diff options
author | Will Drewry <wad@chromium.org> | 2012-03-09 10:43:50 -0600 |
---|---|---|
committer | John Rigby <john.rigby@linaro.org> | 2012-06-20 20:14:11 -0600 |
commit | d9cbcfdc620003a5cef55245f49235d1dc5ba569 (patch) | |
tree | 64b76f8245686effb815a00965420c57b8896871 /include | |
parent | 9c38486a1f5c39854b23955f07fd340ec75abfef (diff) |
UBUNTU: SAUCE: SECCOMP: sk_run_filter: add BPF_S_ANC_SECCOMP_LD_W
Introduces a new BPF ancillary instruction that all LD calls will be
mapped through when skb_run_filter() is being used for seccomp BPF. The
rewriting will be done using a secondary chk_filter function that is run
after skb_chk_filter.
The code change is guarded by CONFIG_SECCOMP_FILTER which is added,
along with the seccomp_bpf_load() function later in this series.
This is based on http://lkml.org/lkml/2012/3/2/141
v15: include seccomp.h explicitly for when seccomp_bpf_load exists.
v14: First cut using a single additional instruction
... v13: made bpf functions generic.
Suggested-by: Indan Zupancic <indan@nul.nu>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Kees Cook <kees@ubuntu.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/filter.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/filter.h b/include/linux/filter.h index 8eeb205f298..aaa2e80630b 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -228,6 +228,7 @@ enum { BPF_S_ANC_HATYPE, BPF_S_ANC_RXHASH, BPF_S_ANC_CPU, + BPF_S_ANC_SECCOMP_LD_W, }; #endif /* __KERNEL__ */ |