aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRalf Baechle <ralf@linux-mips.org>2005-03-18 12:36:42 -0500
committerRalf Baechle <ralf@linux-mips.org>2005-10-29 14:30:58 -0400
commit127c6f662348cbf2b1c09e6fc2748af316f7d2d6 (patch)
tree9e6b394e9987b933707856422879922016532533
parent53de0d471fe8ddbbeca938cffedb4cc94e04da10 (diff)
SECCOMP for MIPS.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-rw-r--r--arch/mips/Kconfig17
-rw-r--r--include/asm-mips/thread_info.h10
2 files changed, 23 insertions, 4 deletions
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index 41d782e207c3..b54ac9a75d5f 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -1530,6 +1530,23 @@ config BINFMT_ELF32
1530 bool 1530 bool
1531 default y if MIPS32_O32 || MIPS32_N32 1531 default y if MIPS32_O32 || MIPS32_N32
1532 1532
1533config SECCOMP
1534 bool "Enable seccomp to safely compute untrusted bytecode"
1535 depends on PROC_FS && BROKEN
1536 default y
1537 help
1538 This kernel feature is useful for number crunching applications
1539 that may need to compute untrusted bytecode during their
1540 execution. By using pipes or other transports made available to
1541 the process as file descriptors supporting the read/write
1542 syscalls, it's possible to isolate those applications in
1543 their own address space using seccomp. Once seccomp is
1544 enabled via /proc/<pid>/seccomp, it cannot be disabled
1545 and the task is only allowed to execute a few safe syscalls
1546 defined by each seccomp mode.
1547
1548 If unsure, say Y. Only embedded should say N here.
1549
1533config PM 1550config PM
1534 bool "Power Management support (EXPERIMENTAL)" 1551 bool "Power Management support (EXPERIMENTAL)"
1535 depends on EXPERIMENTAL && MACH_AU1X00 1552 depends on EXPERIMENTAL && MACH_AU1X00
diff --git a/include/asm-mips/thread_info.h b/include/asm-mips/thread_info.h
index a70cb0854c8a..66a0c2ae7d65 100644
--- a/include/asm-mips/thread_info.h
+++ b/include/asm-mips/thread_info.h
@@ -114,6 +114,7 @@ register struct thread_info *__current_thread_info __asm__("$28");
114#define TIF_SIGPENDING 2 /* signal pending */ 114#define TIF_SIGPENDING 2 /* signal pending */
115#define TIF_NEED_RESCHED 3 /* rescheduling necessary */ 115#define TIF_NEED_RESCHED 3 /* rescheduling necessary */
116#define TIF_SYSCALL_AUDIT 4 /* syscall auditing active */ 116#define TIF_SYSCALL_AUDIT 4 /* syscall auditing active */
117#define TIF_SECCOMP 5 /* secure computing */
117#define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */ 118#define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */
118#define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling TIF_NEED_RESCHED */ 119#define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling TIF_NEED_RESCHED */
119#define TIF_MEMDIE 18 120#define TIF_MEMDIE 18
@@ -124,13 +125,14 @@ register struct thread_info *__current_thread_info __asm__("$28");
124#define _TIF_SIGPENDING (1<<TIF_SIGPENDING) 125#define _TIF_SIGPENDING (1<<TIF_SIGPENDING)
125#define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) 126#define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED)
126#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) 127#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
128#define _TIF_SECCOMP (1<<TIF_SECCOMP)
127#define _TIF_USEDFPU (1<<TIF_USEDFPU) 129#define _TIF_USEDFPU (1<<TIF_USEDFPU)
128#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) 130#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
129 131
130#define _TIF_WORK_MASK 0x0000ffef /* work to do on 132/* work to do on interrupt/exception return */
131 interrupt/exception return */ 133#define _TIF_WORK_MASK (0x0000ffef & ~_TIF_SECCOMP)
132#define _TIF_ALLWORK_MASK 0x8000ffff /* work to do on any return to 134/* work to do on any return to u-space */
133 u-space */ 135#define _TIF_ALLWORK_MASK (0x8000ffff & ~_TIF_SECCOMP)
134 136
135#endif /* __KERNEL__ */ 137#endif /* __KERNEL__ */
136 138