seccomp: allow BPF_XOR based ALU instructions.

Allow BPF_XOR based ALU instructions.

Signed-off-by: Nicolas Schichan <nschichan@freebox.fr>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Will Drewry <wad@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 5af44b59377013cfa84298cc5a164dec4701a4b1..b7a10048a32c11fb473515d9075ef2b0782a563a 100644 (file)
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -160,6 +160,8 @@ static int seccomp_check_filter(struct sock_filter *filter, unsigned int flen)
                case BPF_S_ALU_AND_X:
                case BPF_S_ALU_OR_K:
                case BPF_S_ALU_OR_X:
+               case BPF_S_ALU_XOR_K:
+               case BPF_S_ALU_XOR_X:
                case BPF_S_ALU_LSH_K:
                case BPF_S_ALU_LSH_X:
                case BPF_S_ALU_RSH_K: