diff options
author | Nicolas Pitre <nicolas.pitre@linaro.org> | 2010-08-26 18:08:35 -0400 |
---|---|---|
committer | Nicolas Pitre <nicolas.pitre@linaro.org> | 2010-10-01 22:32:18 -0400 |
commit | 70c70d97809c3cdb8ff04f38ee3718c5385a2a4d (patch) | |
tree | 33b30af89b35370f01f69f80e44a660e8e80c137 | |
parent | 087aaffcdf9c91667c93923fbc05fa8fb6bc7d3a (diff) |
ARM: SECCOMP support
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
-rw-r--r-- | arch/arm/Kconfig | 14 | ||||
-rw-r--r-- | arch/arm/include/asm/seccomp.h | 11 | ||||
-rw-r--r-- | arch/arm/include/asm/thread_info.h | 2 | ||||
-rw-r--r-- | arch/arm/kernel/entry-common.S | 15 |
4 files changed, 40 insertions, 2 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 88c97bc7a6f5..1273ee8756be 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig | |||
@@ -1463,6 +1463,20 @@ config UACCESS_WITH_MEMCPY | |||
1463 | However, if the CPU data cache is using a write-allocate mode, | 1463 | However, if the CPU data cache is using a write-allocate mode, |
1464 | this option is unlikely to provide any performance gain. | 1464 | this option is unlikely to provide any performance gain. |
1465 | 1465 | ||
1466 | config SECCOMP | ||
1467 | bool | ||
1468 | prompt "Enable seccomp to safely compute untrusted bytecode" | ||
1469 | ---help--- | ||
1470 | This kernel feature is useful for number crunching applications | ||
1471 | that may need to compute untrusted bytecode during their | ||
1472 | execution. By using pipes or other transports made available to | ||
1473 | the process as file descriptors supporting the read/write | ||
1474 | syscalls, it's possible to isolate those applications in | ||
1475 | their own address space using seccomp. Once seccomp is | ||
1476 | enabled via prctl(PR_SET_SECCOMP), it cannot be disabled | ||
1477 | and the task is only allowed to execute a few safe syscalls | ||
1478 | defined by each seccomp mode. | ||
1479 | |||
1466 | config CC_STACKPROTECTOR | 1480 | config CC_STACKPROTECTOR |
1467 | bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" | 1481 | bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" |
1468 | help | 1482 | help |
diff --git a/arch/arm/include/asm/seccomp.h b/arch/arm/include/asm/seccomp.h new file mode 100644 index 000000000000..52b156b341f5 --- /dev/null +++ b/arch/arm/include/asm/seccomp.h | |||
@@ -0,0 +1,11 @@ | |||
1 | #ifndef _ASM_ARM_SECCOMP_H | ||
2 | #define _ASM_ARM_SECCOMP_H | ||
3 | |||
4 | #include <linux/unistd.h> | ||
5 | |||
6 | #define __NR_seccomp_read __NR_read | ||
7 | #define __NR_seccomp_write __NR_write | ||
8 | #define __NR_seccomp_exit __NR_exit | ||
9 | #define __NR_seccomp_sigreturn __NR_rt_sigreturn | ||
10 | |||
11 | #endif /* _ASM_ARM_SECCOMP_H */ | ||
diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h index 763e29fa8530..7b5cc8dae06e 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h | |||
@@ -144,6 +144,7 @@ extern void vfp_flush_hwstate(struct thread_info *); | |||
144 | #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ | 144 | #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ |
145 | #define TIF_FREEZE 19 | 145 | #define TIF_FREEZE 19 |
146 | #define TIF_RESTORE_SIGMASK 20 | 146 | #define TIF_RESTORE_SIGMASK 20 |
147 | #define TIF_SECCOMP 21 | ||
147 | 148 | ||
148 | #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) | 149 | #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) |
149 | #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) | 150 | #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) |
@@ -153,6 +154,7 @@ extern void vfp_flush_hwstate(struct thread_info *); | |||
153 | #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) | 154 | #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) |
154 | #define _TIF_FREEZE (1 << TIF_FREEZE) | 155 | #define _TIF_FREEZE (1 << TIF_FREEZE) |
155 | #define _TIF_RESTORE_SIGMASK (1 << TIF_RESTORE_SIGMASK) | 156 | #define _TIF_RESTORE_SIGMASK (1 << TIF_RESTORE_SIGMASK) |
157 | #define _TIF_SECCOMP (1 << TIF_SECCOMP) | ||
156 | 158 | ||
157 | /* | 159 | /* |
158 | * Change these and you break ASM code in entry-common.S | 160 | * Change these and you break ASM code in entry-common.S |
diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index 7885722bdf4e..0385a8207b67 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S | |||
@@ -295,7 +295,6 @@ ENTRY(vector_swi) | |||
295 | 295 | ||
296 | get_thread_info tsk | 296 | get_thread_info tsk |
297 | adr tbl, sys_call_table @ load syscall table pointer | 297 | adr tbl, sys_call_table @ load syscall table pointer |
298 | ldr ip, [tsk, #TI_FLAGS] @ check for syscall tracing | ||
299 | 298 | ||
300 | #if defined(CONFIG_OABI_COMPAT) | 299 | #if defined(CONFIG_OABI_COMPAT) |
301 | /* | 300 | /* |
@@ -312,8 +311,20 @@ ENTRY(vector_swi) | |||
312 | eor scno, scno, #__NR_SYSCALL_BASE @ check OS number | 311 | eor scno, scno, #__NR_SYSCALL_BASE @ check OS number |
313 | #endif | 312 | #endif |
314 | 313 | ||
314 | ldr r10, [tsk, #TI_FLAGS] @ check for syscall tracing | ||
315 | stmdb sp!, {r4, r5} @ push fifth and sixth args | 315 | stmdb sp!, {r4, r5} @ push fifth and sixth args |
316 | tst ip, #_TIF_SYSCALL_TRACE @ are we tracing syscalls? | 316 | |
317 | #ifdef CONFIG_SECCOMP | ||
318 | tst r10, #_TIF_SECCOMP | ||
319 | beq 1f | ||
320 | mov r0, scno | ||
321 | bl __secure_computing | ||
322 | add r0, sp, #S_R0 + S_OFF @ pointer to regs | ||
323 | ldmia r0, {r0 - r3} @ have to reload r0 - r3 | ||
324 | 1: | ||
325 | #endif | ||
326 | |||
327 | tst r10, #_TIF_SYSCALL_TRACE @ are we tracing syscalls? | ||
317 | bne __sys_trace | 328 | bne __sys_trace |
318 | 329 | ||
319 | cmp scno, #NR_syscalls @ check upper syscall limit | 330 | cmp scno, #NR_syscalls @ check upper syscall limit |