summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Mundt <lethal@linux-sh.org>2008-07-30 10:30:52 +0400
committerPaul Mundt <lethal@linux-sh.org>2008-08-01 23:39:32 +0400
commitc4637d475170ca0d99973efd07df727012db6cd1 (patch)
tree8d2f6581dfaf0ea148753845513fff3dd53ce13f
parentcec3fd3e2a7cacf37e2bd6d9fa915337245cc563 (diff)
downloadlinux-c4637d475170ca0d99973efd07df727012db6cd1.tar.xz
sh: seccomp support.
This hooks up the seccomp thread flag and associated callback from the syscall tracer. Signed-off-by: Paul Mundt <lethal@linux-sh.org>
-rw-r--r--arch/sh/Kconfig17
-rw-r--r--arch/sh/include/asm/seccomp.h10
-rw-r--r--arch/sh/include/asm/thread_info.h6
-rw-r--r--arch/sh/kernel/ptrace_32.c3
-rw-r--r--arch/sh/kernel/ptrace_64.c3
5 files changed, 37 insertions, 2 deletions
diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
index cb992c3d6b71..0ae541107f3f 100644
--- a/arch/sh/Kconfig
+++ b/arch/sh/Kconfig
@@ -483,6 +483,23 @@ config CRASH_DUMP
For more details see Documentation/kdump/kdump.txt
+config SECCOMP
+ bool "Enable seccomp to safely compute untrusted bytecode"
+ depends on PROC_FS
+ default y
+ help
+ This kernel feature is useful for number crunching applications
+ that may need to compute untrusted bytecode during their
+ execution. By using pipes or other transports made available to
+ the process as file descriptors supporting the read/write
+ syscalls, it's possible to isolate those applications in
+ their own address space using seccomp. Once seccomp is
+ enabled via prctl, it cannot be disabled and the task is only
+ allowed to execute a few safe syscalls defined by each seccomp
+ mode.
+
+ If unsure, say N.
+
config SMP
bool "Symmetric multi-processing support"
depends on SYS_SUPPORTS_SMP
diff --git a/arch/sh/include/asm/seccomp.h b/arch/sh/include/asm/seccomp.h
new file mode 100644
index 000000000000..3280ed3802ef
--- /dev/null
+++ b/arch/sh/include/asm/seccomp.h
@@ -0,0 +1,10 @@
+#ifndef __ASM_SECCOMP_H
+
+#include <linux/unistd.h>
+
+#define __NR_seccomp_read __NR_read
+#define __NR_seccomp_write __NR_write
+#define __NR_seccomp_exit __NR_exit
+#define __NR_seccomp_sigreturn __NR_rt_sigreturn
+
+#endif /* __ASM_SECCOMP_H */
diff --git a/arch/sh/include/asm/thread_info.h b/arch/sh/include/asm/thread_info.h
index c05b1afd1324..03d1e386670c 100644
--- a/arch/sh/include/asm/thread_info.h
+++ b/arch/sh/include/asm/thread_info.h
@@ -117,7 +117,8 @@ static inline struct thread_info *current_thread_info(void)
#define TIF_NEED_RESCHED 2 /* rescheduling necessary */
#define TIF_RESTORE_SIGMASK 3 /* restore signal mask in do_signal() */
#define TIF_SINGLESTEP 4 /* singlestepping active */
-#define TIF_SYSCALL_AUDIT 5
+#define TIF_SYSCALL_AUDIT 5 /* syscall auditing active */
+#define TIF_SECCOMP 6 /* secure computing */
#define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */
#define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling TIF_NEED_RESCHED */
#define TIF_MEMDIE 18
@@ -129,6 +130,7 @@ static inline struct thread_info *current_thread_info(void)
#define _TIF_RESTORE_SIGMASK (1 << TIF_RESTORE_SIGMASK)
#define _TIF_SINGLESTEP (1 << TIF_SINGLESTEP)
#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT)
+#define _TIF_SECCOMP (1 << TIF_SECCOMP)
#define _TIF_USEDFPU (1 << TIF_USEDFPU)
#define _TIF_POLLING_NRFLAG (1 << TIF_POLLING_NRFLAG)
#define _TIF_FREEZE (1 << TIF_FREEZE)
@@ -141,7 +143,7 @@ static inline struct thread_info *current_thread_info(void)
/* work to do in syscall trace */
#define _TIF_WORK_SYSCALL_MASK (_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP | \
- _TIF_SYSCALL_AUDIT)
+ _TIF_SYSCALL_AUDIT | _TIF_SECCOMP)
/* work to do on any return to u-space */
#define _TIF_ALLWORK_MASK (_TIF_SYSCALL_TRACE | _TIF_SIGPENDING | \
diff --git a/arch/sh/kernel/ptrace_32.c b/arch/sh/kernel/ptrace_32.c
index 2bc72def5cf8..e9bd4b2aa9c2 100644
--- a/arch/sh/kernel/ptrace_32.c
+++ b/arch/sh/kernel/ptrace_32.c
@@ -20,6 +20,7 @@
#include <linux/signal.h>
#include <linux/io.h>
#include <linux/audit.h>
+#include <linux/seccomp.h>
#include <asm/uaccess.h>
#include <asm/pgtable.h>
#include <asm/system.h>
@@ -276,6 +277,8 @@ asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
{
struct task_struct *tsk = current;
+ secure_computing(regs->regs[0]);
+
if (unlikely(current->audit_context) && entryexit)
audit_syscall_exit(AUDITSC_RESULT(regs->regs[0]),
regs->regs[0]);
diff --git a/arch/sh/kernel/ptrace_64.c b/arch/sh/kernel/ptrace_64.c
index d453c47dc522..7d8776260953 100644
--- a/arch/sh/kernel/ptrace_64.c
+++ b/arch/sh/kernel/ptrace_64.c
@@ -27,6 +27,7 @@
#include <linux/signal.h>
#include <linux/syscalls.h>
#include <linux/audit.h>
+#include <linux/seccomp.h>
#include <asm/io.h>
#include <asm/uaccess.h>
#include <asm/pgtable.h>
@@ -277,6 +278,8 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int entryexit)
{
struct task_struct *tsk = current;
+ secure_computing(regs->regs[9]);
+
if (unlikely(current->audit_context) && entryexit)
audit_syscall_exit(AUDITSC_RESULT(regs->regs[9]),
regs->regs[9]);