[AGPGART] Add missing calls to global_flush_tlb() to ali-agp
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / kernel / seccomp.c
blobc3391b6020e8550bba296280861b64fd32e28e4e
1 /*
2 * linux/kernel/seccomp.c
4 * Copyright 2004-2005 Andrea Arcangeli <andrea@cpushare.com>
6 * This defines a simple but solid secure-computing mode.
7 */
9 #include <linux/seccomp.h>
10 #include <linux/sched.h>
12 /* #define SECCOMP_DEBUG 1 */
15 * Secure computing mode 1 allows only read/write/exit/sigreturn.
16 * To be fully secure this must be combined with rlimit
17 * to limit the stack allocations too.
19 static int mode1_syscalls[] = {
20 __NR_seccomp_read, __NR_seccomp_write, __NR_seccomp_exit, __NR_seccomp_sigreturn,
21 0, /* null terminated */
24 #ifdef TIF_32BIT
25 static int mode1_syscalls_32[] = {
26 __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,
27 0, /* null terminated */
29 #endif
31 void __secure_computing(int this_syscall)
33 int mode = current->seccomp.mode;
34 int * syscall;
36 switch (mode) {
37 case 1:
38 syscall = mode1_syscalls;
39 #ifdef TIF_32BIT
40 if (test_thread_flag(TIF_32BIT))
41 syscall = mode1_syscalls_32;
42 #endif
43 do {
44 if (*syscall == this_syscall)
45 return;
46 } while (*++syscall);
47 break;
48 default:
49 BUG();
52 #ifdef SECCOMP_DEBUG
53 dump_stack();
54 #endif
55 do_exit(SIGKILL);