diff options
| author |   Yunhong Jiang <yunhong.jiang@intel.com> | 2015-08-04 12:17:53 -0700 |
|---|---|---|
| committer | Yunhong Jiang <yunhong.jiang@intel.com> | 2015-08-04 15:44:42 -0700 |
| commit | 9ca8dbcc65cfc63d6f5ef3312a33184e1d726e00 (patch) | |
| tree | 1c9cafbcd35f783a87880a10f85d1a060db1a563 /kernel/include/linux/seccomp.h | |
| parent | 98260f3884f4a202f9ca5eabed40b1354c489b29 (diff) | |
Add the rt linux 4.1.3-rt3 as base
Import the rt linux 4.1.3-rt3 as OPNFV kvm base.
It's from git://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-rt-devel.git linux-4.1.y-rt and
the base is:
commit 0917f823c59692d751951bf5ea699a2d1e2f26a2
Author: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Date: Sat Jul 25 12:13:34 2015 +0200
Prepare v4.1.3-rt3
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
We lose all the git history this way and it's not good. We
should apply another opnfv project repo in future.
Change-Id: I87543d81c9df70d99c5001fbdf646b202c19f423
Signed-off-by: Yunhong Jiang <yunhong.jiang@intel.com>
Diffstat (limited to 'kernel/include/linux/seccomp.h')
| -rw-r--r-- | kernel/include/linux/seccomp.h | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/kernel/include/linux/seccomp.h b/kernel/include/linux/seccomp.h new file mode 100644 index 000000000..a19ddacda --- /dev/null +++ b/kernel/include/linux/seccomp.h @@ -0,0 +1,98 @@ +#ifndef _LINUX_SECCOMP_H +#define _LINUX_SECCOMP_H + +#include <uapi/linux/seccomp.h> + +#define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC) + +#ifdef CONFIG_SECCOMP + +#include <linux/thread_info.h> +#include <asm/seccomp.h> + +struct seccomp_filter; +/** + * struct seccomp - the state of a seccomp'ed process + * + * @mode: indicates one of the valid values above for controlled + * system calls available to a process. + * @filter: must always point to a valid seccomp-filter or NULL as it is + * accessed without locking during system call entry. + * + * @filter must only be accessed from the context of current as there + * is no read locking. + */ +struct seccomp { + int mode; + struct seccomp_filter *filter; +}; + +#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER +extern int __secure_computing(void); +static inline int secure_computing(void) +{ + if (unlikely(test_thread_flag(TIF_SECCOMP))) + return __secure_computing(); + return 0; +} + +#define SECCOMP_PHASE1_OK 0 +#define SECCOMP_PHASE1_SKIP 1 + +extern u32 seccomp_phase1(struct seccomp_data *sd); +int seccomp_phase2(u32 phase1_result); +#else +extern void secure_computing_strict(int this_syscall); +#endif + +extern long prctl_get_seccomp(void); +extern long prctl_set_seccomp(unsigned long, char __user *); + +static inline int seccomp_mode(struct seccomp *s) +{ + return s->mode; +} + +#else /* CONFIG_SECCOMP */ + +#include <linux/errno.h> + +struct seccomp { }; +struct seccomp_filter { }; + +#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER +static inline int secure_computing(void) { return 0; } +#else +static inline void secure_computing_strict(int this_syscall) { return; } +#endif + +static inline long prctl_get_seccomp(void) +{ + return -EINVAL; +} + +static inline long prctl_set_seccomp(unsigned long arg2, char __user *arg3) +{ + return -EINVAL; +} + +static inline int seccomp_mode(struct seccomp *s) +{ + return 0; +} +#endif /* CONFIG_SECCOMP */ + +#ifdef CONFIG_SECCOMP_FILTER +extern void put_seccomp_filter(struct task_struct *tsk); +extern void get_seccomp_filter(struct task_struct *tsk); +#else /* CONFIG_SECCOMP_FILTER */ +static inline void put_seccomp_filter(struct task_struct *tsk) +{ + return; +} +static inline void get_seccomp_filter(struct task_struct *tsk) +{ + return; +} +#endif /* CONFIG_SECCOMP_FILTER */ +#endif /* _LINUX_SECCOMP_H */ |