shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-11 15:38:07 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
e985fd474debedb269fba27006eda50d0b6f07ef
linux/kernel
History
Kees Cook e985fd474d seccomp: add "seccomp" syscall 
This adds the new "seccomp" syscall with both an "operation" and "flags"
parameter for future expansion. The third argument is a pointer value,
used with the SECCOMP_SET_MODE_FILTER operation. Currently, flags must
be 0. This is functionally equivalent to prctl(PR_SET_SECCOMP, ...).

In addition to the TSYNC flag later in this patch series, there is a
non-zero chance that this syscall could be used for configuring a fixed
argument area for seccomp-tracer-aware processes to pass syscall arguments
in the future. Hence, the use of "seccomp" not simply "seccomp_add_filter"
for this syscall. Additionally, this syscall uses operation, flags,
and user pointer for arguments because strictly passing arguments via
a user pointer would mean seccomp itself would be unable to trivially
filter the seccomp syscall itself.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>

Conflicts:
	arch/x86/syscalls/syscall_32.tbl
	arch/x86/syscalls/syscall_64.tbl
	include/uapi/asm-generic/unistd.h
	kernel/seccomp.c

And fixup of unistd32.h to truly enable sys_secomp.

Change-Id: I95bea02382c52007d22e5e9dc563c7d055c2c83f
2014-10-07 16:42:32 -07:00
..
cpu
idle: Enable interrupts in the weak arch_cpu_idle() implementation
2013-06-14 23:01:05 +02:00
debug
debug: add parameters to prevent entering debug mode on errors
2013-07-01 13:40:46 -07:00
events
hw_breakpoint: Use cpu_possible_mask in {reserve,release}_bp_slot()
2013-06-20 17:57:01 +02:00
gcov
kernel/gcov: remove depends on CONFIG_EXPERIMENTAL
2013-01-11 11:39:33 -08:00
irq
PM: Print pending wakeup IRQ preventing suspend to dmesg
2013-07-01 13:34:57 -07:00
power
Power: Changes the permission to read only for sysfs file
2014-04-24 22:14:30 +00:00
sched
cgroup: Add generic cgroup subsystem permission checks
2013-07-01 13:38:49 -07:00
time
alarmtimer: add alarm_expires_remaining
2013-07-01 14:16:28 -07:00
trace
trace: add non-hierarchical function_graph option
2013-07-01 14:16:22 -07:00
.gitignore
kernel/hz.bc: ignore.
2013-04-22 07:09:06 -07:00
acct.c
fs: Fix hang with BSD accounting on frozen filesystem
2013-05-04 14:57:58 -04:00
async.c
async: rename and redefine async_func_ptr
2013-03-12 13:59:14 -07:00
audit_tree.c
kernel/audit_tree.c:audit_add_tree_rule(): protect `rule' from kill_rules()
2013-06-12 16:29:46 -07:00
audit_watch.c
audit: catch possible NULL audit buffers
2013-01-11 14:54:55 -08:00
audit.c
audit: wait_for_auditd() should use TASK_UNINTERRUPTIBLE
2013-06-12 16:29:45 -07:00
audit.h
Merge git://git.infradead.org/users/eparis/audit
2013-05-11 14:29:11 -07:00
auditfilter.c
auditfilter.c: fix kernel-doc warnings
2013-05-24 16:22:52 -07:00
auditsc.c
audit: Make testing for a valid loginuid explicit.
2013-05-07 22:27:15 -04:00
backtracetest.c
bounds.c
memcg: remove direct page_cgroup-to-page pointer
2011-03-23 19:46:28 -07:00
capability.c
Add file_ns_capable() helper function for open-time capability checking
2013-04-14 10:06:31 -07:00
cgroup_freezer.c
cgroup: rename ->create/post_create/pre_destroy/destroy() to ->css_alloc/online/offline/free()
2012-11-19 08:13:38 -08:00
cgroup.c
cgroup: Add generic cgroup subsystem permission checks
2013-07-01 13:38:49 -07:00
compat.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal
2013-05-01 07:21:43 -07:00
configs.c
proc: Supply PDE attribute setting accessor functions
2013-05-01 17:29:18 -04:00
context_tracking.c
Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2013-06-20 08:18:35 -10:00
cpu_pm.c
kernel/cpu_pm.c: fix various typos
2012-05-31 17:49:27 -07:00
cpu.c
Move x86_64 idle notifiers to generic
2013-07-01 13:40:30 -07:00
cpuset.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
crash_dump.c
Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux
2011-11-06 19:44:47 -08:00
cred.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2012-12-18 10:55:28 -08:00
delayacct.c
cputime: Use accessors to read task cputime stats
2013-01-27 19:23:31 +01:00
dma.c
Remove all #inclusions of asm/system.h
2012-03-28 18:30:03 +01:00
elfcore.c
exec_domain.c
sys_personality: remove the bogus checks in sys_personality()->__set_personality() path
2010-08-09 20:45:05 -07:00
exit.c
introduce for_each_thread() to replace the buggy while_each_thread()
2014-10-07 16:42:30 -07:00
extable.c
extable: Flip the sorting message
2013-04-15 13:25:16 +02:00
fork.c
introduce for_each_thread() to replace the buggy while_each_thread()
2014-10-07 16:42:30 -07:00
freezer.c
freezer: skip waking up tasks with PF_FREEZER_SKIP set
2013-07-01 15:40:39 -07:00
futex_compat.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal
2013-02-23 18:50:11 -08:00
futex.c
futex: Make lookup_pi_state more robust
2014-06-06 14:53:48 -07:00
groups.c
userns: Convert in_group_p and in_egroup_p to use kgid_t
2012-05-03 03:29:33 -07:00
hrtimer.c
nanosleep: use freezable blocking call
2013-07-01 15:46:23 -07:00
hung_task.c
hung task debugging: Inject NMI when hung and going to panic
2012-04-25 12:39:25 +02:00
irq_work.c
Merge branch 'nohz/printk-v8' into irq/core
2013-02-05 00:48:46 +01:00
itimer.c
itimer: Use printk_once instead of WARN_ONCE
2012-04-10 11:00:30 +02:00
jump_label.c
jump_label: Export jump_label_rate_limit()
2012-08-06 19:00:35 +03:00
kallsyms.c
kernel: kallsyms: memory override issue, need check destination buffer length
2013-04-15 15:17:26 +09:30
kcmp.c
kcmp: include linux/ptrace.h
2012-12-20 17:40:19 -08:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
locking: Adjust spin lock inlining Kconfig options
2012-09-13 17:56:13 +02:00
Kconfig.preempt
locking/kconfig: Simplify INLINE_SPIN_UNLOCK usage
2012-03-23 13:18:57 +01:00
kexec.c
kexec: Use min() and min_t() to simplify logic
2013-04-30 17:04:07 -07:00
kmod.c
usermodehelper: check subprocess_info->path != NULL
2013-05-16 12:01:11 -07:00
kprobes.c
kprobes: Fix to free gone and unused optprobes
2013-05-28 10:37:59 +02:00
ksysfs.c
Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2012-12-11 18:10:49 -08:00
kthread.c
kthread: implement probe_kthread_data()
2013-04-30 17:04:02 -07:00
latencytop.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
lglock.c
brlocks/lglocks: turn into functions
2012-05-29 23:28:41 -04:00
lockdep_internals.h
lockdep_proc.c
lockdep: Use KSYM_NAME_LEN'ed buffer for __get_key_name()
2012-10-24 12:39:09 +02:00
lockdep_states.h
lockdep.c
lockdep: remove task argument from debug_check_no_locks_held
2013-07-01 15:38:03 -07:00
Makefile
Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
2013-05-05 10:58:06 -07:00
modsign_certificate.S
CONFIG_SYMBOL_PREFIX: cleanup.
2013-03-15 15:09:43 +10:30
modsign_pubkey.c
keys: use keyring_alloc() to create module signing keyring
2012-12-20 17:40:21 -08:00
module_signing.c
MODSIGN: Don't use enum-type bitfields in module signature info block
2012-12-05 11:27:24 +10:30
module-internal.h
MODSIGN: Move the magic string to the end of a module and eliminate the search
2012-10-19 17:30:40 -07:00
module.c
kmemleak: No need for scanning specific module sections
2013-05-17 09:53:36 +01:00
mutex-debug.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
mutex-debug.h
mutex: Use p->on_cpu for the adaptive spin
2011-04-14 08:52:33 +02:00
mutex.c
mutex: Back out architecture specific check for negative mutex count
2013-04-19 09:33:36 +02:00
mutex.h
mutex: Use p->on_cpu for the adaptive spin
2011-04-14 08:52:33 +02:00
notifier.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
nsproxy.c
proc: Split the namespace stuff out into linux/proc_ns.h
2013-05-01 17:29:39 -04:00
padata.c
padata: use __this_cpu_read per-cpu helper
2012-12-06 17:16:23 +08:00
panic.c
panic: Add board ID to panic output
2013-07-01 13:34:57 -07:00
params.c
params: Fix potential memory leak in add_sysfs_param()
2013-03-18 11:40:21 +00:00
pid_namespace.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
pid.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
posix-cpu-timers.c
posix_timers: Fix pre-condition to stop the tick on full dynticks
2013-04-22 19:59:25 +02:00
posix-timers.c
posix-timers: Remove unused variable
2013-04-18 12:51:19 +02:00
printk.c
ARM: Fix "Make low-level printk work" to use a separate config option
2013-11-13 17:34:12 -08:00
profile.c
proc: Supply PDE attribute setting accessor functions
2013-05-01 17:29:18 -04:00
ptrace.c
Fix: kernel/ptrace.c: ptrace_peek_siginfo() missing __put_user() validation
2013-06-29 11:29:08 -07:00
range.c
range: Do not add new blank slot with add_range_with_merge
2013-06-18 11:32:10 -05:00
rcu.h
rcu: Provide RCU CPU stall warnings for tiny RCU
2013-01-28 22:06:21 -08:00
rcupdate.c
Merge branches 'doctorture.2013.01.29a', 'fixes.2013.01.26a', 'tagcb.2013.01.24a' and 'tiny.2013.01.29b' into HEAD
2013-01-28 22:25:21 -08:00
rcutiny_plugin.h
rcu: Provide RCU CPU stall warnings for tiny RCU
2013-01-28 22:06:21 -08:00
rcutiny.c
Merge branches 'doctorture.2013.01.29a', 'fixes.2013.01.26a', 'tagcb.2013.01.24a' and 'tiny.2013.01.29b' into HEAD
2013-01-28 22:25:21 -08:00
rcutorture.c
rcu: Allow rcutorture to be built at low optimization levels
2013-02-04 12:18:20 -08:00
rcutree_plugin.h
rcu: Don't allocate bootmem from rcu_init()
2013-05-15 10:41:12 -07:00
rcutree_trace.c
rcutrace: single_open() leaks
2013-05-05 00:16:35 -04:00
rcutree.c
rcu: Fix deadlock with CPU hotplug, RCU GP init, and timer migration
2013-06-10 13:37:12 -07:00
rcutree.h
rcu: Don't call wakeup() with rcu_node structure ->lock held
2013-06-10 13:37:11 -07:00
relay.c
Merge branch 'for-3.10/core' of git://git.kernel.dk/linux-block
2013-05-08 10:13:35 -07:00
res_counter.c
res_counter: return amount of charges after res_counter_uncharge()
2012-12-18 15:02:12 -08:00
resource.c
mem hotunplug: fix kfree() of bootmem memory
2013-04-29 15:54:40 -07:00
rtmutex_common.h
rtmutex: Simplify PI algorithm and make highest prio task get lock
2011-01-27 21:13:51 -05:00
rtmutex-debug.c
sched/rt: Move rt specific bits into new header file
2013-02-07 20:51:08 +01:00
rtmutex-debug.h
rtmutex-tester.c
locking/rtmutex/tester: Set correct permissions on sysfs files
2013-04-10 14:48:37 +02:00
rtmutex.c
sched/rt: Move rt specific bits into new header file
2013-02-07 20:51:08 +01:00
rtmutex.h
rwsem.c
Revert "rw_semaphore: remove up/down_read_non_owner"
2013-03-23 15:53:52 -07:00
seccomp.c
seccomp: add "seccomp" syscall
2014-10-07 16:42:32 -07:00
semaphore.c
semaphore: use `bool' type for semaphore_waiter's up
2013-04-30 17:04:08 -07:00
signal.c
sigtimedwait: use freezable blocking call
2013-07-01 15:46:24 -07:00
smp.c
kernel/smp.c: cleanups
2013-04-30 17:04:03 -07:00
smpboot.c
kthread: Prevent unpark race which puts threads on the wrong cpu
2013-04-12 14:18:43 +02:00
smpboot.h
smpboot: Provide infrastructure for percpu hotplug threads
2012-08-13 17:01:07 +02:00
softirq.c
Fix lockup related to stop_machine being stuck in __do_softirq.
2013-06-10 17:46:57 -07:00
spinlock.c
locking/kconfig: Simplify INLINE_SPIN_UNLOCK usage
2012-03-23 13:18:57 +01:00
srcu.c
srcu: use ACCESS_ONCE() to access sp->completed in srcu_read_lock()
2013-02-07 15:19:36 -08:00
stacktrace.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
stop_machine.c
stop_machine: Mark per cpu stopper enabled early
2013-02-26 22:25:17 +01:00
sys_ni.c
seccomp: add "seccomp" syscall
2014-10-07 16:42:32 -07:00
sys.c
mm: fix prctl_set_vma_anon_name
2014-08-22 23:47:15 +00:00
sysctl_binary.c
switch compat_sys_sysctl to COMPAT_SYSCALL_DEFINE
2013-05-09 14:53:20 -04:00
sysctl.c
add extra free kbytes tunable
2013-09-19 13:53:19 -05:00
task_work.c
task_work: task_work_add() should not succeed after exit_task_work()
2012-09-13 16:47:34 +02:00
taskstats.c
taskstats: cgroupstats_user_cmd() may leak on error
2012-10-06 03:05:31 +09:00
test_kprobes.c
kernel/: rename random32() to prandom_u32()
2013-04-29 18:28:42 -07:00
time.c
timekeeping: Use inject_offset in warp_clock
2013-03-15 16:50:20 -07:00
timeconst.bc
kernel: Replace timeconst.pl with a bc script
2013-02-16 23:17:25 +01:00
timer.c
Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2013-05-15 14:05:17 -07:00
tracepoint.c
Merge tag 'trace-3.10' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
2013-04-29 13:55:38 -07:00
tsacct.c
cputime: Use accessors to read task cputime stats
2013-01-27 19:23:31 +01:00
uid16.c
make SYSCALL_DEFINE<n>-generated wrappers do asmlinkage_protect
2013-03-03 22:58:33 -05:00
up.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
user_namespace.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
user-return-notifier.c
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
user.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
utsname_sysctl.c
kernel/utsname_sysctl.c: put get/get_uts() into CONFIG_PROC_SYSCTL code block
2013-02-27 19:10:22 -08:00
utsname.c
proc: Split the namespace stuff out into linux/proc_ns.h
2013-05-01 17:29:39 -04:00
wait.c
propagate name change to comments in kernel source
2012-12-06 10:39:54 +01:00
watchdog.c
hardlockup: detect hard lockups without NMIs using secondary cpus
2013-07-01 14:16:17 -07:00
workqueue_internal.h
workqueue: include workqueue info when printing debug dump of a worker task
2013-04-30 17:04:02 -07:00
workqueue.c
workqueue: don't perform NUMA-aware allocations on offline nodes in wq_numa_init()
2013-05-15 14:24:24 -07:00