On Fri, Jan 22, 2016 at 03:30:00PM +0900, Daniel Sangorrin wrote: > This patch allows applications to restrict the order in which > its system calls may be requested. In order to do that, we > provide seccomp-BPF scripts with information about the > previous system call requested. > > An example use case consists of detecting (and stopping) return > oriented attacks that disturb the normal execution flow of > a user program. > > Signed-off-by: Daniel Sangorrin <[email protected]> ... > diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h ... > struct seccomp_data { > int nr; > + int prev_nr; > __u32 arch; > __u64 instruction_pointer; > __u64 args[6];
this will break abi for existing seccomp programs. New field has to be at the end.
