Commit e994cc24 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'seccomp-v5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux 

Pull seccomp updates from Kees Cook:
 "The major change here is finally gaining seccomp constant-action
  bitmaps, which internally reduces the seccomp overhead for many
  real-world syscall filters to O(1), as discussed at Plumbers this
  year.

   - Improve seccomp performance via constant-action bitmaps (YiFei Zhu
     & Kees Cook)

   - Fix bogus __user annotations (Jann Horn)

   - Add missed CONFIG for improved selftest coverage (Mickaël Salaün)"

* tag 'seccomp-v5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  selftests/seccomp: Update kernel config
  seccomp: Remove bogus __user annotations
  seccomp/cache: Report cache data through /proc/pid/seccomp_cache
  xtensa: Enable seccomp architecture tracking
  sh: Enable seccomp architecture tracking
  s390: Enable seccomp architecture tracking
  riscv: Enable seccomp architecture tracking
  powerpc: Enable seccomp architecture tracking
  parisc: Enable seccomp architecture tracking
  csky: Enable seccomp architecture tracking
  arm: Enable seccomp architecture tracking
  arm64: Enable seccomp architecture tracking
  selftests/seccomp: Compare bitmap vs filter overhead
  x86: Enable seccomp architecture tracking
  seccomp/cache: Add "emulator" to check if filter is constant allow
  seccomp/cache: Lookup syscall allowlist bitmap for fast path
parents ba1d41a5 2c07343a

arch/Kconfig

+17 −0
Original line number Diff line number Diff line
@@ -486,6 +486,9 @@ config HAVE_ARCH_SECCOMP_FILTER 
	  - secure_computing return value is checked and a return value of -1

	    results in the system call being skipped immediately.

	  - seccomp syscall wired up

	  - if !HAVE_SPARSE_SYSCALL_NR, have SECCOMP_ARCH_NATIVE,

	    SECCOMP_ARCH_NATIVE_NR, SECCOMP_ARCH_NATIVE_NAME defined. If

	    COMPAT is supported, have the SECCOMP_ARCH_COMPAT* defines too.



config SECCOMP

	prompt "Enable seccomp to safely execute untrusted bytecode"
@@ -514,6 +517,20 @@ config SECCOMP_FILTER 


	  See Documentation/userspace-api/seccomp_filter.rst for details.



config SECCOMP_CACHE_DEBUG

	bool "Show seccomp filter cache status in /proc/pid/seccomp_cache"

	depends on SECCOMP_FILTER && !HAVE_SPARSE_SYSCALL_NR

	depends on PROC_FS

	help

	  This enables the /proc/pid/seccomp_cache interface to monitor

	  seccomp cache data. The file format is subject to change. Reading

	  the file requires CAP_SYS_ADMIN.



	  This option is for debugging only. Enabling presents the risk that

	  an adversary may be able to infer the seccomp filter logic.



	  If unsure, say N.



config HAVE_ARCH_STACKLEAK

	bool

	help

arch/arm/include/asm/Kbuild

+0 −1
Original line number Diff line number Diff line
@@ -4,7 +4,6 @@ generic-y += extable.h 
generic-y += flat.h

generic-y += local64.h

generic-y += parport.h

generic-y += seccomp.h



generated-y += mach-types.h

generated-y += unistd-nr.h

arch/arm/include/asm/seccomp.h

0 → 100644
+11 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0-only */

#ifndef _ASM_SECCOMP_H

#define _ASM_SECCOMP_H



#include <asm-generic/seccomp.h>



#define SECCOMP_ARCH_NATIVE		AUDIT_ARCH_ARM

#define SECCOMP_ARCH_NATIVE_NR		NR_syscalls

#define SECCOMP_ARCH_NATIVE_NAME	"arm"



#endif /* _ASM_SECCOMP_H */

arch/arm64/include/asm/seccomp.h

+9 −0
Original line number Diff line number Diff line
@@ -19,4 +19,13 @@ 


#include <asm-generic/seccomp.h>



#define SECCOMP_ARCH_NATIVE		AUDIT_ARCH_AARCH64

#define SECCOMP_ARCH_NATIVE_NR		NR_syscalls

#define SECCOMP_ARCH_NATIVE_NAME	"aarch64"

#ifdef CONFIG_COMPAT

# define SECCOMP_ARCH_COMPAT		AUDIT_ARCH_ARM

# define SECCOMP_ARCH_COMPAT_NR	__NR_compat_syscalls

# define SECCOMP_ARCH_COMPAT_NAME	"arm"

#endif



#endif /* _ASM_SECCOMP_H */

arch/csky/include/asm/Kbuild

+0 −1
Original line number Diff line number Diff line
@@ -4,6 +4,5 @@ generic-y += gpio.h 
generic-y += kvm_para.h

generic-y += local64.h

generic-y += qrwlock.h

generic-y += seccomp.h

generic-y += user.h

generic-y += vmlinux.lds.h

CRA Git | Maintained and supported by SUSTech CRA and CCSE