9 年之前 · 2f275de5d1
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -934,7 +934,7 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno)
 
				 
			
 
				 	/* Do the secure computing check first; failures should be fast. */
			
 
				 #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
			
 
				-	if (secure_computing() == -1)
			
 
				+	if (secure_computing(NULL) == -1)
			
 
				 		return -1;
			
 
				 #else
			
 
				 	/* XXX: remove this once OABI gets fixed */
			
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -1247,7 +1247,7 @@ static void tracehook_report_syscall(struct pt_regs *regs,
 
				 asmlinkage int syscall_trace_enter(struct pt_regs *regs)
			
 
				 {
			
 
				 	/* Do the secure computing check first; failures should be fast. */
			
 
				-	if (secure_computing() == -1)
			
 
				+	if (secure_computing(NULL) == -1)
			
 
				 		return -1;
			
 
				 
			
 
				 	if (test_thread_flag(TIF_SYSCALL_TRACE))
			
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -893,7 +893,7 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall)
 
				 
			
 
				 	current_thread_info()->syscall = syscall;
			
 
				 
			
 
				-	if (secure_computing() == -1)
			
 
				+	if (secure_computing(NULL) == -1)
			
 
				 		return -1;
			
 
				 
			
 
				 	if (test_thread_flag(TIF_SYSCALL_TRACE) &&
			
--- a/arch/parisc/kernel/ptrace.c
+++ b/arch/parisc/kernel/ptrace.c
@@ -312,7 +312,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
 
				 long do_syscall_trace_enter(struct pt_regs *regs)
			
 
				 {
			
 
				 	/* Do the secure computing check first. */
			
 
				-	if (secure_computing() == -1)
			
 
				+	if (secure_computing(NULL) == -1)
			
 
				 		return -1;
			
 
				 
			
 
				 	if (test_thread_flag(TIF_SYSCALL_TRACE) &&
			
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -1783,7 +1783,7 @@ static int do_seccomp(struct pt_regs *regs)
 
				 	 * have already loaded -ENOSYS into r3, or seccomp has put
			
 
				 	 * something else in r3 (via SECCOMP_RET_ERRNO/TRACE).
			
 
				 	 */
			
 
				-	if (__secure_computing())
			
 
				+	if (__secure_computing(NULL))
			
 
				 		return -1;
			
 
				 
			
 
				 	/*
			
--- a/arch/s390/kernel/ptrace.c
+++ b/arch/s390/kernel/ptrace.c
@@ -824,7 +824,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
 
				 	long ret = 0;
			
 
				 
			
 
				 	/* Do the secure computing check first. */
			
 
				-	if (secure_computing()) {
			
 
				+	if (secure_computing(NULL)) {
			
 
				 		/* seccomp failures shouldn't expose any additional code. */
			
 
				 		ret = -1;
			
 
				 		goto out;
			
--- a/arch/tile/kernel/ptrace.c
+++ b/arch/tile/kernel/ptrace.c
@@ -255,7 +255,7 @@ int do_syscall_trace_enter(struct pt_regs *regs)
 
				 {
			
 
				 	u32 work = ACCESS_ONCE(current_thread_info()->flags);
			
 
				 
			
 
				-	if (secure_computing() == -1)
			
 
				+	if (secure_computing(NULL) == -1)
			
 
				 		return -1;
			
 
				 
			
 
				 	if (work & _TIF_SYSCALL_TRACE) {
			
--- a/arch/um/kernel/skas/syscall.c
+++ b/arch/um/kernel/skas/syscall.c
@@ -21,7 +21,7 @@ void handle_syscall(struct uml_pt_regs *r)
 
				 	PT_REGS_SET_SYSCALL_RETURN(regs, -ENOSYS);
			
 
				 
			
 
				 	/* Do the secure computing check first; failures should be fast. */
			
 
				-	if (secure_computing() == -1)
			
 
				+	if (secure_computing(NULL) == -1)
			
 
				 		return;
			
 
				 
			
 
				 	if (syscall_trace_enter(regs))
			
--- a/arch/x86/entry/vsyscall/vsyscall_64.c
+++ b/arch/x86/entry/vsyscall/vsyscall_64.c
@@ -207,7 +207,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
 
				 	 */
			
 
				 	regs->orig_ax = syscall_nr;
			
 
				 	regs->ax = -ENOSYS;
			
 
				-	tmp = secure_computing();
			
 
				+	tmp = secure_computing(NULL);
			
 
				 	if ((!tmp && regs->orig_ax != syscall_nr) || regs->ip != address) {
			
 
				 		warn_bad_vsyscall(KERN_DEBUG, regs,
			
 
				 				  "seccomp tried to change syscall nr or ip");
			
--- a/include/linux/seccomp.h
+++ b/include/linux/seccomp.h
@@ -28,11 +28,11 @@ struct seccomp {
 
				 };
			
 
				 
			
 
				 #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
			
 
				-extern int __secure_computing(void);
			
 
				-static inline int secure_computing(void)
			
 
				+extern int __secure_computing(const struct seccomp_data *sd);
			
 
				+static inline int secure_computing(const struct seccomp_data *sd)
			
 
				 {
			
 
				 	if (unlikely(test_thread_flag(TIF_SECCOMP)))
			
 
				-		return  __secure_computing();
			
 
				+		return  __secure_computing(sd);
			
 
				 	return 0;
			
 
				 }
			
 
				 
			
@@ -61,7 +61,7 @@ struct seccomp { };
 
				 struct seccomp_filter { };
			
 
				 
			
 
				 #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
			
 
				-static inline int secure_computing(void) { return 0; }
			
 
				+static inline int secure_computing(struct seccomp_data *sd) { return 0; }
			
 
				 #else
			
 
				 static inline void secure_computing_strict(int this_syscall) { return; }
			
 
				 #endif
			
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -554,9 +554,9 @@ void secure_computing_strict(int this_syscall)
 
				 		BUG();
			
 
				 }
			
 
				 #else
			
 
				-int __secure_computing(void)
			
 
				+int __secure_computing(const struct seccomp_data *sd)
			
 
				 {
			
 
				-	u32 phase1_result = seccomp_phase1(NULL);
			
 
				+	u32 phase1_result = seccomp_phase1(sd);
			
 
				 
			
 
				 	if (likely(phase1_result == SECCOMP_PHASE1_OK))
			
 
				 		return 0;