mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-28 07:04:00 +08:00
e4da89d02f
This change is inspired by https://lkml.org/lkml/2012/4/16/14 which fixes the build warnings for arches that don't support CONFIG_HAVE_ARCH_SECCOMP_FILTER. In particular, there is no requirement for the return value of secure_computing() to be checked unless the architecture supports seccomp filter. Instead of silencing the warnings with (void) a new static inline is added to encode the expected behavior in a compiler and human friendly way. v2: - cleans things up with a static inline - removes sfr's signed-off-by since it is a different approach v1: - matches sfr's original change Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Will Drewry <wad@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.l.morris@oracle.com>
134 lines
3.6 KiB
C
134 lines
3.6 KiB
C
#ifndef _LINUX_SECCOMP_H
|
|
#define _LINUX_SECCOMP_H
|
|
|
|
#include <linux/compiler.h>
|
|
#include <linux/types.h>
|
|
|
|
|
|
/* Valid values for seccomp.mode and prctl(PR_SET_SECCOMP, <mode>) */
|
|
#define SECCOMP_MODE_DISABLED 0 /* seccomp is not in use. */
|
|
#define SECCOMP_MODE_STRICT 1 /* uses hard-coded filter. */
|
|
#define SECCOMP_MODE_FILTER 2 /* uses user-supplied filter. */
|
|
|
|
/*
|
|
* All BPF programs must return a 32-bit value.
|
|
* The bottom 16-bits are for optional return data.
|
|
* The upper 16-bits are ordered from least permissive values to most.
|
|
*
|
|
* The ordering ensures that a min_t() over composed return values always
|
|
* selects the least permissive choice.
|
|
*/
|
|
#define SECCOMP_RET_KILL 0x00000000U /* kill the task immediately */
|
|
#define SECCOMP_RET_TRAP 0x00030000U /* disallow and force a SIGSYS */
|
|
#define SECCOMP_RET_ERRNO 0x00050000U /* returns an errno */
|
|
#define SECCOMP_RET_TRACE 0x7ff00000U /* pass to a tracer or disallow */
|
|
#define SECCOMP_RET_ALLOW 0x7fff0000U /* allow */
|
|
|
|
/* Masks for the return value sections. */
|
|
#define SECCOMP_RET_ACTION 0x7fff0000U
|
|
#define SECCOMP_RET_DATA 0x0000ffffU
|
|
|
|
/**
|
|
* struct seccomp_data - the format the BPF program executes over.
|
|
* @nr: the system call number
|
|
* @arch: indicates system call convention as an AUDIT_ARCH_* value
|
|
* as defined in <linux/audit.h>.
|
|
* @instruction_pointer: at the time of the system call.
|
|
* @args: up to 6 system call arguments always stored as 64-bit values
|
|
* regardless of the architecture.
|
|
*/
|
|
struct seccomp_data {
|
|
int nr;
|
|
__u32 arch;
|
|
__u64 instruction_pointer;
|
|
__u64 args[6];
|
|
};
|
|
|
|
#ifdef __KERNEL__
|
|
#ifdef CONFIG_SECCOMP
|
|
|
|
#include <linux/thread_info.h>
|
|
#include <asm/seccomp.h>
|
|
|
|
struct seccomp_filter;
|
|
/**
|
|
* struct seccomp - the state of a seccomp'ed process
|
|
*
|
|
* @mode: indicates one of the valid values above for controlled
|
|
* system calls available to a process.
|
|
* @filter: The metadata and ruleset for determining what system calls
|
|
* are allowed for a task.
|
|
*
|
|
* @filter must only be accessed from the context of current as there
|
|
* is no locking.
|
|
*/
|
|
struct seccomp {
|
|
int mode;
|
|
struct seccomp_filter *filter;
|
|
};
|
|
|
|
extern int __secure_computing(int);
|
|
static inline int secure_computing(int this_syscall)
|
|
{
|
|
if (unlikely(test_thread_flag(TIF_SECCOMP)))
|
|
return __secure_computing(this_syscall);
|
|
return 0;
|
|
}
|
|
|
|
/* A wrapper for architectures supporting only SECCOMP_MODE_STRICT. */
|
|
static inline void secure_computing_strict(int this_syscall)
|
|
{
|
|
BUG_ON(secure_computing(this_syscall) != 0);
|
|
}
|
|
|
|
extern long prctl_get_seccomp(void);
|
|
extern long prctl_set_seccomp(unsigned long, char __user *);
|
|
|
|
static inline int seccomp_mode(struct seccomp *s)
|
|
{
|
|
return s->mode;
|
|
}
|
|
|
|
#else /* CONFIG_SECCOMP */
|
|
|
|
#include <linux/errno.h>
|
|
|
|
struct seccomp { };
|
|
struct seccomp_filter { };
|
|
|
|
static inline int secure_computing(int this_syscall) { return 0; }
|
|
static inline void secure_computing_strict(int this_syscall) { return; }
|
|
|
|
static inline long prctl_get_seccomp(void)
|
|
{
|
|
return -EINVAL;
|
|
}
|
|
|
|
static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3)
|
|
{
|
|
return -EINVAL;
|
|
}
|
|
|
|
static inline int seccomp_mode(struct seccomp *s)
|
|
{
|
|
return 0;
|
|
}
|
|
#endif /* CONFIG_SECCOMP */
|
|
|
|
#ifdef CONFIG_SECCOMP_FILTER
|
|
extern void put_seccomp_filter(struct task_struct *tsk);
|
|
extern void get_seccomp_filter(struct task_struct *tsk);
|
|
extern u32 seccomp_bpf_load(int off);
|
|
#else /* CONFIG_SECCOMP_FILTER */
|
|
static inline void put_seccomp_filter(struct task_struct *tsk)
|
|
{
|
|
return;
|
|
}
|
|
static inline void get_seccomp_filter(struct task_struct *tsk)
|
|
{
|
|
return;
|
|
}
|
|
#endif /* CONFIG_SECCOMP_FILTER */
|
|
#endif /* __KERNEL__ */
|
|
#endif /* _LINUX_SECCOMP_H */
|