summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2005-07-11 03:49:28 +0400
committerDavid S. Miller <davem@davemloft.net>2005-07-11 03:49:28 +0400
commitbb49bcda15f1bc1a52c7f887db278447f332eaa7 (patch)
treedec754638f3cbc4123e715c42573648859e20735
parentaf166d15c3ad4d501a0c4fb5b4547bb2ba205918 (diff)
downloadlinux-bb49bcda15f1bc1a52c7f887db278447f332eaa7.tar.xz
[SPARC64]: Add SECCOMP support.
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--arch/sparc64/Kconfig17
-rw-r--r--arch/sparc64/kernel/entry.S10
-rw-r--r--arch/sparc64/kernel/power.c3
-rw-r--r--arch/sparc64/kernel/ptrace.c12
-rw-r--r--include/asm-sparc64/thread_info.h3
5 files changed, 30 insertions, 15 deletions
diff --git a/arch/sparc64/Kconfig b/arch/sparc64/Kconfig
index 4b1329286242..6a4733683f0f 100644
--- a/arch/sparc64/Kconfig
+++ b/arch/sparc64/Kconfig
@@ -43,6 +43,23 @@ config SPARC64_PAGE_SIZE_4MB
endchoice
+config SECCOMP
+ bool "Enable seccomp to safely compute untrusted bytecode"
+ depends on PROC_FS
+ default y
+ help
+ This kernel feature is useful for number crunching applications
+ that may need to compute untrusted bytecode during their
+ execution. By using pipes or other transports made available to
+ the process as file descriptors supporting the read/write
+ syscalls, it's possible to isolate those applications in
+ their own address space using seccomp. Once seccomp is
+ enabled via /proc/<pid>/seccomp, it cannot be disabled
+ and the task is only allowed to execute a few safe syscalls
+ defined by each seccomp mode.
+
+ If unsure, say Y. Only embedded should say N here.
+
source kernel/Kconfig.hz
source "init/Kconfig"
diff --git a/arch/sparc64/kernel/entry.S b/arch/sparc64/kernel/entry.S
index b51bd14cde44..acc323eef535 100644
--- a/arch/sparc64/kernel/entry.S
+++ b/arch/sparc64/kernel/entry.S
@@ -1552,7 +1552,7 @@ sys_ptrace: add %sp, PTREGS_OFF, %o0
nop
.align 32
1: ldx [%curptr + TI_FLAGS], %l5
- andcc %l5, _TIF_SYSCALL_TRACE, %g0
+ andcc %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0
be,pt %icc, rtrap
clr %l6
call syscall_trace
@@ -1676,7 +1676,7 @@ linux_sparc_syscall32:
srl %i5, 0, %o5 ! IEU1
srl %i2, 0, %o2 ! IEU0 Group
- andcc %l0, _TIF_SYSCALL_TRACE, %g0 ! IEU0 Group
+ andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU0 Group
bne,pn %icc, linux_syscall_trace32 ! CTI
mov %i0, %l5 ! IEU1
call %l7 ! CTI Group brk forced
@@ -1699,7 +1699,7 @@ linux_sparc_syscall:
mov %i3, %o3 ! IEU1
mov %i4, %o4 ! IEU0 Group
- andcc %l0, _TIF_SYSCALL_TRACE, %g0 ! IEU1 Group+1 bubble
+ andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU1 Group+1 bubble
bne,pn %icc, linux_syscall_trace ! CTI Group
mov %i0, %l5 ! IEU0
2: call %l7 ! CTI Group brk forced
@@ -1727,7 +1727,7 @@ ret_sys_call:
1:
cmp %o0, -ERESTART_RESTARTBLOCK
bgeu,pn %xcc, 1f
- andcc %l0, _TIF_SYSCALL_TRACE, %l6
+ andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6
80:
/* System call success, clear Carry condition code. */
andn %g3, %g2, %g3
@@ -1742,7 +1742,7 @@ ret_sys_call:
/* System call failure, set Carry condition code.
* Also, get abs(errno) to return to the process.
*/
- andcc %l0, _TIF_SYSCALL_TRACE, %l6
+ andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6
sub %g0, %o0, %o0
or %g3, %g2, %g3
stx %o0, [%sp + PTREGS_OFF + PT_V9_I0]
diff --git a/arch/sparc64/kernel/power.c b/arch/sparc64/kernel/power.c
index 52f14e399b1c..533104c7907d 100644
--- a/arch/sparc64/kernel/power.c
+++ b/arch/sparc64/kernel/power.c
@@ -4,6 +4,8 @@
* Copyright (C) 1999 David S. Miller (davem@redhat.com)
*/
+#define __KERNEL_SYSCALLS__
+
#include <linux/config.h>
#include <linux/kernel.h>
#include <linux/module.h>
@@ -17,7 +19,6 @@
#include <asm/ebus.h>
#include <asm/auxio.h>
-#define __KERNEL_SYSCALLS__
#include <linux/unistd.h>
/*
diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c
index 80a76e2ad732..5abf596f5964 100644
--- a/arch/sparc64/kernel/ptrace.c
+++ b/arch/sparc64/kernel/ptrace.c
@@ -630,9 +630,9 @@ out:
asmlinkage void syscall_trace(void)
{
-#ifdef DEBUG_PTRACE
- printk("%s [%d]: syscall_trace\n", current->comm, current->pid);
-#endif
+ /* do the secure computing check first */
+ secure_computing(current_thread_info()->kregs->u_regs[UREG_G1]);
+
if (!test_thread_flag(TIF_SYSCALL_TRACE))
return;
if (!(current->ptrace & PT_PTRACED))
@@ -645,12 +645,8 @@ asmlinkage void syscall_trace(void)
* for normal use. strace only continues with a signal if the
* stopping signal is not SIGTRAP. -brl
*/
-#ifdef DEBUG_PTRACE
- printk("%s [%d]: syscall_trace exit= %x\n", current->comm,
- current->pid, current->exit_code);
-#endif
if (current->exit_code) {
- send_sig (current->exit_code, current, 1);
+ send_sig(current->exit_code, current, 1);
current->exit_code = 0;
}
}
diff --git a/include/asm-sparc64/thread_info.h b/include/asm-sparc64/thread_info.h
index 0cd652956929..6b2fbb89bb63 100644
--- a/include/asm-sparc64/thread_info.h
+++ b/include/asm-sparc64/thread_info.h
@@ -220,7 +220,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define TIF_NEWSIGNALS 6 /* wants new-style signals */
#define TIF_32BIT 7 /* 32-bit binary */
#define TIF_NEWCHILD 8 /* just-spawned child process */
-/* TIF_* value 9 is available */
+#define TIF_SECCOMP 9 /* secure computing */
#define TIF_POLLING_NRFLAG 10
#define TIF_SYSCALL_SUCCESS 11
/* NOTE: Thread flags >= 12 should be ones we have no interest
@@ -239,6 +239,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define _TIF_NEWSIGNALS (1<<TIF_NEWSIGNALS)
#define _TIF_32BIT (1<<TIF_32BIT)
#define _TIF_NEWCHILD (1<<TIF_NEWCHILD)
+#define _TIF_SECCOMP (1<<TIF_SECCOMP)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
#define _TIF_ABI_PENDING (1<<TIF_ABI_PENDING)
#define _TIF_SYSCALL_SUCCESS (1<<TIF_SYSCALL_SUCCESS)