git.eshelyaron.com Git - emacs.git/commit

author	Philipp Stephani <phst@google.com>
	Mon, 19 Apr 2021 19:10:20 +0000 (21:10 +0200)
committer	Philipp Stephani <phst@google.com>
	Mon, 19 Apr 2021 19:11:21 +0000 (21:11 +0200)
commit	27af0a3dc8b6b45879904bbc5d54b0677f84a5ff
tree	17e77e80807b653ec4dfea9294e82ea2c9bbe2cb	tree \| snapshot
parent	ab287a148fc274d79fb13004aa7ab76fe1058450	commit \| diff

Seccomp filter: deal with arch_prctl(ARCH_CET_STATUS, ...).

The dynamic loader of GNU libc 2.28 uses this system call to
initialize CPU information, see
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/x86/cpu-features.c;hb=glibc-2.28#l28.
Simulating an older kernel by returning EINVAL should be the most
harmless rule here.

The ARCH_CET_STATUS symbol isn't yet exposed by the kernel headers;
see the FIXME at the top of
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/x86/include/asm/prctl.h;hb=glibc-2.28.

* lib-src/seccomp-filter.c (ARCH_CET_STATUS): Define if not
already present. Inline the value because there doesn't seem to
be a header file exporting this constant yet.
(main): Make ARCH_CET_STATUS subfunction of arch_prctl return EINVAL.