aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNicolas Pitre <nicolas.pitre@linaro.org>2010-08-26 18:08:35 -0400
committerNicolas Pitre <nicolas.pitre@linaro.org>2010-10-01 22:32:18 -0400
commit70c70d97809c3cdb8ff04f38ee3718c5385a2a4d (patch)
tree33b30af89b35370f01f69f80e44a660e8e80c137
parent087aaffcdf9c91667c93923fbc05fa8fb6bc7d3a (diff)
ARM: SECCOMP support
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
-rw-r--r--arch/arm/Kconfig14
-rw-r--r--arch/arm/include/asm/seccomp.h11
-rw-r--r--arch/arm/include/asm/thread_info.h2
-rw-r--r--arch/arm/kernel/entry-common.S15
4 files changed, 40 insertions, 2 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 88c97bc7a6f5..1273ee8756be 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1463,6 +1463,20 @@ config UACCESS_WITH_MEMCPY
1463 However, if the CPU data cache is using a write-allocate mode, 1463 However, if the CPU data cache is using a write-allocate mode,
1464 this option is unlikely to provide any performance gain. 1464 this option is unlikely to provide any performance gain.
1465 1465
1466config SECCOMP
1467 bool
1468 prompt "Enable seccomp to safely compute untrusted bytecode"
1469 ---help---
1470 This kernel feature is useful for number crunching applications
1471 that may need to compute untrusted bytecode during their
1472 execution. By using pipes or other transports made available to
1473 the process as file descriptors supporting the read/write
1474 syscalls, it's possible to isolate those applications in
1475 their own address space using seccomp. Once seccomp is
1476 enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
1477 and the task is only allowed to execute a few safe syscalls
1478 defined by each seccomp mode.
1479
1466config CC_STACKPROTECTOR 1480config CC_STACKPROTECTOR
1467 bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" 1481 bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
1468 help 1482 help
diff --git a/arch/arm/include/asm/seccomp.h b/arch/arm/include/asm/seccomp.h
new file mode 100644
index 000000000000..52b156b341f5
--- /dev/null
+++ b/arch/arm/include/asm/seccomp.h
@@ -0,0 +1,11 @@
1#ifndef _ASM_ARM_SECCOMP_H
2#define _ASM_ARM_SECCOMP_H
3
4#include <linux/unistd.h>
5
6#define __NR_seccomp_read __NR_read
7#define __NR_seccomp_write __NR_write
8#define __NR_seccomp_exit __NR_exit
9#define __NR_seccomp_sigreturn __NR_rt_sigreturn
10
11#endif /* _ASM_ARM_SECCOMP_H */
diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h
index 763e29fa8530..7b5cc8dae06e 100644
--- a/arch/arm/include/asm/thread_info.h
+++ b/arch/arm/include/asm/thread_info.h
@@ -144,6 +144,7 @@ extern void vfp_flush_hwstate(struct thread_info *);
144#define TIF_MEMDIE 18 /* is terminating due to OOM killer */ 144#define TIF_MEMDIE 18 /* is terminating due to OOM killer */
145#define TIF_FREEZE 19 145#define TIF_FREEZE 19
146#define TIF_RESTORE_SIGMASK 20 146#define TIF_RESTORE_SIGMASK 20
147#define TIF_SECCOMP 21
147 148
148#define _TIF_SIGPENDING (1 << TIF_SIGPENDING) 149#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
149#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) 150#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
@@ -153,6 +154,7 @@ extern void vfp_flush_hwstate(struct thread_info *);
153#define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) 154#define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT)
154#define _TIF_FREEZE (1 << TIF_FREEZE) 155#define _TIF_FREEZE (1 << TIF_FREEZE)
155#define _TIF_RESTORE_SIGMASK (1 << TIF_RESTORE_SIGMASK) 156#define _TIF_RESTORE_SIGMASK (1 << TIF_RESTORE_SIGMASK)
157#define _TIF_SECCOMP (1 << TIF_SECCOMP)
156 158
157/* 159/*
158 * Change these and you break ASM code in entry-common.S 160 * Change these and you break ASM code in entry-common.S
diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
index 7885722bdf4e..0385a8207b67 100644
--- a/arch/arm/kernel/entry-common.S
+++ b/arch/arm/kernel/entry-common.S
@@ -295,7 +295,6 @@ ENTRY(vector_swi)
295 295
296 get_thread_info tsk 296 get_thread_info tsk
297 adr tbl, sys_call_table @ load syscall table pointer 297 adr tbl, sys_call_table @ load syscall table pointer
298 ldr ip, [tsk, #TI_FLAGS] @ check for syscall tracing
299 298
300#if defined(CONFIG_OABI_COMPAT) 299#if defined(CONFIG_OABI_COMPAT)
301 /* 300 /*
@@ -312,8 +311,20 @@ ENTRY(vector_swi)
312 eor scno, scno, #__NR_SYSCALL_BASE @ check OS number 311 eor scno, scno, #__NR_SYSCALL_BASE @ check OS number
313#endif 312#endif
314 313
314 ldr r10, [tsk, #TI_FLAGS] @ check for syscall tracing
315 stmdb sp!, {r4, r5} @ push fifth and sixth args 315 stmdb sp!, {r4, r5} @ push fifth and sixth args
316 tst ip, #_TIF_SYSCALL_TRACE @ are we tracing syscalls? 316
317#ifdef CONFIG_SECCOMP
318 tst r10, #_TIF_SECCOMP
319 beq 1f
320 mov r0, scno
321 bl __secure_computing
322 add r0, sp, #S_R0 + S_OFF @ pointer to regs
323 ldmia r0, {r0 - r3} @ have to reload r0 - r3
3241:
325#endif
326
327 tst r10, #_TIF_SYSCALL_TRACE @ are we tracing syscalls?
317 bne __sys_trace 328 bne __sys_trace
318 329
319 cmp scno, #NR_syscalls @ check upper syscall limit 330 cmp scno, #NR_syscalls @ check upper syscall limit