]> err.no Git - linux-2.6/commitdiff
sh: seccomp support.
authorPaul Mundt <lethal@linux-sh.org>
Wed, 30 Jul 2008 06:30:52 +0000 (15:30 +0900)
committerPaul Mundt <lethal@linux-sh.org>
Fri, 1 Aug 2008 19:39:32 +0000 (04:39 +0900)
This hooks up the seccomp thread flag and associated callback from the
syscall tracer.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
arch/sh/Kconfig
arch/sh/include/asm/seccomp.h [new file with mode: 0644]
arch/sh/include/asm/thread_info.h
arch/sh/kernel/ptrace_32.c
arch/sh/kernel/ptrace_64.c

index cb992c3d6b711d75284a39d006c9cc258d5b61d0..0ae541107f3f15e98f4da4e50f9c7b5f54eba2fd 100644 (file)
@@ -483,6 +483,23 @@ config CRASH_DUMP
 
          For more details see Documentation/kdump/kdump.txt
 
+config SECCOMP
+       bool "Enable seccomp to safely compute untrusted bytecode"
+       depends on PROC_FS
+       default y
+       help
+         This kernel feature is useful for number crunching applications
+         that may need to compute untrusted bytecode during their
+         execution. By using pipes or other transports made available to
+         the process as file descriptors supporting the read/write
+         syscalls, it's possible to isolate those applications in
+         their own address space using seccomp. Once seccomp is
+         enabled via prctl, it cannot be disabled and the task is only
+         allowed to execute a few safe syscalls defined by each seccomp
+         mode.
+
+         If unsure, say N.
+
 config SMP
        bool "Symmetric multi-processing support"
        depends on SYS_SUPPORTS_SMP
diff --git a/arch/sh/include/asm/seccomp.h b/arch/sh/include/asm/seccomp.h
new file mode 100644 (file)
index 0000000..3280ed3
--- /dev/null
@@ -0,0 +1,10 @@
+#ifndef __ASM_SECCOMP_H
+
+#include <linux/unistd.h>
+
+#define __NR_seccomp_read __NR_read
+#define __NR_seccomp_write __NR_write
+#define __NR_seccomp_exit __NR_exit
+#define __NR_seccomp_sigreturn __NR_rt_sigreturn
+
+#endif /* __ASM_SECCOMP_H */
index c05b1afd1324ccacadc5a0e771915a8fe1976b2c..03d1e386670ced7abf820461f42eb6b7e3d381fc 100644 (file)
@@ -117,7 +117,8 @@ static inline struct thread_info *current_thread_info(void)
 #define TIF_NEED_RESCHED       2       /* rescheduling necessary */
 #define TIF_RESTORE_SIGMASK    3       /* restore signal mask in do_signal() */
 #define TIF_SINGLESTEP         4       /* singlestepping active */
-#define TIF_SYSCALL_AUDIT      5
+#define TIF_SYSCALL_AUDIT      5       /* syscall auditing active */
+#define TIF_SECCOMP            6       /* secure computing */
 #define TIF_USEDFPU            16      /* FPU was used by this task this quantum (SMP) */
 #define TIF_POLLING_NRFLAG     17      /* true if poll_idle() is polling TIF_NEED_RESCHED */
 #define TIF_MEMDIE             18
@@ -129,6 +130,7 @@ static inline struct thread_info *current_thread_info(void)
 #define _TIF_RESTORE_SIGMASK   (1 << TIF_RESTORE_SIGMASK)
 #define _TIF_SINGLESTEP                (1 << TIF_SINGLESTEP)
 #define _TIF_SYSCALL_AUDIT     (1 << TIF_SYSCALL_AUDIT)
+#define _TIF_SECCOMP           (1 << TIF_SECCOMP)
 #define _TIF_USEDFPU           (1 << TIF_USEDFPU)
 #define _TIF_POLLING_NRFLAG    (1 << TIF_POLLING_NRFLAG)
 #define _TIF_FREEZE            (1 << TIF_FREEZE)
@@ -141,7 +143,7 @@ static inline struct thread_info *current_thread_info(void)
 
 /* work to do in syscall trace */
 #define _TIF_WORK_SYSCALL_MASK (_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP | \
-                                _TIF_SYSCALL_AUDIT)
+                                _TIF_SYSCALL_AUDIT | _TIF_SECCOMP)
 
 /* work to do on any return to u-space */
 #define _TIF_ALLWORK_MASK      (_TIF_SYSCALL_TRACE | _TIF_SIGPENDING    | \
index 2bc72def5cf87d00e66b6d068019b1ade4cf33a5..e9bd4b2aa9c2659ba219457e66a2a407877e6d6f 100644 (file)
@@ -20,6 +20,7 @@
 #include <linux/signal.h>
 #include <linux/io.h>
 #include <linux/audit.h>
+#include <linux/seccomp.h>
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
 #include <asm/system.h>
@@ -276,6 +277,8 @@ asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
 {
        struct task_struct *tsk = current;
 
+       secure_computing(regs->regs[0]);
+
        if (unlikely(current->audit_context) && entryexit)
                audit_syscall_exit(AUDITSC_RESULT(regs->regs[0]),
                                   regs->regs[0]);
index d453c47dc522176a75821903084b566ae7105dfc..7d877626095376deb4734a0ce720dbb2253aa422 100644 (file)
@@ -27,6 +27,7 @@
 #include <linux/signal.h>
 #include <linux/syscalls.h>
 #include <linux/audit.h>
+#include <linux/seccomp.h>
 #include <asm/io.h>
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -277,6 +278,8 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int entryexit)
 {
        struct task_struct *tsk = current;
 
+       secure_computing(regs->regs[9]);
+
        if (unlikely(current->audit_context) && entryexit)
                audit_syscall_exit(AUDITSC_RESULT(regs->regs[9]),
                                   regs->regs[9]);