From: Ingo Molnar <mingo@kernel.org>
To: Andy Lutomirski <luto@amacapital.net>
Cc: hpa@zytor.com, linux-kernel@vger.kernel.org,
schwidefsky@de.ibm.com, keescook@chromium.org,
linux@arm.linux.org.uk, ralf@linux-mips.org,
heiko.carstens@de.ibm.com, tglx@linutronix.de,
"James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Subject: Re: [PATCH] parisc: Use secure_computing_strict, not secure_computing
Date: Fri, 19 Sep 2014 12:59:20 +0200 [thread overview]
Message-ID: <20140919105920.GA14133@gmail.com> (raw)
In-Reply-To: <db9b257536558b5f068e97717bb0f25bcc603ae4.1410883257.git.luto@amacapital.net>
(Cc:-ed the PARISC maintainer. Original patch quoted below.)
* Andy Lutomirski <luto@amacapital.net> wrote:
> After commit a4412fc9486e, the secure_computing function is only
> available if seccomp filters are implemented by the architecture.
> Architectures without seccomp filters use secure_computing_strict
> instead.
>
> Signed-off-by: Andy Lutomirski <luto@amacapital.net>
> ---
>
> This is minimally tested because my cross-compiler toolchain for parisc
> is quite broken. ptrace.c seems to *compile*, but it doesn't assemble.
>
> arch/parisc/kernel/ptrace.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/arch/parisc/kernel/ptrace.c b/arch/parisc/kernel/ptrace.c
> index 3bab72462ab5..5961cc86d6d2 100644
> --- a/arch/parisc/kernel/ptrace.c
> +++ b/arch/parisc/kernel/ptrace.c
> @@ -270,11 +270,11 @@ long do_syscall_trace_enter(struct pt_regs *regs)
> {
> long ret = 0;
>
> - /* Do the secure computing check first. */
> - if (secure_computing(regs->gr[20])) {
> - /* seccomp failures shouldn't expose any additional code. */
> - return -1;
> - }
> + /*
> + * Do the secure computing check first. seccomp failures
> + * shouldn't expose any additional code.
> + */
> + secure_computing_strict(regs->gr[20]);
>
> if (test_thread_flag(TIF_SYSCALL_TRACE) &&
> tracehook_report_syscall_entry(regs))
prev parent reply other threads:[~2014-09-19 10:59 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-16 16:05 [PATCH] parisc: Use secure_computing_strict, not secure_computing Andy Lutomirski
2014-09-16 16:06 ` Andy Lutomirski
2014-09-19 10:59 ` Ingo Molnar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140919105920.GA14133@gmail.com \
--to=mingo@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=heiko.carstens@de.ibm.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@arm.linux.org.uk \
--cc=luto@amacapital.net \
--cc=ralf@linux-mips.org \
--cc=schwidefsky@de.ibm.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox