summaryrefslogtreecommitdiff
path: root/Documentation/features/seccomp
AgeCommit message (Collapse)AuthorFilesLines
2023-01-30m68k: Add kernel seccomp supportMichael Schmitz1-1/+1
Add secure_computing() call to syscall_trace_enter to actually filter system calls. Add necessary arch Kconfig options, define TIF_SECCOMP trace flag and provide basic seccomp filter support in asm/syscall.h syscall_get_nr currently uses the syscall nr stored in orig_d0 because we change d0 to a default return code before starting a syscall trace. This may be inconsistent with syscall_rollback copying orig_d0 to d0 (which we never check upon return from trace). We use d0 for the return code from syscall_trace_enter in entry.S currently, and could perhaps expand that to store a new syscall number returned by the seccomp filter before executing the syscall. This clearly needs some discussion. seccomp_bpf self test on ARAnyM passes 81 out of 94 tests. Signed-off-by: Michael Schmitz <schmitzmic@gmail.com> Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org> Link: https://lore.kernel.org/r/20230112035529.13521-3-schmitzmic@gmail.com Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
2022-12-05Documentation/features: Use loongarch instead of loongTiezhu Yang1-1/+1
The official arch name is LoongArch [1], we should use small letter loongarch instead of loong in Documentation/features, just use the features-refresh.sh to refresh all the related files. [1] https://www.kernel.org/doc/html/latest/loongarch/index.html Fixes: 5860800e8696 ("Documentation/features: Update the arch support status files") Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> Link: https://lore.kernel.org/r/1670156327-9631-3-git-send-email-yangtiezhu@loongson.cn Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2022-06-09Documentation/features: Update the arch support status filesZheng Zengkai1-0/+1
The arch support status files don't match reality as of v5.19-rc1, use the features-refresh.sh to refresh all the arch-support.txt files in place. The main effect is to add entries for the new loong architecture. Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> Link: https://lore.kernel.org/r/20220609025656.143460-1-zhengzengkai@huawei.com Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2022-04-04Merge branch 'remove-h8300' of git://git.infradead.org/users/hch/misc into ↵Arnd Bergmann1-1/+0
asm-generic * 'remove-h8300' of git://git.infradead.org/users/hch/misc: remove the h8300 architecture This is clearly the least actively maintained architecture we have at the moment, and probably the least useful. It is now the only one that does not support MMUs at all, and most of the boards only support 4MB of RAM, out of which the defconfig kernel needs more than half just for .text/.data. Guenter Roeck did the original patch to remove the architecture in 2013 after it had already been obsolete for a while, and Yoshinori Sato brought it back in a much more modern form in 2015. Looking at the git history since the reinstantiation, it's clear that almost all commits in the tree are build fixes or cross-architecture cleanups: $ git log --no-merges --format=%an v4.5.. arch/h8300/ | sort | uniq -c | sort -rn | head -n 12 25 Masahiro Yamada 18 Christoph Hellwig 14 Mike Rapoport 9 Arnd Bergmann 8 Mark Rutland 7 Peter Zijlstra 6 Kees Cook 6 Ingo Molnar 6 Al Viro 5 Randy Dunlap 4 Yury Norov Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-03-07nds32: Remove the architectureAlan Kao1-1/+0
The nds32 architecture, also known as AndeStar V3, is a custom 32-bit RISC target designed by Andes Technologies. Support was added to the kernel in 2016 as the replacement RISC-V based V5 processors were already announced, and maintained by (current or former) Andes employees. As explained by Alan Kao, new customers are now all using RISC-V, and all known nds32 users are already on longterm stable kernels provided by Andes, with no development work going into mainline support any more. While the port is still in a reasonably good shape, it only gets worse over time without active maintainers, so it seems best to remove it before it becomes unusable. As always, if it turns out that there are mainline users after all, and they volunteer to maintain the port in the future, the removal can be reverted. Link: https://lore.kernel.org/linux-mm/YhdWNLUhk+x9RAzU@yamatobi.andestech.com/ Link: https://lore.kernel.org/lkml/20220302065213.82702-1-alankao@andestech.com/ Link: https://www.andestech.com/en/products-solutions/andestar-architecture/ Signed-off-by: Alan Kao <alankao@andestech.com> [arnd: rewrite changelog to provide more background] Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-02-23remove the h8300 architectureChristoph Hellwig1-1/+0
Signed-off-by: Christoph Hellwig <hch@lst.de>
2021-02-25Documentation: features: remove c6x referencesArnd Bergmann1-1/+0
The references to arch/c6x are obsolete now that the architecture is gone. Remove them. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Link: https://lore.kernel.org/r/20210225142841.3385428-1-arnd@kernel.org Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2020-11-30Documentation/features: Update feature lists for 5.10Wei Li1-2/+2
The feature lists don't match reality as of v5.10-rc4, update them accordingly (by features-refresh.sh). Signed-off-by: Wei Li <liwei391@huawei.com> Link: https://lore.kernel.org/r/20201119022709.45843-1-liwei391@huawei.com Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2020-08-06Merge tag 'xtensa-20200805' of git://github.com/jcmvbkbc/linux-xtensaLinus Torvalds1-1/+1
Pull Xtensa updates from Max Filippov: - add syscall audit support - add seccomp filter support - clean up make rules under arch/xtensa/boot - fix state management for exclusive access opcodes - fix build with PMU enabled * tag 'xtensa-20200805' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: add missing exclusive access state management xtensa: fix xtensa_pmu_setup prototype xtensa: add boot subdirectories build artifacts to 'targets' xtensa: add uImage and xipImage to targets xtensa: move vmlinux.bin[.gz] to boot subdirectory xtensa: initialize_mmu.h: fix a duplicated word selftests/seccomp: add xtensa support xtensa: add seccomp support xtensa: expose syscall through user_pt_regs xtensa: add audit support
2020-07-28xtensa: add seccomp supportMax Filippov1-1/+1
Add SECCOMP to xtensa Kconfig, select HAVE_ARCH_SECCOMP_FILTER, add TIF_SECCOMP and call secure_computing from do_syscall_trace_enter. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2020-07-01arch: remove unicore32 portMike Rapoport1-1/+0
The unicore32 port do not seem maintained for a long time now, there is no upstream toolchain that can create unicore32 binaries and all the links to prebuilt toolchains for unicore32 are dead. Even compilers that were available are not supported by the kernel anymore. Guenter Roeck says: I have stopped building unicore32 images since v4.19 since there is no available compiler that is still supported by the kernel. I am surprised that support for it has not been removed from the kernel. Remove unicore32 port. Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Guenter Roeck <linux@roeck-us.net>
2020-05-25Documentation/features: Refresh the arch support status filesBjörn Töpel1-1/+1
I was manually editing the arch-support.txt for eBPF-JIT, when I realized the refresh script [1] has not been run for a while. Let's fix that, so that the entries are more up-to-date. [1] Documentation/features/scripts/features-refresh.sh Signed-off-by: Björn Töpel <bjorn.topel@gmail.com> Link: https://lore.kernel.org/r/20200523191135.21889-1-bjorn.topel@gmail.com Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2019-01-07Documentation/features: Add csky kernel featuresGuo Ren1-0/+1
core/ cBPF-JIT : TODO | core/ eBPF-JIT : TODO | core/ generic-idle-thread : ok | core/ jump-labels : TODO | core/ tracehook : ok | debug/ KASAN : TODO | debug/ gcov-profile-all : TODO | debug/ kgdb : TODO | debug/ kprobes-on-ftrace : TODO | debug/ kprobes : TODO | debug/ kretprobes : TODO | debug/ optprobes : TODO | debug/ stackprotector : TODO | debug/ uprobes : TODO | debug/ user-ret-profiler : TODO | io/ dma-contiguous : ok | locking/ cmpxchg-local : TODO | locking/ lockdep : TODO | locking/ queued-rwlocks : ok | locking/ queued-spinlocks : TODO | locking/ rwsem-optimized : TODO | perf/ kprobes-event : TODO | perf/ perf-regs : TODO | perf/ perf-stackdump : TODO | sched/ membarrier-sync-core : TODO | sched/ numa-balancing : .. | seccomp/ seccomp-filter : TODO | time/ arch-tick-broadcast : TODO | time/ clockevents : ok | time/ context-tracking : TODO | time/ irq-time-acct : TODO | time/ modern-timekeeping : ok | time/ virt-cpuacct : TODO | vm/ ELF-ASLR : TODO | vm/ PG_uncached : TODO | vm/ THP : .. | vm/ batch-unmap-tlb-flush: TODO | vm/ huge-vmap : TODO | vm/ ioremap_prot : TODO | vm/ numa-memblock : .. | vm/ pte_special : TODO | Signed-off-by: Guo Ren <ren_guo@c-sky.com> Cc: Arnd Bergmann <arnd@arndb.de>
2018-05-08Documentation/features: Refresh the arch support status files in placeAndrea Parri1-2/+4
Now that the script 'features-refresh.sh' is available, uses this script to refresh all the arch-support.txt files in place. Signed-off-by: Andrea Parri <andrea.parri@amarulasolutions.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2018-03-26Documentation: arch-support: remove obsolete architecturesArnd Bergmann1-6/+0
A number of architecture ports are obsolete and getting dropped, so we no longer want to track the respective features. We already removed the lines for metag and mn10300, this does the same edits for all the others. For the remaining 21 architectures, this shows how many are known to implement each given feature: 19 time/modern-timekeeping/arch-support.txt 19 time/clockevents/arch-support.txt 15 core/tracehook/arch-support.txt 14 core/generic-idle-thread/arch-support.txt 13 locking/lockdep/arch-support.txt 12 io/dma-api-debug/arch-support.txt 11 debug/kgdb/arch-support.txt 10 time/virt-cpuacct/arch-support.txt 9 debug/kretprobes/arch-support.txt 9 debug/kprobes/arch-support.txt 8 vm/THP/arch-support.txt 8 vm/pte_special/arch-support.txt 8 vm/numa-memblock/arch-support.txt 8 io/sg-chain/arch-support.txt 7 perf/kprobes-event/arch-support.txt 7 locking/rwsem-optimized/arch-support.txt 7 debug/gcov-profile-all/arch-support.txt 7 core/jump-labels/arch-support.txt 7 core/BPF-JIT/arch-support.txt 6 vm/ELF-ASLR/arch-support.txt 6 time/context-tracking/arch-support.txt 6 seccomp/seccomp-filter/arch-support.txt 6 debug/stackprotector/arch-support.txt 5 time/irq-time-acct/arch-support.txt 5 io/dma-contiguous/arch-support.txt 5 debug/uprobes/arch-support.txt 4 vm/ioremap_prot/arch-support.txt 4 time/arch-tick-broadcast/arch-support.txt 4 perf/perf-stackdump/arch-support.txt 4 perf/perf-regs/arch-support.txt 3 debug/KASAN/arch-support.txt 2 vm/PG_uncached/arch-support.txt 2 vm/huge-vmap/arch-support.txt 2 sched/numa-balancing/arch-support.txt 2 sched/membarrier-sync-core/arch-support.txt 2 locking/cmpxchg-local/arch-support.txt 2 debug/optprobes/arch-support.txt 2 debug/kprobes-on-ftrace/arch-support.txt 1 vm/TLB/arch-support.txt 1 locking/queued-spinlocks/arch-support.txt 1 locking/queued-rwlocks/arch-support.txt 1 debug/user-ret-profiler/arch-support.txt 0 lib/strncasecmp/arch-support.txt Note that the list does not include riscv or nds32 yet, these still need to be added. Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2018-03-10mn10300: Remove the architectureDavid Howells1-1/+0
Remove the MN10300 arch as the hardware is defunct. Suggested-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David Howells <dhowells@redhat.com> cc: Masahiro Yamada <yamada.masahiro@socionext.com> cc: linux-am33-list@redhat.com Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2018-02-22docs: Remove remaining references to metagJames Hogan1-1/+0
Remove any remaining references to the Meta architecture in Documentation/, primarily from Documentation/features/. Signed-off-by: James Hogan <jhogan@kernel.org> Cc: Jonathan Corbet <corbet@lwn.net> Cc: linux-metag@vger.kernel.org Cc: linux-doc@vger.kernel.org
2017-05-01docs: remove all references to AVR32 architectureHans-Christian Noren Egtvedt1-1/+0
The AVR32 architecture support has been removed from the Linux kernel, hence remove all references to it from Documentation. Signed-off-by: Hans-Christian Noren Egtvedt <egtvedt@samfundet.no> Signed-off-by: Håvard Skinnemoen <hskinnemoen@gmail.com> Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com> Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com> Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
2016-01-10um: Add seccomp supportMickaël Salaün1-1/+1
This brings SECCOMP_MODE_STRICT and SECCOMP_MODE_FILTER support through prctl(2) and seccomp(2) to User-mode Linux for i386 and x86_64 subarchitectures. secure_computing() is called first in handle_syscall() so that the syscall emulation will be aborted quickly if matching a seccomp rule. This is inspired from Meredydd Luff's patch (https://gerrit.chromium.org/gerrit/21425). Signed-off-by: Mickaël Salaün <mic@digikod.net> Cc: Jeff Dike <jdike@addtoit.com> Cc: Richard Weinberger <richard@nod.at> Cc: Ingo Molnar <mingo@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Will Drewry <wad@chromium.org> Cc: Chris Metcalf <cmetcalf@ezchip.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: James Hogan <james.hogan@imgtec.com> Cc: Meredydd Luff <meredydd@senatehouse.org> Cc: David Drysdale <drysdale@google.com> Signed-off-by: Richard Weinberger <richard@nod.at> Acked-by: Kees Cook <keescook@chromium.org>
2015-07-30tile: enable full SECCOMP supportChris Metcalf1-1/+1
Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>
2015-06-03Documentation/features/seccomp: Add feature description and arch support ↵Ingo Molnar1-0/+40
status file for 'seccomp-filter' Cc: <linux-api@vger.kernel.org> Cc: <linux-arch@vger.kernel.org> Cc: <linux-kernel@vger.kernel.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Josh Triplett <josh@joshtriplett.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@kernel.org>