tile: enable full SECCOMP support

Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>

10 files changed, 57 insertions, 5 deletions

diff --git a/Documentation/features/seccomp/seccomp-filter/arch-support.txt b/Documentation/features/seccomp/seccomp-filter/arch-support.txt
index bea800910342..76d39d66a5d7 100644
--- a/Documentation/features/seccomp/seccomp-filter/arch-support.txt
+++ b/Documentation/features/seccomp/seccomp-filter/arch-support.txt
@@ -32,7 +32,7 @@
     |       score: | TODO |
     |          sh: | TODO |
     |       sparc: | TODO |
-    |        tile: | TODO |
+    |        tile: |  ok  |
     |          um: | TODO |
     |   unicore32: | TODO |
     |         x86: |  ok  |
diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
index 9def1f52d03a..2ba12d761723 100644
--- a/arch/tile/Kconfig
+++ b/arch/tile/Kconfig
@@ -32,6 +32,7 @@ config TILE
         select EDAC_SUPPORT
         select GENERIC_STRNCPY_FROM_USER
         select GENERIC_STRNLEN_USER
+        select HAVE_ARCH_SECCOMP_FILTER
 
 # FIXME: investigate whether we need/want these options.
 #       select HAVE_IOREMAP_PROT
@@ -221,6 +222,22 @@ config COMPAT
           If enabled, the kernel will support running TILE-Gx binaries
           that were built with the -m32 option.
 
+config SECCOMP
+        bool "Enable seccomp to safely compute untrusted bytecode"
+        depends on PROC_FS
+        help
+          This kernel feature is useful for number crunching applications
+          that may need to compute untrusted bytecode during their
+          execution. By using pipes or other transports made available to
+          the process as file descriptors supporting the read/write
+          syscalls, it's possible to isolate those applications in
+          their own address space using seccomp. Once seccomp is
+          enabled via prctl, it cannot be disabled and the task is only
+          allowed to execute a few safe syscalls defined by each seccomp
+          mode.
+
+          If unsure, say N.
+
 config SYSVIPC_COMPAT
         def_bool y
         depends on COMPAT && SYSVIPC
diff --git a/arch/tile/include/asm/Kbuild b/arch/tile/include/asm/Kbuild
index d8a843163471..ba35c41c71ff 100644
--- a/arch/tile/include/asm/Kbuild
+++ b/arch/tile/include/asm/Kbuild
@@ -28,6 +28,7 @@ generic-y += poll.h
 generic-y += posix_types.h
 generic-y += preempt.h
 generic-y += resource.h
+generic-y += seccomp.h
 generic-y += sembuf.h
 generic-y += serial.h
 generic-y += shmbuf.h
diff --git a/arch/tile/include/asm/elf.h b/arch/tile/include/asm/elf.h
index 41d9878a9686..c505d77e4d06 100644
--- a/arch/tile/include/asm/elf.h
+++ b/arch/tile/include/asm/elf.h
@@ -22,6 +22,7 @@
 #include <arch/chip.h>
 
 #include <linux/ptrace.h>
+#include <linux/elf-em.h>
 #include <asm/byteorder.h>
 #include <asm/page.h>
 
@@ -30,9 +31,6 @@ typedef unsigned long elf_greg_t;
 #define ELF_NGREG (sizeof(struct pt_regs) / sizeof(elf_greg_t))
 typedef elf_greg_t elf_gregset_t[ELF_NGREG];
 
-#define EM_TILEPRO 188
-#define EM_TILEGX  191
-
 /* Provide a nominal data structure. */
 #define ELF_NFPREG      0
 typedef double elf_fpreg_t;
diff --git a/arch/tile/include/asm/syscall.h b/arch/tile/include/asm/syscall.h
index 9644b88f133d..373d73064ea1 100644
--- a/arch/tile/include/asm/syscall.h
+++ b/arch/tile/include/asm/syscall.h
@@ -20,6 +20,8 @@
 
 #include <linux/sched.h>
 #include <linux/err.h>
+#include <linux/audit.h>
+#include <linux/compat.h>
 #include <arch/abi.h>
 
 /* The array of function pointers for syscalls. */
@@ -61,7 +63,15 @@ static inline void syscall_set_return_value(struct task_struct *task,
                                             struct pt_regs *regs,
                                             int error, long val)
 {
-        regs->regs[0] = (long) error ?: val;
+        if (error) {
+                /* R0 is the passed-in negative error, R1 is positive. */
+                regs->regs[0] = error;
+                regs->regs[1] = -error;
+        } else {
+                /* R1 set to zero to indicate no error. */
+                regs->regs[0] = val;
+                regs->regs[1] = 0;
+        }
 }
 
 static inline void syscall_get_arguments(struct task_struct *task,
@@ -82,4 +92,20 @@ static inline void syscall_set_arguments(struct task_struct *task,
         memcpy(&regs[i], args, n * sizeof(args[0]));
 }
 
+/*
+ * We don't care about endianness (__AUDIT_ARCH_LE bit) here because
+ * tile has the same system calls both on little- and big- endian.
+ */
+static inline int syscall_get_arch(void)
+{
+        if (is_compat_task())
+                return AUDIT_ARCH_TILEGX32;
+
+#ifdef CONFIG_TILEGX
+        return AUDIT_ARCH_TILEGX;
+#else
+        return AUDIT_ARCH_TILEPRO;
+#endif
+}
+
 #endif  /* _ASM_TILE_SYSCALL_H */
diff --git a/arch/tile/kernel/intvec_32.S b/arch/tile/kernel/intvec_32.S
index cdbda45a4e4b..fbbe2ea882ea 100644
--- a/arch/tile/kernel/intvec_32.S
+++ b/arch/tile/kernel/intvec_32.S
@@ -1224,6 +1224,7 @@ handle_syscall:
          jal    do_syscall_trace_enter
         }
         FEEDBACK_REENTER(handle_syscall)
+        blz     r0, .Lsyscall_sigreturn_skip
 
         /*
          * We always reload our registers from the stack at this
diff --git a/arch/tile/kernel/intvec_64.S b/arch/tile/kernel/intvec_64.S
index 800b91d3f9dc..58964d209d4d 100644
--- a/arch/tile/kernel/intvec_64.S
+++ b/arch/tile/kernel/intvec_64.S
@@ -1247,6 +1247,7 @@ handle_syscall:
          jal    do_syscall_trace_enter
         }
         FEEDBACK_REENTER(handle_syscall)
+        bltz    r0, .Lsyscall_sigreturn_skip
 
         /*
          * We always reload our registers from the stack at this
diff --git a/arch/tile/kernel/ptrace.c b/arch/tile/kernel/ptrace.c
index f84eed8243da..bdc126faf741 100644
--- a/arch/tile/kernel/ptrace.c
+++ b/arch/tile/kernel/ptrace.c
@@ -262,6 +262,9 @@ int do_syscall_trace_enter(struct pt_regs *regs)
         if (work & _TIF_NOHZ)
                 user_exit();
 
+        if (secure_computing() == -1)
+                return -1;
+
         if (work & _TIF_SYSCALL_TRACE) {
                 if (tracehook_report_syscall_entry(regs))
                         regs->regs[TREG_SYSCALL_NR] = -1;
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index d3475e1f15ec..1f977dd4c370 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -382,6 +382,9 @@ enum {
 #define AUDIT_ARCH_SHEL64       (EM_SH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_SPARC        (EM_SPARC)
 #define AUDIT_ARCH_SPARC64      (EM_SPARCV9|__AUDIT_ARCH_64BIT)
+#define AUDIT_ARCH_TILEGX       (EM_TILEGX|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#define AUDIT_ARCH_TILEGX32     (EM_TILEGX|__AUDIT_ARCH_LE)
+#define AUDIT_ARCH_TILEPRO      (EM_TILEPRO|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_X86_64       (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
 
 #define AUDIT_PERM_EXEC         1
diff --git a/include/uapi/linux/elf-em.h b/include/uapi/linux/elf-em.h
index b08829667ed7..3429a3ba382b 100644
--- a/include/uapi/linux/elf-em.h
+++ b/include/uapi/linux/elf-em.h
@@ -38,6 +38,8 @@
 #define EM_ALTERA_NIOS2 113     /* Altera Nios II soft-core processor */
 #define EM_TI_C6000     140     /* TI C6X DSPs */
 #define EM_AARCH64      183     /* ARM 64 bit */
+#define EM_TILEPRO      188     /* Tilera TILEPro */
+#define EM_TILEGX       191     /* Tilera TILE-Gx */
 #define EM_FRV          0x5441  /* Fujitsu FR-V */
 #define EM_AVR32        0x18ad  /* Atmel AVR32 */