lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Sep 2014 09:06:34 -0700 From: Andy Lutomirski <luto@...capital.net> To: Ingo Molnar <mingo@...nel.org>, "H. Peter Anvin" <hpa@...or.com> Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Martin Schwidefsky <schwidefsky@...ibm.com>, Kees Cook <keescook@...omium.org>, Russell King <linux@....linux.org.uk>, Ralf Baechle <ralf@...ux-mips.org>, Heiko Carstens <heiko.carstens@...ibm.com>, Thomas Gleixner <tglx@...utronix.de>, Andy Lutomirski <luto@...capital.net> Subject: Re: [PATCH] parisc: Use secure_computing_strict, not secure_computing On Tue, Sep 16, 2014 at 9:05 AM, Andy Lutomirski <luto@...capital.net> wrote: > After commit a4412fc9486e, the secure_computing function is only > available if seccomp filters are implemented by the architecture. > Architectures without seccomp filters use secure_computing_strict > instead. > > Signed-off-by: Andy Lutomirski <luto@...capital.net> > --- > > This is minimally tested because my cross-compiler toolchain for parisc > is quite broken. ptrace.c seems to *compile*, but it doesn't assemble. Failed to mention: this applies on top of what tip/master, aka what happens when tip/seccomp is merged with a newer -linus kernel. --Andy > > arch/parisc/kernel/ptrace.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/arch/parisc/kernel/ptrace.c b/arch/parisc/kernel/ptrace.c > index 3bab72462ab5..5961cc86d6d2 100644 > --- a/arch/parisc/kernel/ptrace.c > +++ b/arch/parisc/kernel/ptrace.c > @@ -270,11 +270,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) > { > long ret = 0; > > - /* Do the secure computing check first. */ > - if (secure_computing(regs->gr[20])) { > - /* seccomp failures shouldn't expose any additional code. */ > - return -1; > - } > + /* > + * Do the secure computing check first. seccomp failures > + * shouldn't expose any additional code. > + */ > + secure_computing_strict(regs->gr[20]); > > if (test_thread_flag(TIF_SYSCALL_TRACE) && > tracehook_report_syscall_entry(regs)) > -- > 1.9.3 > -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists