Commit 0bb605c2 authored by Michael Karcher's avatar Michael Karcher Committed by Rich Felker

sh: Add SECCOMP_FILTER

Port sh to use the new SECCOMP_FILTER code.
Signed-off-by: default avatarMichael Karcher <kernel@mkarcher.dialup.fu-berlin.de>
Tested-by: default avatarJohn Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: default avatarRich Felker <dalias@libc.org>
parent 9d2ec8f6
...@@ -28,6 +28,7 @@ config SUPERH ...@@ -28,6 +28,7 @@ config SUPERH
select GUP_GET_PTE_LOW_HIGH if X2TLB select GUP_GET_PTE_LOW_HIGH if X2TLB
select HAVE_ARCH_AUDITSYSCALL select HAVE_ARCH_AUDITSYSCALL
select HAVE_ARCH_KGDB select HAVE_ARCH_KGDB
select HAVE_ARCH_SECCOMP_FILTER
select HAVE_ARCH_TRACEHOOK select HAVE_ARCH_TRACEHOOK
select HAVE_COPY_THREAD_TLS select HAVE_COPY_THREAD_TLS
select HAVE_DEBUG_BUGVERBOSE select HAVE_DEBUG_BUGVERBOSE
......
...@@ -368,6 +368,8 @@ syscall_trace_entry: ...@@ -368,6 +368,8 @@ syscall_trace_entry:
mov.l 7f, r11 ! Call do_syscall_trace_enter which notifies mov.l 7f, r11 ! Call do_syscall_trace_enter which notifies
jsr @r11 ! superior (will chomp R[0-7]) jsr @r11 ! superior (will chomp R[0-7])
nop nop
cmp/eq #-1, r0
bt syscall_exit
mov.l r0, @(OFF_R0,r15) ! Save return value mov.l r0, @(OFF_R0,r15) ! Save return value
! Reload R0-R4 from kernel stack, where the ! Reload R0-R4 from kernel stack, where the
! parent may have modified them using ! parent may have modified them using
......
...@@ -485,8 +485,6 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) ...@@ -485,8 +485,6 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
{ {
long ret = 0; long ret = 0;
secure_computing_strict(regs->regs[0]);
if (test_thread_flag(TIF_SYSCALL_TRACE) && if (test_thread_flag(TIF_SYSCALL_TRACE) &&
tracehook_report_syscall_entry(regs)) tracehook_report_syscall_entry(regs))
/* /*
...@@ -496,6 +494,9 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) ...@@ -496,6 +494,9 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
*/ */
ret = -1L; ret = -1L;
if (secure_computing() == -1)
return -1;
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
trace_sys_enter(regs, regs->regs[0]); trace_sys_enter(regs, regs->regs[0]);
......
...@@ -122,6 +122,8 @@ struct seccomp_data { ...@@ -122,6 +122,8 @@ struct seccomp_data {
# define __NR_seccomp 358 # define __NR_seccomp 358
# elif defined(__s390__) # elif defined(__s390__)
# define __NR_seccomp 348 # define __NR_seccomp 348
# elif defined(__sh__)
# define __NR_seccomp 372
# else # else
# warning "seccomp syscall number unknown for this architecture" # warning "seccomp syscall number unknown for this architecture"
# define __NR_seccomp 0xffff # define __NR_seccomp 0xffff
...@@ -1622,6 +1624,10 @@ TEST_F(TRACE_poke, getpid_runs_normally) ...@@ -1622,6 +1624,10 @@ TEST_F(TRACE_poke, getpid_runs_normally)
# define SYSCALL_SYSCALL_NUM regs[4] # define SYSCALL_SYSCALL_NUM regs[4]
# define SYSCALL_RET regs[2] # define SYSCALL_RET regs[2]
# define SYSCALL_NUM_RET_SHARE_REG # define SYSCALL_NUM_RET_SHARE_REG
#elif defined(__sh__)
# define ARCH_REGS struct pt_regs
# define SYSCALL_NUM gpr[3]
# define SYSCALL_RET gpr[0]
#else #else
# error "Do not know how to find your architecture's registers and syscalls" # error "Do not know how to find your architecture's registers and syscalls"
#endif #endif
...@@ -1693,7 +1699,7 @@ void change_syscall(struct __test_metadata *_metadata, ...@@ -1693,7 +1699,7 @@ void change_syscall(struct __test_metadata *_metadata,
EXPECT_EQ(0, ret) {} EXPECT_EQ(0, ret) {}
#if defined(__x86_64__) || defined(__i386__) || defined(__powerpc__) || \ #if defined(__x86_64__) || defined(__i386__) || defined(__powerpc__) || \
defined(__s390__) || defined(__hppa__) || defined(__riscv) defined(__s390__) || defined(__hppa__) || defined(__riscv) || defined(__sh__)
{ {
regs.SYSCALL_NUM = syscall; regs.SYSCALL_NUM = syscall;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment