linux/kernel/seccomp.c
<<
>>
Prefs
   1/*
   2 * linux/kernel/seccomp.c
   3 *
   4 * Copyright 2004-2005  Andrea Arcangeli <andrea@cpushare.com>
   5 *
   6 * Copyright (C) 2012 Google, Inc.
   7 * Will Drewry <wad@chromium.org>
   8 *
   9 * This defines a simple but solid secure-computing facility.
  10 *
  11 * Mode 1 uses a fixed list of allowed system calls.
  12 * Mode 2 allows user-defined system call filters in the form
  13 *        of Berkeley Packet Filters/Linux Socket Filters.
  14 */
  15
  16#include <linux/atomic.h>
  17#include <linux/audit.h>
  18#include <linux/compat.h>
  19#include <linux/sched.h>
  20#include <linux/seccomp.h>
  21
  22/* #define SECCOMP_DEBUG 1 */
  23
  24#ifdef CONFIG_SECCOMP_FILTER
  25#include <asm/syscall.h>
  26#include <linux/filter.h>
  27#include <linux/ptrace.h>
  28#include <linux/security.h>
  29#include <linux/slab.h>
  30#include <linux/tracehook.h>
  31#include <linux/uaccess.h>
  32
  33/**
  34 * struct seccomp_filter - container for seccomp BPF programs
  35 *
  36 * @usage: reference count to manage the object lifetime.
  37 *         get/put helpers should be used when accessing an instance
  38 *         outside of a lifetime-guarded section.  In general, this
  39 *         is only needed for handling filters shared across tasks.
  40 * @prev: points to a previously installed, or inherited, filter
  41 * @len: the number of instructions in the program
  42 * @insns: the BPF program instructions to evaluate
  43 *
  44 * seccomp_filter objects are organized in a tree linked via the @prev
  45 * pointer.  For any task, it appears to be a singly-linked list starting
  46 * with current->seccomp.filter, the most recently attached or inherited filter.
  47 * However, multiple filters may share a @prev node, by way of fork(), which
  48 * results in a unidirectional tree existing in memory.  This is similar to
  49 * how namespaces work.
  50 *
  51 * seccomp_filter objects should never be modified after being attached
  52 * to a task_struct (other than @usage).
  53 */
  54struct seccomp_filter {
  55        atomic_t usage;
  56        struct seccomp_filter *prev;
  57        unsigned short len;  /* Instruction count */
  58        struct sock_filter insns[];
  59};
  60
  61/* Limit any path through the tree to 256KB worth of instructions. */
  62#define MAX_INSNS_PER_PATH ((1 << 18) / sizeof(struct sock_filter))
  63
  64/**
  65 * get_u32 - returns a u32 offset into data
  66 * @data: a unsigned 64 bit value
  67 * @index: 0 or 1 to return the first or second 32-bits
  68 *
  69 * This inline exists to hide the length of unsigned long.  If a 32-bit
  70 * unsigned long is passed in, it will be extended and the top 32-bits will be
  71 * 0. If it is a 64-bit unsigned long, then whatever data is resident will be
  72 * properly returned.
  73 *
  74 * Endianness is explicitly ignored and left for BPF program authors to manage
  75 * as per the specific architecture.
  76 */
  77static inline u32 get_u32(u64 data, int index)
  78{
  79        return ((u32 *)&data)[index];
  80}
  81
  82/* Helper for bpf_load below. */
  83#define BPF_DATA(_name) offsetof(struct seccomp_data, _name)
  84/**
  85 * bpf_load: checks and returns a pointer to the requested offset
  86 * @off: offset into struct seccomp_data to load from
  87 *
  88 * Returns the requested 32-bits of data.
  89 * seccomp_check_filter() should assure that @off is 32-bit aligned
  90 * and not out of bounds.  Failure to do so is a BUG.
  91 */
  92u32 seccomp_bpf_load(int off)
  93{
  94        struct pt_regs *regs = task_pt_regs(current);
  95        if (off == BPF_DATA(nr))
  96                return syscall_get_nr(current, regs);
  97        if (off == BPF_DATA(arch))
  98                return syscall_get_arch(current, regs);
  99        if (off >= BPF_DATA(args[0]) && off < BPF_DATA(args[6])) {
 100                unsigned long value;
 101                int arg = (off - BPF_DATA(args[0])) / sizeof(u64);
 102                int index = !!(off % sizeof(u64));
 103                syscall_get_arguments(current, regs, arg, 1, &value);
 104                return get_u32(value, index);
 105        }
 106        if (off == BPF_DATA(instruction_pointer))
 107                return get_u32(KSTK_EIP(current), 0);
 108        if (off == BPF_DATA(instruction_pointer) + sizeof(u32))
 109                return get_u32(KSTK_EIP(current), 1);
 110        /* seccomp_check_filter should make this impossible. */
 111        BUG();
 112}
 113
 114/**
 115 *      seccomp_check_filter - verify seccomp filter code
 116 *      @filter: filter to verify
 117 *      @flen: length of filter
 118 *
 119 * Takes a previously checked filter (by sk_chk_filter) and
 120 * redirects all filter code that loads struct sk_buff data
 121 * and related data through seccomp_bpf_load.  It also
 122 * enforces length and alignment checking of those loads.
 123 *
 124 * Returns 0 if the rule set is legal or -EINVAL if not.
 125 */
 126static int seccomp_check_filter(struct sock_filter *filter, unsigned int flen)
 127{
 128        int pc;
 129        for (pc = 0; pc < flen; pc++) {
 130                struct sock_filter *ftest = &filter[pc];
 131                u16 code = ftest->code;
 132                u32 k = ftest->k;
 133
 134                switch (code) {
 135                case BPF_S_LD_W_ABS:
 136                        ftest->code = BPF_S_ANC_SECCOMP_LD_W;
 137                        /* 32-bit aligned and not out of bounds. */
 138                        if (k >= sizeof(struct seccomp_data) || k & 3)
 139                                return -EINVAL;
 140                        continue;
 141                case BPF_S_LD_W_LEN:
 142                        ftest->code = BPF_S_LD_IMM;
 143                        ftest->k = sizeof(struct seccomp_data);
 144                        continue;
 145                case BPF_S_LDX_W_LEN:
 146                        ftest->code = BPF_S_LDX_IMM;
 147                        ftest->k = sizeof(struct seccomp_data);
 148                        continue;
 149                /* Explicitly include allowed calls. */
 150                case BPF_S_RET_K:
 151                case BPF_S_RET_A:
 152                case BPF_S_ALU_ADD_K:
 153                case BPF_S_ALU_ADD_X:
 154                case BPF_S_ALU_SUB_K:
 155                case BPF_S_ALU_SUB_X:
 156                case BPF_S_ALU_MUL_K:
 157                case BPF_S_ALU_MUL_X:
 158                case BPF_S_ALU_DIV_X:
 159                case BPF_S_ALU_AND_K:
 160                case BPF_S_ALU_AND_X:
 161                case BPF_S_ALU_OR_K:
 162                case BPF_S_ALU_OR_X:
 163                case BPF_S_ALU_XOR_K:
 164                case BPF_S_ALU_XOR_X:
 165                case BPF_S_ALU_LSH_K:
 166                case BPF_S_ALU_LSH_X:
 167                case BPF_S_ALU_RSH_K:
 168                case BPF_S_ALU_RSH_X:
 169                case BPF_S_ALU_NEG:
 170                case BPF_S_LD_IMM:
 171                case BPF_S_LDX_IMM:
 172                case BPF_S_MISC_TAX:
 173                case BPF_S_MISC_TXA:
 174                case BPF_S_ALU_DIV_K:
 175                case BPF_S_LD_MEM:
 176                case BPF_S_LDX_MEM:
 177                case BPF_S_ST:
 178                case BPF_S_STX:
 179                case BPF_S_JMP_JA:
 180                case BPF_S_JMP_JEQ_K:
 181                case BPF_S_JMP_JEQ_X:
 182                case BPF_S_JMP_JGE_K:
 183                case BPF_S_JMP_JGE_X:
 184                case BPF_S_JMP_JGT_K:
 185                case BPF_S_JMP_JGT_X:
 186                case BPF_S_JMP_JSET_K:
 187                case BPF_S_JMP_JSET_X:
 188                        continue;
 189                default:
 190                        return -EINVAL;
 191                }
 192        }
 193        return 0;
 194}
 195
 196/**
 197 * seccomp_run_filters - evaluates all seccomp filters against @syscall
 198 * @syscall: number of the current system call
 199 *
 200 * Returns valid seccomp BPF response codes.
 201 */
 202static u32 seccomp_run_filters(int syscall)
 203{
 204        struct seccomp_filter *f;
 205        u32 ret = SECCOMP_RET_ALLOW;
 206
 207        /* Ensure unexpected behavior doesn't result in failing open. */
 208        if (WARN_ON(current->seccomp.filter == NULL))
 209                return SECCOMP_RET_KILL;
 210
 211        /*
 212         * All filters in the list are evaluated and the lowest BPF return
 213         * value always takes priority (ignoring the DATA).
 214         */
 215        for (f = current->seccomp.filter; f; f = f->prev) {
 216                u32 cur_ret = sk_run_filter(NULL, f->insns);
 217                if ((cur_ret & SECCOMP_RET_ACTION) < (ret & SECCOMP_RET_ACTION))
 218                        ret = cur_ret;
 219        }
 220        return ret;
 221}
 222
 223/**
 224 * seccomp_attach_filter: Attaches a seccomp filter to current.
 225 * @fprog: BPF program to install
 226 *
 227 * Returns 0 on success or an errno on failure.
 228 */
 229static long seccomp_attach_filter(struct sock_fprog *fprog)
 230{
 231        struct seccomp_filter *filter;
sock_fprogo2href="kernel/sefprogo2href="kernel/sefprogo2href="kernel/sefprogo2href="kernel/sefprogo2href="ref">prev) {
 230#L217" id="L217" claan>
  63

 1233ef="kernel/sefprogo2href="kernel/sefprogoto"> _ss="line" name="L217to"> _ss="lref">prev) {
 230#L217" id="L217" claan>
code) {
2a href="kernelref="kernel/sefprogoine" name="L221"> 221}
/**ftest2/a>-&23PF_DATA" class="sref">BPF_DATA 230#L217" id="L217" claan>
 230#L217" id="L217" claan>
{
/* 32-bit aligned 2nd no2 out of bounds. */ 191                }
k2>=2sizeof               }
pc < seccomp.filter; f; f = f = f >prev) {
f L216" id="L216" class="line" name="L216"> 216 _ss="line" name="L217to"> _ss="lref">+prev) {
f L216" id="L216" clasan>
 229static long :
s="sref">BPF_DATA _ss="line" name="L217to"> _ss="lref">L217"kernel/seccomp.zeof(struct soa               }
soctest" class="sref">ftest2/a>-&2t;                }
ftest2/a>-&24                switch ( 212        +code=BPF2S_LDX_W_LEN" class="sref2>BPF_24kernel/seccomp.c#L226" id="LLLLLLLLLline" > 2name class="line" namss="ires21" cl"lineask hav116 *     2f="+code=2test" class="sref">ftest2/a>-&24" class="line" name="L227"> LLLLLLLLliCAP_SYS_ADMINecco="L8">fts="cess="b id=nnnamewith no_new_priv 201 */ftest2/a>-&24pan>
 */LLLLLLLLlip.c#L208"of privilego2hchildfil201 */ LLLLLLLLl229static long BP2_S_RE2_K:
seccomp.filter.BP2_S_RE2_A:
filteruass=_capable_noaudi/a>.seccomp)
insns);
tatic long socS_ALU_ADD_K" class="sref2>BPF_2_ALU_ADD_K:
);
                }
f >prev) {
 kze" ne+code=href="kernel/seccomp.c#L148" id="L14filter;
tatic long sef="+code=f" class="sref">f a               }
                }
 atomic_sne+code"sref">pc];
filteria>        f L216" id="L216" clasan>
 230#L217" id="L217" claan>
/** 208        if (cur_ret;
BPF_DATAsee="+code=f" class="sref">f L216" id="L216" classs="line" name="L217"> 217insns);
 230#L217" id="L217" claf">flen)
                         230 vial"linskb id="L1pLl229static long 2PF_S_2LU_NEG:
cur_ret;
see="+code=f" class="sref">f L216" id="L216" classs="line" name="L217"> 217insns);
f L216" id="L216" clasan>
B2F_S_L27K:
cur_ret;
2PF_S_2DX_IMM:
/**c#L58" id="L58" class="liCa> *eccomp.wassel"lin> 230 ef">lass="liuseLl229static long cur_ret;
sock_filter *see="+code=f" class="sref">f L216" id="L216" classs="line" name="L217"> 217insns);
f L216" id="L216" clasan>
B2F_S_L27ALU_LSH_Ks="sref">BPF_DATA2PF_S_2DX_MEM:
BPF_S2STBPF_2_STX<27ALU_RSH_Xc#L58" id="L58" class="l29static long B2F_S_J27" class="line" name="L200"> LLLLLLLLl Iass="re clalinexistnameef">f<,ass="licl"lin"> 2eccomdo"L208" cdropo="L29static long  */LLLLLLLLl229static long f L216" id="L216" class="line" name="L216"> 216seccomp.filter; f; f =tatic long seccomp.filter; f; f >prev) {
f =tatic long BPF28ALU_MUL_Ksee="+code=f" class="sref">f >        BPF2S_JMP_JSET_X 221}
EI29>
 * secconel/secco2p.c#L192" id="L192" clas2="lin29also
 * secconcode=BPF2" id="L193" class="line"2name=29 loads.
 */ 124 * Retu295" id="L295" class="line" name="L295"> 29f not.
 */ 1296" class="line" name="L126"> 126static int (struct sock_filtersockuser_="L116="+c                                int fprog)
 230}
 221c#L91" id="L191" claFAUL="line" name="L1aFAUL=eccop":code=syscall_get_arguments3ns valid 3eccomp BPF response code3.        
);
s="sref">BPF_DATA                 30ALU_ADD_X:
fcommat_prog)
BPF_DATApc];
insns);
sockuser_="L116="+c,"kef="ke">pc];
                        :
 oueeccop":code=syscall_get_arguments3n6s="sref3>"kernel/seccomp.c#L197"37"> 230cur_ret" class="sref">cur_ret = r="line" name="L230"> 230f">f; 
f; 
ers - evaluates all sec3'30ALU_MUL_X:
cur_ret = r="line" name="L230"> 230f">f; secommat_ptrine" name="L217commat_ptr="+coclass="sref">see="lia href="+code=sk_r="lia eccof">f; f >        WARN_ON( 208        if (S3CCOMP_#endif       if ( 231K:
cur_ret;copy_ 87<_userine" name="L217copy_ 87<_useromp" "sref">pc];
 230>insns);
sockuser_="L116="+c,"kef="ke">pc];
 230)>                        3 oueeccop":code=syscall_get_arguments3 * All fi3ters in the list are eva3uated31JMP_JGE_Kev) {
sock_fprog *pc];
 230>         oueecco                        retur3 */ 221}
f = u32         cur_re3 31pan>
 208        if (ret3=  get_pernel/seccomp+code=fprog" class="sref">feask_=fprog" name="L221"> eask_=fprogomp"23class="co32" cltskine" name="L217tskomp"                                        ret;
filter;
filter; f; f =tatic long  32D_W_LEN:
s="s!class="sref">seoriine" name="L230"oriiomp.                         232; ine" clae0"> 150                case f">cur_ret;atomic_assne" name="L230"atomic_ass+code"sref">pc];
filter        
<3 href32nt" c


feask_=fprog" name="L221"> eask_=fprogomp"23class="co32" cltskine" name="L217tskomp"                        s3ccomp32220">                 33/seccomp.c#L2f="+code=filter" class="sref">filter;
filter; f; f =tatic long secco3p_fil33id="L212" class="line" name="L212"> 2 Cle"liup"kengle-rlo"renc  branL225"i>f 150                case so3k_fprogo2href="kernel/se3progo3href="kernel/swhile"sf">cur_ret;oriine" name="L230"oriiomp.c)
f">cur_ret;atomic_des_and_f(struct pc];
filtera>                 133ALU_ADD_X:
f="sref">filter;
code) {
33r *class="co32" cloriine" name="L230"oriiomp.c#Lseccomp.c#L148"oriine" name="L230"oriiomp.class="sref">filter 216:
seere"m"kernel/sefprogo2re"m"omp.>        ftest3/a>-&33PF_DATA" clas
/* 32-bit aligned 3nd no3 out o
k3>=3sizeof               }
> 224 * secc3ue;

 203 emula="ke24 * secc3ueccomp_f3S_LD_W_LEN" class="sref"3BPF_S34also
 203 L199" ctonsendctonuserland24 * secc3uclaf">so3test" class="sref">ftest3/a>-&34 loads.
ctonsendctonuserland (vialsi_e" na)24 * secc3u>
ftest3/a>-&34" class="line" name="L124"> 124 * Retu3ue;

clasSYS_e" nameeccomp.l3" clsigsycoinfo228 */ftest3/a>-&34" cla_filtervoi=a"L221" class="lkernel/ssend_sigsyc;
 203, .c#L203" id="L203" reason" name="L221"> 22asonomp"                        ftest3/a>-&348        int =fprog" class="sref">fpiginfoline" name="L203iginfo#L230nsns);
:
cur_ret;memsne" name="L221"> memsne+code"sref">pc];
pc];
BP3_S_RE35ALU_AND_X1" id="L191" clinfoline" name="L20info#L23f">f; BP3_S_RE35omp.c#L112" id="L112" class=infoline" name="L20info#L23f">f; so3S_ALU_ADD_K" class="sref3>BPF_35JMP_JGE_Kev) {
f; ;
seccomp.        
seinfoline" name="L20info#L23f">f; ;
 22asonomp"        cur_ret;infoline" name="L20info#L23f">f; ;
 203_get_arch;
 203_get_arch="+coclass="sref">seccomp.insns);
seccomp.>        f;  203line" name="L203"> 203        seSIGSYSline" name="L20SIGSYS#L23, "sref">pc];
seccomp.         2 CONFIG_e" name=FILTERL 150                case  50                case 
c1ne" nas only read/wasse/exit/promp.c#L228 */
ua  t hremust"b ihrebigo2hwith rlimi/om */
 1ctonlimi/l"linsta *ecllocat"kes too228 */                case 1_plass="line" name="L217m1">1_plass="lLU_L[]c#L        int se__NR_pernel/swasseine" name="L217__NR_pernel/swasse#L23, class="sref">se__NR_pernel/sexitine" name="L217__NR_pernel/sexit#L23, class="sref">se__NR_pernel/spromp.c#Line" name="L217__NR_pernel/spromp.c#L#L23,       int  2 null termin3" cll150                case 3PF_S_36="linB3F_S_L37K#ifdefensns);
3PF_S_3DX_IMM_filter.c#L203" id="L203" m1">1_plass="l_a href="+code=sk_m1">1_plass="l_a LU_L[]c#L        int ev) {
se__NR_pernel/swasse_a href="+code=sk___NR_pernel/swasse_a #L23, class="sref">se__NR_pernel/sexit_a href="+code=sk___NR_pernel/sexit_a #L23, class="sref">se__NR_pernel/spromp.c#L_a href="+code=sk___NR_pernel/spromp.c#L_a #L23,       int 0,"ss="line" name="L212"> 2 null termin3" cll150                case B3F_S_L37ALU_L#endif       if (3PF_S_37        BPF_S3STua _computnamhref="+code=sk___sa>ua _computnam="+co.c#L203" id="L203" t hr_plass="line" name="L20t hr_plass="omp"                        BPF_3_STX<37ALU_R        int B3F_S_J37U_NEG:
href="+code=sk_m1">omp.c#Lseccomp.c#L148"ccomp.filter; f; href="+code=sk_m1">omp.        }
 203line" name="L203"> 203        SECCOMP_RET_ALLOW;
cur_ret;m1">href="+code=sk_m1">omp.a>                seS" name=MODE_STRIC="line" name="L1S" name=MODE_STRIC=LU_S                        retur3+code=BPF3S_JMP_JSET_K" class="sre3">BPF38cur_ret" class="sref">cur_ret =  "> 203line" name="L203"> 203c#Lseccomp.c#L148"m1">1_plass="line" name="L217m1">1_plass="lLU_L        BPF3S_JMP_#ifdefensns);
BPF_DATA:
cur_ret =  "> 203line" name="L203"> 203c#Lseccomp.c#L148"m1">1_plass="l_a href="+code=sk_m1">1_plass="l_a LU_L        EI39>
                :
 203line" name="L203"> 20309" id="L209" classt hr_plass="line" name="L20t hr_plass="omp"                         39r *}swhile"s*++class="co32" cl "> 203line" name="L203"> 203>         139JMP_JGT_X:
seSIGL210" class="line" nIGL210LU_L        cur_ret = 
 210
);
        
seS" name=MODE_FILTER"line" name="L1S" name=MODE_FILTERLU_S >                
fpt_regline" name="L217pt_regl="+cL3class="co32" clregline" name="L217regl="+cL" id="L209" classtask_pt_regline" name="L217task_pt_regl="+coclass="sref">seccomp.
:
cur_ret = 
set hr_plass="line" name="L20t hr_plass="omp" 
 40ALU_ADD_X:
c#Lseccomp.c#L148"re>SECCOMP_RET_ACTION))
DATA
SECCOMP_RET_ACTION))
 218:
cur_ret;
 240cur_ret" class="sref"caf="klass="sref">seS" name="L21ERRNO218" class="line" name="L21ERRNOLU_S                        retur4n7s="sref4>ers - evaluates all sec4'40ALU_MUL_X:
ss="line" name="L212"> 2 Se/l"linlow-order 16-b="L8a5" ce" na"> 150                case WARN_ON(seccomp.c#L148"k"> 203_set_re.c#L_valurline" name="L203"> 203_set_re.c#L_valur="+coclass="sref">seccomp.insns);
S40ALU_AND_K:
, 0 
 24141" class="line" nameeeeeeeeegotockernel/sefprogoskia href="+code=f" kia8:
seS" name="L21TRAeline" name="L20S" name="L21TRAeLU_S                        retur4 * All fi4ters in the list are eva4uated41ALU_ADD_K:
 2 Showl"linhandl" cthess=iginale 1gissrec"> 150                case :
 203_rollbackine" name="L217k"> 203_rollback="+coclass="sref">seccomp.insns);
 *eeeeeeeess="line" name="L212"> 2 Le/l"lineccompLp" n back 16 b="L8of2" id"> 150                case f = ;
set hr_plass="line" name="L20t hr_plass="omp">insns);
 
u32 cur_re4 41ALU_MUL_X:
seS" name="L21TRACEline" name="L20S" name="L21TRACELU_S                        retur4 _ON" cla4et" class="sref">ret4= ss="line" name="L212"> 2 Skial"lif="ss="les="s="re clano tracer"> 150                case :
septrace_evpseccomp.insns);
  >                ret;
 203_set_re.c#L_valurline" name="L203"> 203_set_re.c#L_valur="+coclass="sref">seccomp.insns);
 42X_IMM:
 242; *eeeeeeeess="line" name="L212"> 2 A" nai"linBPFctonprovidel"linevp 150                case 
<4 href42JMP_JGT_X:
sePTRACE_EVENT_e" nameline" name="L20PTRACE_EVENT_e" name>insns);
 
 iprogal durnameevp                case LLLLLLLL""""""""""""""""linotificat"ke mayiprlL22ly skial"racerinotificat"ke228 */s4ccomp42" class="line" name="L200"> LLLLLLLL""""""""""""""""liaermin3"name"lineask nnaiavoi="lexecutnamea"3">tem28 */ 43>
 */secco4p_fil432" class="line" name="L202">LLLLLLLL""""""""""""""""l150                case so4k_fprogo2href="kernel/se4progo43ALU_ADD_K:
 _progal_pendiamhref="+code=sk_fa"> _progal_pendiam="+coclass="sref">seccomp.                        
 143ALU_ADD_X:
code) {
43r *eeeeeeees="snsns);
 203_get_nr;
 203_get_nr="+coclass="sref">seccomp.insns);
:
 2 Explicit requestctonskia"> 150                case ftest4/a>-&43        /* 32-bit aligned 4nd no43ALU_MUL_X:
 194}
k4>=43ef="+code=cur_ret" clcaf="klass="sref">seS" name="L21ALLOW218" class="line" name="L218LLOWLU_S                        retur4 omp_atta4}
seS" name="L21L210" class="line" name="L210"> 210                        retur4ueccomp_f4S_LD_W_LEN" class="sref"4BPF_S44X_IMM:
so4test" class="sref">ftest4/a>-&44ALU_ADD_K:
ftest4/a>-&44ALU_ADD_X:
seSIGSYSline" name="L20SIGSYS#L23        ftest4/a>-&44PF_DATA" clas
ftest4/a>-&448#endif       if (default                        retur4uomp_atta4 Explicitly include allo4ed ca44ALU_AND_K:
seBUGline" name="L20BUGomp" )
BP4_S_RE45ALU_AND_X
BP4_S_RE45omp.cso4S_ALU_ADD_K" class="sref4>BPF_45JMP_J#ifdefensns);
sedul/sstackine" name="L217dul/sstackomp" )
set hr_plass="line" name="L20t hr_plass="omp">insns);
insns);
seexit_siine" name="L230"exit_siiomp. 
        cur_ret;audit_pernel/ine" name="L217audit_pernel/="+coclass="sref">set hr_plass="line" name="L20t hr_plass="omp">insns);
insns);
:
so4S_ALU_OR_X" class="sref"4BPF_S46 load
filter; f; href="+code=sk_m1">omp.        4PF_S_46" class="line" name="L200">> 224 * secc4+code=BPF4S_LD_IMM" class="sref">B4F_S_L47>
om * secc4+code=BPF4S_LDX_IMM" class="sref">4PF_S_47also
: requestedem1">ctonuseom * secc4+claf">so4S_MISC_TAX" class="sref"4BPF_S47 loads.
 ipfprog"prog)
 fornusehwith S" name=MODE_FILTERLU * secc4+>
 124 * Retu4+code=BPF4S_ALU_DIV_K" class="sref4>BPF_47f not.
 of24 * Retu4+code=BPF4S_LD_MEM" class="sref">B4F_S_L47kernel/seccomp.c#L226" id="L  S" name=MODE_FILTERctoninstall addit"ke> is="srec.  Every8eccomp.c * Retu4+code=BPF4S_LDX_MEM" class="sref">4PF_S_47 href="kernel/seccomp.c#L2ku" clafully installo2hwill binevalu3" cl(in reversess=der) forneach"3">tem28 */BPF_S4ST
 */BPF_4_STX<479" class="line" name="L229">124 * Retu4+code=BPF4S_JMP_JA" class="sref">B4F_S_J47" class="line" name="L200"> * Onc  ce=filtclasss="commem1"> clanon-zero, iclmayinot"b ichangco228 */ */ */so4S_JMP_JGE_K" class="sref4>BPF_48 loads.
(struct href="+code=sk_"+code=sm1">omp.>ichar(struct f >               case  221c#L91" id="L191" claINVALline" name="L20aINVALomp.        BPF48        BPF48ALU_MUL_Xs="sf">cur_ret;ccomp.filter; f; href="+code=sk_m1">omp.c)
cur_ret;ccomp.filter; f; href="+code=sk_m1">omp.c!#Lseccomp.c#L148"pernel/sm1">href="+code=sk_"+code=sm1">omp.>               case :
 oueeccop":code=syscall_get_arguments4 -EI49        cur_ret;pernel/sm1">href="+code=sk_"+code=sm1">omp.>>                caf="klass="sref">seS" name=MODE_STRIC="line" name="L1S" name=MODE_STRIC=LU_S                        retur4nel/secco4p.c#L194" id="L194" clas4="lin49ALU_ADD_X:
 221c#L>}
 49r#ifdefensns);
 TIF_NOTSC/a>         149JMP_JGT_X:
 disable_TSComp" )
:
        
seS" name=MODE_FILTER"line" name="L1S" name=MODE_FILTERLU_S         221c#Lf">cur_ret;pernel/sa> *sockpernel/sa> *see="+code=f" class="sref">f >        
cur_ret;rea href="kernel/seccomp.        :
 oueeccop":code=syscall_get_arguments5n3
 50ALU_ADD_X:
default                        retur5n6
 250cur_ret" class="sref"gotockernel/sefprogooue" name="L221"> oueeccop":code=syscall_get_arguments5n7

WARN_ON(S50U_NEG:
cur_ret;ccomp.filter; f; href="+code=sk_m1">omp.c#Lseccomp.c#L148"pernel/sm1">href="+code=sk_"+code=sm1">omp.p":code=syscall_get_arguments51" id="L251" class="line" name="L251"> 25141" class="liseccomp.c#L148"pet_thread_flaine" name="L230"pet_thread_flai="+coclass="sref">seTIF_e" nameline" name="L20TIF_e" name/a> >        5 oueecco                        retur5 * All fi5ters in the list are eva5uated51ALU_ADD_K 194 221}

Thess=iginaleLXR softwarempyl"lina href="khttp://sourceforge.net/projects/lxod>LXR hrefunityomp.>it hreexperif="kalevers"ke pyla href="kmaf">o:lxo@ernux.no">lxo@ernux.no"sref
Redpill Lrnpro AS, provide clasLrnux= 18sultnameand opf