code wants to supply seccomp_data directly to
seccomp (which is generally much faster than having seccomp do it
using the syscall_get_xyz() API), it has to use the two-phase
seccomp hooks. Add it to the easy hooks, too.
Cc: linux-arch@vger.kernel.org
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
(cherry picked from commit 2f275de5d1ed7269913ef9b4c64a13952c0a38e8)
Bug: 119769499
Change-Id: I96876ecd8d1743c289ecef6d2deb65361d1f5baa
[ghackmann@google.com: drop changes to parisc, tile, and um, which
didn't implement seccomp support in this kernel version]
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/seccomp.h | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h index 5a53d34bba26..62e149fe8ee4 100644 --- a/include/linux/seccomp.h +++ b/include/linux/seccomp.h @@ -29,11 +29,11 @@ struct seccomp { }; #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER -extern int __secure_computing(void); -static inline int secure_computing(void) +extern int __secure_computing(const struct seccomp_data *sd); +static inline int secure_computing(const struct seccomp_data *sd) { if (unlikely(test_thread_flag(TIF_SECCOMP))) - return __secure_computing(); + return __secure_computing(sd); return 0; } @@ -62,7 +62,7 @@ struct seccomp { }; struct seccomp_filter { }; #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER -static inline int secure_computing(void) { return 0; } +static inline int secure_computing(struct seccomp_data *sd) { return 0; } #else static inline void secure_computing_strict(int this_syscall) { return; } #endif |