BACKPORT: seccomp: Add a seccomp_data parameter secure_computing()

Currently, if arch code wants to supply seccomp_data directly to seccomp (which is generally much faster than having seccomp do it using the syscall_get_xyz() API), it has to use the two-phase seccomp hooks. Add it to the easy hooks, too. Cc: linux-arch@vger.kernel.org Signed-off-by: Andy Lutomirski <luto@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> (cherry picked from commit 2f275de5d1ed7269913ef9b4c64a13952c0a38e8) Bug: 119769499 Change-Id: I96876ecd8d1743c289ecef6d2deb65361d1f5baa [ghackmann@google.com: drop changes to parisc, tile, and um, which didn't implement seccomp support in this kernel version] Signed-off-by: Greg Hackmann <ghackmann@google.com>
author: Andy Lutomirski <luto@kernel.org> 2016-05-27 12:57:02 -0700
committer: Greg Hackmann <ghackmann@google.com> 2018-11-27 21:11:08 +0000
commit: 351181cfa0b36cf410cd97a93e4f32cb655fbe94 (patch)
tree: dcbc94277a1839e65f85ce25db9f500f890b8abb /kernel
parent: 850872d95fcc3475a88de03b27d9af99ba88b14c (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 9a9203b15cde..32d5137aae69 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -579,9 +579,9 @@ void secure_computing_strict(int this_syscall)
 		BUG();
 }
 #else
-int __secure_computing(void)
+int __secure_computing(const struct seccomp_data *sd)
 {
-	u32 phase1_result = seccomp_phase1(NULL);
+	u32 phase1_result = seccomp_phase1(sd);
 
 	if (likely(phase1_result == SECCOMP_PHASE1_OK))
 		return 0;
author	Andy Lutomirski <luto@kernel.org>	2016-05-27 12:57:02 -0700
committer	Greg Hackmann <ghackmann@google.com>	2018-11-27 21:11:08 +0000
commit	351181cfa0b36cf410cd97a93e4f32cb655fbe94 (patch)
tree	dcbc94277a1839e65f85ce25db9f500f890b8abb /kernel
parent	850872d95fcc3475a88de03b27d9af99ba88b14c (diff)