The kernel has grown too large to fit on the Mako boot
partition. This config change makes it smaller without
losing any functionality due to making use of EXT4's
backward-compatibility.
Taken from the history of https://github.com/redpig/seccomp. This
has been deprecated in favor of the tests in mainline (which are
based on this repository), but the mainline tests include tests
for the seccomp syscall and tsync, neither of which are included
in this backport.
Signed-off-by: Kyle Fazzari <email address hidden>
Acked-by: Kamal Mostafa <email address hidden>
Signed-off-by: Tim Gardner <email address hidden>
On tracehook-friendly platforms, a system call number of -1 falls
through without running much code or taking much action.
ARM is different. This adds a short-circuit check in the trace path to
avoid any additional work, as suggested by Russell King, to make sure
that ARM behaves the same way as other platforms.
Signed-off-by: Kees Cook <email address hidden>
Acked-by: Will Drewry <email address hidden>
Reviewed-by: Will Deacon <email address hidden>
Signed-off-by: Russell King <email address hidden>
(backported from commit ad75b51459ae076a0d406391496f81b897bf6992)
Signed-off-by: Kyle Fazzari <email address hidden>
Acked-by: Kamal Mostafa <email address hidden>
Signed-off-by: Tim Gardner <email address hidden>
There is very little difference in the TIF_SECCOMP and TIF_SYSCALL_WORK
path in entry-common.S, so merge TIF_SECCOMP into TIF_SYSCALL_WORK and
move seccomp into the syscall_trace_enter() handler.
Expanded some of the tracehook logic into the callers to make this code
more readable. Since tracehook needs to do register changing, this portion
is best left in its own function instead of copy/pasting into the callers.
Additionally, the return value for secure_computing() is now checked
and a -1 value will result in the system call being skipped.
Signed-off-by: Kees Cook <email address hidden>
Acked-by: Will Drewry <email address hidden>
Reviewed-by: Will Deacon <email address hidden>
Signed-off-by: Russell King <email address hidden>
(backported from commit 9b790d71d58be65f9508ab60920eb978af828412)
[ kyle: backport to Ubuntu-mako-3.4: Applied patch without
_TIF_SYSCALL_TRACEPOINT support. ]
Signed-off-by: Kyle Fazzari <email address hidden>
Acked-by: Kamal Mostafa <email address hidden>
Signed-off-by: Tim Gardner <email address hidden>