From: Thomas Weißschuh <thomas@t-8ch.de>
Date: Mon, 22 May 2023 07:56:06 +0000 (+0200)
Subject: enosys: allow CPU speculation
X-Git-Tag: v2.40-rc1~449^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ced82526a1a88177d6a4d9ab2a05eda9e3aff468;p=thirdparty%2Futil-linux.git

enosys: allow CPU speculation

enosys is not a security tool so we can allow the CPU to speculate.

Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
---

diff --git a/misc-utils/enosys.c b/misc-utils/enosys.c
index 1aa673717c..0fcfc72d15 100644
--- a/misc-utils/enosys.c
+++ b/misc-utils/enosys.c
@@ -66,6 +66,16 @@
 #define syscall_arch (offsetof(struct seccomp_data, arch))
 #define syscall_arg(n) (offsetof(struct seccomp_data, args[n]))
 
+static int set_seccomp_filter(const void *prog)
+{
+#if defined(__NR_seccomp) && defined(SECCOMP_SET_MODE_FILTER) && defined(SECCOMP_FILTER_FLAG_SPEC_ALLOW)
+	if (!syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_SPEC_ALLOW, prog))
+		return 0;
+#endif
+
+	return prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, prog);
+}
+
 struct syscall {
 	const char *const name;
 	long number;
@@ -196,8 +206,8 @@ int main(int argc, char **argv)
 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
 		err_nosys(EXIT_FAILURE, _("Could not run prctl(PR_SET_NO_NEW_PRIVS)"));
 
-	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog))
-		err_nosys(EXIT_FAILURE, _("Could not run prctl(PR_SET_SECCOMP)"));
+	if (set_seccomp_filter(&prog))
+		err_nosys(EXIT_FAILURE, _("Could not seccomp filter"));
 
 	if (execvp(argv[optind], argv + optind))
 		err(EXIT_NOTSUPP, _("Could not exec"));