cf99abace7
This follows a suggestion from Chuck Ebbert on how to make seccomp absolutely zerocost in schedule too. The only remaining footprint of seccomp is in terms of the bzImage size that becomes a few bytes (perhaps even a few kbytes) larger, measure it if you care in the embedded. Signed-off-by: Andrea Arcangeli <andrea@cpushare.com> Cc: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
40 lines
743 B
C
40 lines
743 B
C
#ifndef _LINUX_SECCOMP_H
|
|
#define _LINUX_SECCOMP_H
|
|
|
|
|
|
#ifdef CONFIG_SECCOMP
|
|
|
|
#include <linux/thread_info.h>
|
|
#include <asm/seccomp.h>
|
|
|
|
typedef struct { int mode; } seccomp_t;
|
|
|
|
extern void __secure_computing(int);
|
|
static inline void secure_computing(int this_syscall)
|
|
{
|
|
if (unlikely(test_thread_flag(TIF_SECCOMP)))
|
|
__secure_computing(this_syscall);
|
|
}
|
|
|
|
extern long prctl_get_seccomp(void);
|
|
extern long prctl_set_seccomp(unsigned long);
|
|
|
|
#else /* CONFIG_SECCOMP */
|
|
|
|
typedef struct { } seccomp_t;
|
|
|
|
#define secure_computing(x) do { } while (0)
|
|
|
|
static inline long prctl_get_seccomp(void)
|
|
{
|
|
return -EINVAL;
|
|
}
|
|
|
|
static inline long prctl_set_seccomp(unsigned long arg2)
|
|
{
|
|
return -EINVAL;
|
|
}
|
|
|
|
#endif /* CONFIG_SECCOMP */
|
|
|
|
#endif /* _LINUX_SECCOMP_H */
|