[linux] 04/04: [arm*] Enable SECCOMP (Closes: #833183)

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Mon Dec 12 06:38:25 UTC 2016 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch benh/jessie-security-backports
in repository linux.

commit 593046ea31200b98573e34da527458dae0e820aa
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Sun Dec 11 19:32:40 2016 +0000

    [arm*] Enable SECCOMP (Closes: #833183)
    
    ...and fix the resulting ABI change.
---
 debian/changelog                                   |  1 +
 debian/config/arm64/config                         |  1 +
 debian/config/kernelarch-arm/config                |  1 +
 ...rm-avoid-abi-change-when-enabling-seccomp.patch | 49 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 5 files changed, 53 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 1ad5730..ba13e60 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -490,6 +490,7 @@ linux (3.16.39-1) UNRELEASED; urgency=medium
     (sysctl: kernel.perf_event_paranoid=3)
   * [arm64] Add __NR_* definitions for compat syscalls
   * [arm64] Add support for SECCOMP, backported from 3.19
+  * [arm*] Enable SECCOMP (Closes: #833183)
 
   [ Julien Cristau ]
   * hwrng: Add chaoskey driver, backported from 4.8 (Closes: #839616)
diff --git a/debian/config/arm64/config b/debian/config/arm64/config
index 0d3d1b2..61f13bb 100644
--- a/debian/config/arm64/config
+++ b/debian/config/arm64/config
@@ -6,6 +6,7 @@ CONFIG_ARCH_XGENE=y
 #. Until we decide how/whether to handle this in userland as well
 # CONFIG_ARM64_ERRATUM_843419 is not set
 CONFIG_SMP=y
+CONFIG_SECCOMP=y
 CONFIG_XEN=y
 CONFIG_COMPAT=y
 
diff --git a/debian/config/kernelarch-arm/config b/debian/config/kernelarch-arm/config
index 99ac490..ef6c27b 100644
--- a/debian/config/kernelarch-arm/config
+++ b/debian/config/kernelarch-arm/config
@@ -4,6 +4,7 @@
 CONFIG_MMU=y
 CONFIG_AEABI=y
 # CONFIG_OABI_COMPAT is not set
+CONFIG_SECCOMP=y
 CONFIG_KEXEC=y
 
 ##
diff --git a/debian/patches/debian/arm-avoid-abi-change-when-enabling-seccomp.patch b/debian/patches/debian/arm-avoid-abi-change-when-enabling-seccomp.patch
new file mode 100644
index 0000000..91a61a7
--- /dev/null
+++ b/debian/patches/debian/arm-avoid-abi-change-when-enabling-seccomp.patch
@@ -0,0 +1,49 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sat, 10 Dec 2016 11:06:30 +0000
+Subject: ARM: Avoid ABI change when enabling seccomp
+Forwarded: not-needed
+
+seccomp state is embedded in struct task_struct.  The state is going
+to change from an empty struct to a meaningful struct on ARM.  For
+ABI compatibility we need to put it at the end and leave padding
+in its place.  (Even an empty struct takes 1 byte plus alignment.)
+
+Hide this hideous mess from genksyms.
+
+---
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -1435,7 +1435,11 @@ struct task_struct {
+ 	kuid_t loginuid;
+ 	unsigned int sessionid;
+ #endif
++#if !(defined(CONFIG_ARM) || defined(CONFIG_ARM64)) || defined(__GENKSYMS__)
+ 	struct seccomp seccomp;
++#else
++	struct {} __seccomp_was_here;
++#endif
+ 
+ /* Thread group tracking */
+    	u32 parent_exec_id;
+@@ -1668,6 +1672,9 @@ struct task_struct {
+ 	unsigned int	sequential_io;
+ 	unsigned int	sequential_io_avg;
+ #endif
++#if (defined(CONFIG_ARM) || defined(CONFIG_ARM64)) && !defined(__GENKSYMS__)
++	struct seccomp seccomp;
++#endif
+ };
+ 
+ /* Future-safe accessor for struct task_struct's cpus_allowed. */
+--- a/include/linux/seccomp.h
++++ b/include/linux/seccomp.h
+@@ -3,7 +3,8 @@
+ 
+ #include <uapi/linux/seccomp.h>
+ 
+-#ifdef CONFIG_SECCOMP
++#if defined(CONFIG_SECCOMP) && \
++	!((defined(CONFIG_ARM) || defined(CONFIG_ARM64)) && defined(__GENKSYMS__))
+ 
+ #include <linux/thread_info.h>
+ #include <asm/seccomp.h>
diff --git a/debian/patches/series b/debian/patches/series
index 3b768ee..e4ef2a5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -716,3 +716,4 @@ debian/uaccess-avoid-abi-change-in-3.16.39.patch
 debian/revert-arm64-define-at_vector_size_arch-for-arch_dlinfo.patch
 debian/revert-s390-define-at_vector_size_arch-for-arch_dlinfo.patch
 debian/revert-block-fix-bdi-vs-gendisk-lifetime-mismatch.patch
+debian/arm-avoid-abi-change-when-enabling-seccomp.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list