• W
    x86: Enable HAVE_ARCH_SECCOMP_FILTER · c6cfbeb4
    Will Drewry 提交于
    Enable support for seccomp filter on x86:
    - syscall_get_arch()
    - syscall_get_arguments()
    - syscall_rollback()
    - syscall_set_return_value()
    - SIGSYS siginfo_t support
    - secure_computing is called from a ptrace_event()-safe context
    - secure_computing return value is checked (see below).
    
    SECCOMP_RET_TRACE and SECCOMP_RET_TRAP may result in seccomp needing to
    skip a system call without killing the process.  This is done by
    returning a non-zero (-1) value from secure_computing.  This change
    makes x86 respect that return value.
    
    To ensure that minimal kernel code is exposed, a non-zero return value
    results in an immediate return to user space (with an invalid syscall
    number).
    Signed-off-by: NWill Drewry <wad@chromium.org>
    Reviewed-by: NH. Peter Anvin <hpa@zytor.com>
    Acked-by: NEric Paris <eparis@redhat.com>
    Reviewed-by: NKees Cook <keescook@chromium.org>
    
    v18: rebase and tweaked change description, acked-by
    v17: added reviewed by and rebased
    v..: all rebases since original introduction.
    Signed-off-by: NJames Morris <james.l.morris@oracle.com>
    c6cfbeb4
Kconfig 70.3 KB