parisc: Wire up seccomp, getrandom and memfd_create syscalls

With secure computing we only support the SECCOMP_MODE_STRICT mode for now. Signed-off-by: Helge Deller <deller@gmx.de>
author: Helge Deller <deller@gmx.de> 2014-08-27 08:39:56 -0400
committer: Helge Deller <deller@gmx.de> 2014-08-27 08:39:56 -0400
commit: c90f06943e05519a87140dc407cf589c220aeedf (patch)
tree: e2ae9c471881462dba751849fc1ea0a53dc36168 /arch/parisc
parent: 3335f75a8877ac50f27510cda1368108bca0f151 (diff)
6 files changed, 49 insertions, 2 deletions
diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig
index 6e75e2030927..1554a6f2a5bb 100644
--- a/arch/parisc/Kconfig
+++ b/arch/parisc/Kconfig
@@ -321,6 +321,22 @@ source "fs/Kconfig"
 source "arch/parisc/Kconfig.debug"
+config SECCOMP
+        def_bool y
+        prompt "Enable seccomp to safely compute untrusted bytecode"
+        ---help---
+          This kernel feature is useful for number crunching applications
+          that may need to compute untrusted bytecode during their
+          execution. By using pipes or other transports made available to
+          the process as file descriptors supporting the read/write
+          syscalls, it's possible to isolate those applications in
+          their own address space using seccomp. Once seccomp is
+          enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
+          and the task is only allowed to execute a few safe syscalls
+          defined by each seccomp mode.
+          If unsure, say Y. Only embedded should say N here.
 source "security/Kconfig"
 source "crypto/Kconfig"
diff --git a/arch/parisc/include/asm/seccomp.h b/arch/parisc/include/asm/seccomp.h
new file mode 100644
index 000000000000..015f7887aa29
--- /dev/null
+++ b/arch/parisc/include/asm/seccomp.h
@@ -0,0 +1,16 @@
+#ifndef _ASM_PARISC_SECCOMP_H
+#define _ASM_PARISC_SECCOMP_H
+#include <linux/unistd.h>
+#define __NR_seccomp_read __NR_read
+#define __NR_seccomp_write __NR_write
+#define __NR_seccomp_exit __NR_exit
+#define __NR_seccomp_sigreturn __NR_rt_sigreturn
+#define __NR_seccomp_read_32 __NR_read
+#define __NR_seccomp_write_32 __NR_write
+#define __NR_seccomp_exit_32 __NR_exit
+#define __NR_seccomp_sigreturn_32 __NR_rt_sigreturn
+#endif  /* _ASM_PARISC_SECCOMP_H */
diff --git a/arch/parisc/include/asm/thread_info.h b/arch/parisc/include/asm/thread_info.h
index 4b9b10ce1f9d..a84611835549 100644
--- a/arch/parisc/include/asm/thread_info.h
+++ b/arch/parisc/include/asm/thread_info.h
@@ -60,6 +60,7 @@ struct thread_info {
 #define TIF_NOTIFY_RESUME       8       /* callback before returning to user */
 #define TIF_SINGLESTEP          9       /* single stepping? */
 #define TIF_BLOCKSTEP           10      /* branch stepping? */
+#define TIF_SECCOMP             11      /* secure computing */
 #define _TIF_SYSCALL_TRACE      (1 << TIF_SYSCALL_TRACE)
 #define _TIF_SIGPENDING         (1 << TIF_SIGPENDING)
@@ -70,11 +71,13 @@ struct thread_info {
 #define _TIF_NOTIFY_RESUME      (1 << TIF_NOTIFY_RESUME)
 #define _TIF_SINGLESTEP         (1 << TIF_SINGLESTEP)
 #define _TIF_BLOCKSTEP          (1 << TIF_BLOCKSTEP)
+#define _TIF_SECCOMP            (1 << TIF_SECCOMP)
 #define _TIF_USER_WORK_MASK     (_TIF_SIGPENDING | _TIF_NOTIFY_RESUME | \
                                 _TIF_NEED_RESCHED)
 #define _TIF_SYSCALL_TRACE_MASK (_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP | \
-                                 _TIF_BLOCKSTEP | _TIF_SYSCALL_AUDIT)
+                                 _TIF_BLOCKSTEP | _TIF_SYSCALL_AUDIT | \
+                                 _TIF_SECCOMP)
 #ifdef CONFIG_64BIT
 # ifdef CONFIG_COMPAT
diff --git a/arch/parisc/include/uapi/asm/unistd.h b/arch/parisc/include/uapi/asm/unistd.h
index 47e0e21d2272..8667f18be238 100644
--- a/arch/parisc/include/uapi/asm/unistd.h
+++ b/arch/parisc/include/uapi/asm/unistd.h
@@ -830,8 +830,11 @@
 #define __NR_sched_getattr      (__NR_Linux + 335)
 #define __NR_utimes             (__NR_Linux + 336)
 #define __NR_renameat2          (__NR_Linux + 337)
+#define __NR_seccomp            (__NR_Linux + 338)
+#define __NR_getrandom          (__NR_Linux + 339)
+#define __NR_memfd_create       (__NR_Linux + 340)
-#define __NR_Linux_syscalls     (__NR_renameat2 + 1)
+#define __NR_Linux_syscalls     (__NR_memfd_create + 1)
 #define __IGNORE_select         /* newselect */
diff --git a/arch/parisc/kernel/ptrace.c b/arch/parisc/kernel/ptrace.c
index e842ee233db4..3bab72462ab5 100644
--- a/arch/parisc/kernel/ptrace.c
+++ b/arch/parisc/kernel/ptrace.c
@@ -270,6 +270,12 @@ long do_syscall_trace_enter(struct pt_regs *regs)
 {
        long ret = 0;
+        /* Do the secure computing check first. */
+        if (secure_computing(regs->gr[20])) {
+                /* seccomp failures shouldn't expose any additional code. */
+                return -1;
+        }
        if (test_thread_flag(TIF_SYSCALL_TRACE) &&
            tracehook_report_syscall_entry(regs))
                ret = -1L;
diff --git a/arch/parisc/kernel/syscall_table.S b/arch/parisc/kernel/syscall_table.S
index 84c5d3a58fa1..b563d9c8268b 100644
--- a/arch/parisc/kernel/syscall_table.S
+++ b/arch/parisc/kernel/syscall_table.S
@@ -433,6 +433,9 @@
        ENTRY_SAME(sched_getattr)       /* 335 */
        ENTRY_COMP(utimes)
        ENTRY_SAME(renameat2)
+        ENTRY_SAME(seccomp)
+        ENTRY_SAME(getrandom)
+        ENTRY_SAME(memfd_create)        /* 340 */
        /* Nothing yet */
author	Helge Deller <deller@gmx.de>	2014-08-27 08:39:56 -0400
committer	Helge Deller <deller@gmx.de>	2014-08-27 08:39:56 -0400
commit	c90f06943e05519a87140dc407cf589c220aeedf (patch)
tree	e2ae9c471881462dba751849fc1ea0a53dc36168 /arch/parisc
parent	3335f75a8877ac50f27510cda1368108bca0f151 (diff)

diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index 6e75e2030927..1554a6f2a5bb 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig
@@ -321,6 +321,22 @@ source "fs/Kconfig"
321		321
322	source "arch/parisc/Kconfig.debug"	322	source "arch/parisc/Kconfig.debug"
323		323
		324	config SECCOMP
		325	def_bool y
		326	prompt "Enable seccomp to safely compute untrusted bytecode"
		327	---help---
		328	This kernel feature is useful for number crunching applications
		329	that may need to compute untrusted bytecode during their
		330	execution. By using pipes or other transports made available to
		331	the process as file descriptors supporting the read/write
		332	syscalls, it's possible to isolate those applications in
		333	their own address space using seccomp. Once seccomp is
		334	enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
		335	and the task is only allowed to execute a few safe syscalls
		336	defined by each seccomp mode.
		337
		338	If unsure, say Y. Only embedded should say N here.
		339
324	source "security/Kconfig"	340	source "security/Kconfig"
325		341
326	source "crypto/Kconfig"	342	source "crypto/Kconfig"


diff --git a/arch/parisc/include/asm/seccomp.h b/arch/parisc/include/asm/seccomp.h new file mode 100644 index 000000000000..015f7887aa29 --- /dev/null +++ b/arch/parisc/include/asm/seccomp.h
@@ -0,0 +1,16 @@
		1	#ifndef _ASM_PARISC_SECCOMP_H
		2	#define _ASM_PARISC_SECCOMP_H
		3
		4	#include <linux/unistd.h>
		5
		6	#define __NR_seccomp_read __NR_read
		7	#define __NR_seccomp_write __NR_write
		8	#define __NR_seccomp_exit __NR_exit
		9	#define __NR_seccomp_sigreturn __NR_rt_sigreturn
		10
		11	#define __NR_seccomp_read_32 __NR_read
		12	#define __NR_seccomp_write_32 __NR_write
		13	#define __NR_seccomp_exit_32 __NR_exit
		14	#define __NR_seccomp_sigreturn_32 __NR_rt_sigreturn
		15
		16	#endif /* _ASM_PARISC_SECCOMP_H */


diff --git a/arch/parisc/include/asm/thread_info.h b/arch/parisc/include/asm/thread_info.h index 4b9b10ce1f9d..a84611835549 100644 --- a/arch/parisc/include/asm/thread_info.h +++ b/arch/parisc/include/asm/thread_info.h
@@ -60,6 +60,7 @@ struct thread_info {
60	#define TIF_NOTIFY_RESUME 8 /* callback before returning to user */	60	#define TIF_NOTIFY_RESUME 8 /* callback before returning to user */
61	#define TIF_SINGLESTEP 9 /* single stepping? */	61	#define TIF_SINGLESTEP 9 /* single stepping? */
62	#define TIF_BLOCKSTEP 10 /* branch stepping? */	62	#define TIF_BLOCKSTEP 10 /* branch stepping? */
		63	#define TIF_SECCOMP 11 /* secure computing */
63		64
64	#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)	65	#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
65	#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)	66	#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
@@ -70,11 +71,13 @@ struct thread_info {
70	#define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME)	71	#define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME)
71	#define _TIF_SINGLESTEP (1 << TIF_SINGLESTEP)	72	#define _TIF_SINGLESTEP (1 << TIF_SINGLESTEP)
72	#define _TIF_BLOCKSTEP (1 << TIF_BLOCKSTEP)	73	#define _TIF_BLOCKSTEP (1 << TIF_BLOCKSTEP)
		74	#define _TIF_SECCOMP (1 << TIF_SECCOMP)
73		75
74	#define _TIF_USER_WORK_MASK (_TIF_SIGPENDING \| _TIF_NOTIFY_RESUME \| \	76	#define _TIF_USER_WORK_MASK (_TIF_SIGPENDING \| _TIF_NOTIFY_RESUME \| \
75	_TIF_NEED_RESCHED)	77	_TIF_NEED_RESCHED)
76	#define _TIF_SYSCALL_TRACE_MASK (_TIF_SYSCALL_TRACE \| _TIF_SINGLESTEP \| \	78	#define _TIF_SYSCALL_TRACE_MASK (_TIF_SYSCALL_TRACE \| _TIF_SINGLESTEP \| \
77	_TIF_BLOCKSTEP \| _TIF_SYSCALL_AUDIT)	79	_TIF_BLOCKSTEP \| _TIF_SYSCALL_AUDIT \| \
		80	_TIF_SECCOMP)
78		81
79	#ifdef CONFIG_64BIT	82	#ifdef CONFIG_64BIT
80	# ifdef CONFIG_COMPAT	83	# ifdef CONFIG_COMPAT


diff --git a/arch/parisc/include/uapi/asm/unistd.h b/arch/parisc/include/uapi/asm/unistd.h index 47e0e21d2272..8667f18be238 100644 --- a/arch/parisc/include/uapi/asm/unistd.h +++ b/arch/parisc/include/uapi/asm/unistd.h
@@ -830,8 +830,11 @@
830	#define __NR_sched_getattr (__NR_Linux + 335)	830	#define __NR_sched_getattr (__NR_Linux + 335)
831	#define __NR_utimes (__NR_Linux + 336)	831	#define __NR_utimes (__NR_Linux + 336)
832	#define __NR_renameat2 (__NR_Linux + 337)	832	#define __NR_renameat2 (__NR_Linux + 337)
		833	#define __NR_seccomp (__NR_Linux + 338)
		834	#define __NR_getrandom (__NR_Linux + 339)
		835	#define __NR_memfd_create (__NR_Linux + 340)
833		836
834	#define __NR_Linux_syscalls (__NR_renameat2 + 1)	837	#define __NR_Linux_syscalls (__NR_memfd_create + 1)
835		838
836		839
837	#define __IGNORE_select /* newselect */	840	#define __IGNORE_select /* newselect */


diff --git a/arch/parisc/kernel/ptrace.c b/arch/parisc/kernel/ptrace.c index e842ee233db4..3bab72462ab5 100644 --- a/arch/parisc/kernel/ptrace.c +++ b/arch/parisc/kernel/ptrace.c
@@ -270,6 +270,12 @@ long do_syscall_trace_enter(struct pt_regs *regs)
270	{	270	{
271	long ret = 0;	271	long ret = 0;
272		272
		273	/* Do the secure computing check first. */
		274	if (secure_computing(regs->gr[20])) {
		275	/* seccomp failures shouldn't expose any additional code. */
		276	return -1;
		277	}
		278
273	if (test_thread_flag(TIF_SYSCALL_TRACE) &&	279	if (test_thread_flag(TIF_SYSCALL_TRACE) &&
274	tracehook_report_syscall_entry(regs))	280	tracehook_report_syscall_entry(regs))
275	ret = -1L;	281	ret = -1L;


diff --git a/arch/parisc/kernel/syscall_table.S b/arch/parisc/kernel/syscall_table.S index 84c5d3a58fa1..b563d9c8268b 100644 --- a/arch/parisc/kernel/syscall_table.S +++ b/arch/parisc/kernel/syscall_table.S
@@ -433,6 +433,9 @@
433	ENTRY_SAME(sched_getattr) /* 335 */	433	ENTRY_SAME(sched_getattr) /* 335 */
434	ENTRY_COMP(utimes)	434	ENTRY_COMP(utimes)
435	ENTRY_SAME(renameat2)	435	ENTRY_SAME(renameat2)
		436	ENTRY_SAME(seccomp)
		437	ENTRY_SAME(getrandom)
		438	ENTRY_SAME(memfd_create) /* 340 */
436		439
437	/* Nothing yet */	440	/* Nothing yet */
438		441