From bb49bcda15f1bc1a52c7f887db278447f332eaa7 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Sun, 10 Jul 2005 16:49:28 -0700 Subject: [PATCH] [SPARC64]: Add SECCOMP support. Signed-off-by: David S. Miller --- arch/sparc64/Kconfig | 17 +++++++++++++++++ arch/sparc64/kernel/entry.S | 10 +++++----- arch/sparc64/kernel/power.c | 3 ++- arch/sparc64/kernel/ptrace.c | 12 ++++-------- include/asm-sparc64/thread_info.h | 3 ++- 5 files changed, 30 insertions(+), 15 deletions(-) diff --git a/arch/sparc64/Kconfig b/arch/sparc64/Kconfig index 4b13292..6a47336 100644 --- a/arch/sparc64/Kconfig +++ b/arch/sparc64/Kconfig @@ -43,6 +43,23 @@ config SPARC64_PAGE_SIZE_4MB endchoice +config SECCOMP + bool "Enable seccomp to safely compute untrusted bytecode" + depends on PROC_FS + default y + help + This kernel feature is useful for number crunching applications + that may need to compute untrusted bytecode during their + execution. By using pipes or other transports made available to + the process as file descriptors supporting the read/write + syscalls, it's possible to isolate those applications in + their own address space using seccomp. Once seccomp is + enabled via /proc//seccomp, it cannot be disabled + and the task is only allowed to execute a few safe syscalls + defined by each seccomp mode. + + If unsure, say Y. Only embedded should say N here. + source kernel/Kconfig.hz source "init/Kconfig" diff --git a/arch/sparc64/kernel/entry.S b/arch/sparc64/kernel/entry.S index b51bd14..acc323e 100644 --- a/arch/sparc64/kernel/entry.S +++ b/arch/sparc64/kernel/entry.S @@ -1552,7 +1552,7 @@ sys_ptrace: add %sp, PTREGS_OFF, %o0 nop .align 32 1: ldx [%curptr + TI_FLAGS], %l5 - andcc %l5, _TIF_SYSCALL_TRACE, %g0 + andcc %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 be,pt %icc, rtrap clr %l6 call syscall_trace @@ -1676,7 +1676,7 @@ linux_sparc_syscall32: srl %i5, 0, %o5 ! IEU1 srl %i2, 0, %o2 ! IEU0 Group - andcc %l0, _TIF_SYSCALL_TRACE, %g0 ! IEU0 Group + andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU0 Group bne,pn %icc, linux_syscall_trace32 ! CTI mov %i0, %l5 ! IEU1 call %l7 ! CTI Group brk forced @@ -1699,7 +1699,7 @@ linux_sparc_syscall: mov %i3, %o3 ! IEU1 mov %i4, %o4 ! IEU0 Group - andcc %l0, _TIF_SYSCALL_TRACE, %g0 ! IEU1 Group+1 bubble + andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU1 Group+1 bubble bne,pn %icc, linux_syscall_trace ! CTI Group mov %i0, %l5 ! IEU0 2: call %l7 ! CTI Group brk forced @@ -1727,7 +1727,7 @@ ret_sys_call: 1: cmp %o0, -ERESTART_RESTARTBLOCK bgeu,pn %xcc, 1f - andcc %l0, _TIF_SYSCALL_TRACE, %l6 + andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6 80: /* System call success, clear Carry condition code. */ andn %g3, %g2, %g3 @@ -1742,7 +1742,7 @@ ret_sys_call: /* System call failure, set Carry condition code. * Also, get abs(errno) to return to the process. */ - andcc %l0, _TIF_SYSCALL_TRACE, %l6 + andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6 sub %g0, %o0, %o0 or %g3, %g2, %g3 stx %o0, [%sp + PTREGS_OFF + PT_V9_I0] diff --git a/arch/sparc64/kernel/power.c b/arch/sparc64/kernel/power.c index 52f14e3..533104c 100644 --- a/arch/sparc64/kernel/power.c +++ b/arch/sparc64/kernel/power.c @@ -4,6 +4,8 @@ * Copyright (C) 1999 David S. Miller (davem@redhat.com) */ +#define __KERNEL_SYSCALLS__ + #include #include #include @@ -17,7 +19,6 @@ #include #include -#define __KERNEL_SYSCALLS__ #include /* diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c index 80a76e2..5abf596 100644 --- a/arch/sparc64/kernel/ptrace.c +++ b/arch/sparc64/kernel/ptrace.c @@ -630,9 +630,9 @@ out: asmlinkage void syscall_trace(void) { -#ifdef DEBUG_PTRACE - printk("%s [%d]: syscall_trace\n", current->comm, current->pid); -#endif + /* do the secure computing check first */ + secure_computing(current_thread_info()->kregs->u_regs[UREG_G1]); + if (!test_thread_flag(TIF_SYSCALL_TRACE)) return; if (!(current->ptrace & PT_PTRACED)) @@ -645,12 +645,8 @@ asmlinkage void syscall_trace(void) * for normal use. strace only continues with a signal if the * stopping signal is not SIGTRAP. -brl */ -#ifdef DEBUG_PTRACE - printk("%s [%d]: syscall_trace exit= %x\n", current->comm, - current->pid, current->exit_code); -#endif if (current->exit_code) { - send_sig (current->exit_code, current, 1); + send_sig(current->exit_code, current, 1); current->exit_code = 0; } } diff --git a/include/asm-sparc64/thread_info.h b/include/asm-sparc64/thread_info.h index 0cd6529..6b2fbb8 100644 --- a/include/asm-sparc64/thread_info.h +++ b/include/asm-sparc64/thread_info.h @@ -220,7 +220,7 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define TIF_NEWSIGNALS 6 /* wants new-style signals */ #define TIF_32BIT 7 /* 32-bit binary */ #define TIF_NEWCHILD 8 /* just-spawned child process */ -/* TIF_* value 9 is available */ +#define TIF_SECCOMP 9 /* secure computing */ #define TIF_POLLING_NRFLAG 10 #define TIF_SYSCALL_SUCCESS 11 /* NOTE: Thread flags >= 12 should be ones we have no interest @@ -239,6 +239,7 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define _TIF_NEWSIGNALS (1<