• Linus Torvalds's avatar
    Merge tag 'seccomp-v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 9ecc6ea4
    Linus Torvalds authored
    Pull seccomp updates from Kees Cook:
     "There are a bunch of clean ups and selftest improvements along with
      two major updates to the SECCOMP_RET_USER_NOTIF filter return:
      EPOLLHUP support to more easily detect the death of a monitored
      process, and being able to inject fds when intercepting syscalls that
      expect an fd-opening side-effect (needed by both container folks and
      Chrome). The latter continued the refactoring of __scm_install_fd()
      started by Christoph, and in the process found and fixed a handful of
      bugs in various callers.
    
       - Improved selftest coverage, timeouts, and reporting
    
       - Add EPOLLHUP support for SECCOMP_RET_USER_NOTIF (Christian Brauner)
    
       - Refactor __scm_install_fd() into __receive_fd() and fix buggy
         callers
    
       - Introduce 'addfd' command for SECCOMP_RET_USER_NOTIF (Sargun
         Dhillon)"
    
    * tag 'seccomp-v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (30 commits)
      selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD
      seccomp: Introduce addfd ioctl to seccomp user notifier
      fs: Expand __receive_fd() to accept existing fd
      pidfd: Replace open-coded receive_fd()
      fs: Add receive_fd() wrapper for __receive_fd()
      fs: Move __scm_install_fd() to __receive_fd()
      net/scm: Regularize compat handling of scm_detach_fds()
      pidfd: Add missing sock updates for pidfd_getfd()
      net/compat: Add missing sock updates for SCM_RIGHTS
      selftests/seccomp: Check ENOSYS under tracing
      selftests/seccomp: Refactor to use fixture variants
      selftests/harness: Clean up kern-doc for fixtures
      seccomp: Use -1 marker for end of mode 1 syscall list
      seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID
      selftests/seccomp: Rename user_trap_syscall() to user_notif_syscall()
      selftests/seccomp: Make kcmp() less required
      seccomp: Use pr_fmt
      selftests/seccomp: Improve calibration loop
      selftests/seccomp: use 90s as timeout
      selftests/seccomp: Expand benchmark to per-filter measurements
      ...
    9ecc6ea4
fork.c 74.5 KB