diff options
| author | Heiko Carstens <heiko.carstens@de.ibm.com> | 2009-06-12 04:26:26 -0400 |
|---|---|---|
| committer | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2009-06-12 04:27:31 -0400 |
| commit | bcf5cef7db869dd3b0ec55ad99641e66b2f5cf02 (patch) | |
| tree | 56119ef1804f60122aba7b780768938936d180a1 /arch | |
| parent | 7757591ab4a36314a258e181dbf0994415c288c2 (diff) | |
[S390] secure computing arch backend
Enable secure computing on s390 as well.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/s390/Kconfig | 18 | ||||
| -rw-r--r-- | arch/s390/include/asm/seccomp.h | 16 | ||||
| -rw-r--r-- | arch/s390/include/asm/thread_info.h | 10 | ||||
| -rw-r--r-- | arch/s390/kernel/entry.S | 5 | ||||
| -rw-r--r-- | arch/s390/kernel/entry64.S | 5 | ||||
| -rw-r--r-- | arch/s390/kernel/ptrace.c | 6 |
6 files changed, 51 insertions, 9 deletions
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 2eca5fe0e75b..1094787e97e5 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig | |||
| @@ -567,6 +567,24 @@ bool "s390 guest support for KVM (EXPERIMENTAL)" | |||
| 567 | the KVM hypervisor. This will add detection for KVM as well as a | 567 | the KVM hypervisor. This will add detection for KVM as well as a |
| 568 | virtio transport. If KVM is detected, the virtio console will be | 568 | virtio transport. If KVM is detected, the virtio console will be |
| 569 | the default console. | 569 | the default console. |
| 570 | |||
| 571 | config SECCOMP | ||
| 572 | bool "Enable seccomp to safely compute untrusted bytecode" | ||
| 573 | depends on PROC_FS | ||
| 574 | default y | ||
| 575 | help | ||
| 576 | This kernel feature is useful for number crunching applications | ||
| 577 | that may need to compute untrusted bytecode during their | ||
| 578 | execution. By using pipes or other transports made available to | ||
| 579 | the process as file descriptors supporting the read/write | ||
| 580 | syscalls, it's possible to isolate those applications in | ||
| 581 | their own address space using seccomp. Once seccomp is | ||
| 582 | enabled via /proc/<pid>/seccomp, it cannot be disabled | ||
| 583 | and the task is only allowed to execute a few safe syscalls | ||
| 584 | defined by each seccomp mode. | ||
| 585 | |||
| 586 | If unsure, say Y. | ||
| 587 | |||
| 570 | endmenu | 588 | endmenu |
| 571 | 589 | ||
| 572 | source "net/Kconfig" | 590 | source "net/Kconfig" |
diff --git a/arch/s390/include/asm/seccomp.h b/arch/s390/include/asm/seccomp.h new file mode 100644 index 000000000000..781a9cf9b002 --- /dev/null +++ b/arch/s390/include/asm/seccomp.h | |||
| @@ -0,0 +1,16 @@ | |||
| 1 | #ifndef _ASM_S390_SECCOMP_H | ||
| 2 | #define _ASM_S390_SECCOMP_H | ||
| 3 | |||
| 4 | #include <linux/unistd.h> | ||
| 5 | |||
| 6 | #define __NR_seccomp_read __NR_read | ||
| 7 | #define __NR_seccomp_write __NR_write | ||
| 8 | #define __NR_seccomp_exit __NR_exit | ||
| 9 | #define __NR_seccomp_sigreturn __NR_sigreturn | ||
| 10 | |||
| 11 | #define __NR_seccomp_read_32 __NR_read | ||
| 12 | #define __NR_seccomp_write_32 __NR_write | ||
| 13 | #define __NR_seccomp_exit_32 __NR_exit | ||
| 14 | #define __NR_seccomp_sigreturn_32 __NR_sigreturn | ||
| 15 | |||
| 16 | #endif /* _ASM_S390_SECCOMP_H */ | ||
diff --git a/arch/s390/include/asm/thread_info.h b/arch/s390/include/asm/thread_info.h index 461f2abd2e6f..2f86653dda69 100644 --- a/arch/s390/include/asm/thread_info.h +++ b/arch/s390/include/asm/thread_info.h | |||
| @@ -83,14 +83,15 @@ static inline struct thread_info *current_thread_info(void) | |||
| 83 | /* | 83 | /* |
| 84 | * thread information flags bit numbers | 84 | * thread information flags bit numbers |
| 85 | */ | 85 | */ |
| 86 | #define TIF_SYSCALL_TRACE 0 /* syscall trace active */ | ||
| 87 | #define TIF_NOTIFY_RESUME 1 /* callback before returning to user */ | 86 | #define TIF_NOTIFY_RESUME 1 /* callback before returning to user */ |
| 88 | #define TIF_SIGPENDING 2 /* signal pending */ | 87 | #define TIF_SIGPENDING 2 /* signal pending */ |
| 89 | #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ | 88 | #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ |
| 90 | #define TIF_RESTART_SVC 4 /* restart svc with new svc number */ | 89 | #define TIF_RESTART_SVC 4 /* restart svc with new svc number */ |
| 91 | #define TIF_SYSCALL_AUDIT 5 /* syscall auditing active */ | ||
| 92 | #define TIF_SINGLE_STEP 6 /* deliver sigtrap on return to user */ | 90 | #define TIF_SINGLE_STEP 6 /* deliver sigtrap on return to user */ |
| 93 | #define TIF_MCCK_PENDING 7 /* machine check handling is pending */ | 91 | #define TIF_MCCK_PENDING 7 /* machine check handling is pending */ |
| 92 | #define TIF_SYSCALL_TRACE 8 /* syscall trace active */ | ||
| 93 | #define TIF_SYSCALL_AUDIT 9 /* syscall auditing active */ | ||
| 94 | #define TIF_SECCOMP 10 /* secure computing */ | ||
| 94 | #define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */ | 95 | #define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */ |
| 95 | #define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling | 96 | #define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling |
| 96 | TIF_NEED_RESCHED */ | 97 | TIF_NEED_RESCHED */ |
| @@ -99,15 +100,16 @@ static inline struct thread_info *current_thread_info(void) | |||
| 99 | #define TIF_RESTORE_SIGMASK 20 /* restore signal mask in do_signal() */ | 100 | #define TIF_RESTORE_SIGMASK 20 /* restore signal mask in do_signal() */ |
| 100 | #define TIF_FREEZE 21 /* thread is freezing for suspend */ | 101 | #define TIF_FREEZE 21 /* thread is freezing for suspend */ |
| 101 | 102 | ||
| 102 | #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) | ||
| 103 | #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) | 103 | #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) |
| 104 | #define _TIF_RESTORE_SIGMASK (1<<TIF_RESTORE_SIGMASK) | 104 | #define _TIF_RESTORE_SIGMASK (1<<TIF_RESTORE_SIGMASK) |
| 105 | #define _TIF_SIGPENDING (1<<TIF_SIGPENDING) | 105 | #define _TIF_SIGPENDING (1<<TIF_SIGPENDING) |
| 106 | #define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) | 106 | #define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) |
| 107 | #define _TIF_RESTART_SVC (1<<TIF_RESTART_SVC) | 107 | #define _TIF_RESTART_SVC (1<<TIF_RESTART_SVC) |
| 108 | #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) | ||
| 109 | #define _TIF_SINGLE_STEP (1<<TIF_SINGLE_STEP) | 108 | #define _TIF_SINGLE_STEP (1<<TIF_SINGLE_STEP) |
| 110 | #define _TIF_MCCK_PENDING (1<<TIF_MCCK_PENDING) | 109 | #define _TIF_MCCK_PENDING (1<<TIF_MCCK_PENDING) |
| 110 | #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) | ||
| 111 | #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) | ||
| 112 | #define _TIF_SECCOMP (1<<TIF_SECCOMP) | ||
| 111 | #define _TIF_USEDFPU (1<<TIF_USEDFPU) | 113 | #define _TIF_USEDFPU (1<<TIF_USEDFPU) |
| 112 | #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) | 114 | #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) |
| 113 | #define _TIF_31BIT (1<<TIF_31BIT) | 115 | #define _TIF_31BIT (1<<TIF_31BIT) |
diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S index f3e275934213..db25cdc21e12 100644 --- a/arch/s390/kernel/entry.S +++ b/arch/s390/kernel/entry.S | |||
| @@ -53,6 +53,7 @@ _TIF_WORK_SVC = (_TIF_SIGPENDING | _TIF_NOTIFY_RESUME | _TIF_NEED_RESCHED | \ | |||
| 53 | _TIF_MCCK_PENDING | _TIF_RESTART_SVC | _TIF_SINGLE_STEP ) | 53 | _TIF_MCCK_PENDING | _TIF_RESTART_SVC | _TIF_SINGLE_STEP ) |
| 54 | _TIF_WORK_INT = (_TIF_SIGPENDING | _TIF_NOTIFY_RESUME | _TIF_NEED_RESCHED | \ | 54 | _TIF_WORK_INT = (_TIF_SIGPENDING | _TIF_NOTIFY_RESUME | _TIF_NEED_RESCHED | \ |
| 55 | _TIF_MCCK_PENDING) | 55 | _TIF_MCCK_PENDING) |
| 56 | _TIF_SYSCALL = (_TIF_SYSCALL_TRACE>>8 | _TIF_SYSCALL_AUDIT>>8 | _TIF_SECCOMP>>8) | ||
| 56 | 57 | ||
| 57 | STACK_SHIFT = PAGE_SHIFT + THREAD_ORDER | 58 | STACK_SHIFT = PAGE_SHIFT + THREAD_ORDER |
| 58 | STACK_SIZE = 1 << STACK_SHIFT | 59 | STACK_SIZE = 1 << STACK_SHIFT |
| @@ -265,7 +266,7 @@ sysc_do_restart: | |||
| 265 | sth %r7,SP_SVCNR(%r15) | 266 | sth %r7,SP_SVCNR(%r15) |
| 266 | sll %r7,2 # svc number *4 | 267 | sll %r7,2 # svc number *4 |
| 267 | l %r8,BASED(.Lsysc_table) | 268 | l %r8,BASED(.Lsysc_table) |
| 268 | tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT) | 269 | tm __TI_flags+2(%r9),_TIF_SYSCALL |
| 269 | l %r8,0(%r7,%r8) # get system call addr. | 270 | l %r8,0(%r7,%r8) # get system call addr. |
| 270 | bnz BASED(sysc_tracesys) | 271 | bnz BASED(sysc_tracesys) |
| 271 | basr %r14,%r8 # call sys_xxxx | 272 | basr %r14,%r8 # call sys_xxxx |
| @@ -405,7 +406,7 @@ sysc_tracego: | |||
| 405 | basr %r14,%r8 # call sys_xxx | 406 | basr %r14,%r8 # call sys_xxx |
| 406 | st %r2,SP_R2(%r15) # store return value | 407 | st %r2,SP_R2(%r15) # store return value |
| 407 | sysc_tracenogo: | 408 | sysc_tracenogo: |
| 408 | tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT) | 409 | tm __TI_flags+2(%r9),_TIF_SYSCALL |
| 409 | bz BASED(sysc_return) | 410 | bz BASED(sysc_return) |
| 410 | l %r1,BASED(.Ltrace_exit) | 411 | l %r1,BASED(.Ltrace_exit) |
| 411 | la %r2,SP_PTREGS(%r15) # load pt_regs | 412 | la %r2,SP_PTREGS(%r15) # load pt_regs |
diff --git a/arch/s390/kernel/entry64.S b/arch/s390/kernel/entry64.S index 84a105838e03..3cec9b504f5f 100644 --- a/arch/s390/kernel/entry64.S +++ b/arch/s390/kernel/entry64.S | |||
| @@ -56,6 +56,7 @@ _TIF_WORK_SVC = (_TIF_SIGPENDING | _TIF_NOTIFY_RESUME | _TIF_NEED_RESCHED | \ | |||
| 56 | _TIF_MCCK_PENDING | _TIF_RESTART_SVC | _TIF_SINGLE_STEP ) | 56 | _TIF_MCCK_PENDING | _TIF_RESTART_SVC | _TIF_SINGLE_STEP ) |
| 57 | _TIF_WORK_INT = (_TIF_SIGPENDING | _TIF_NOTIFY_RESUME | _TIF_NEED_RESCHED | \ | 57 | _TIF_WORK_INT = (_TIF_SIGPENDING | _TIF_NOTIFY_RESUME | _TIF_NEED_RESCHED | \ |
| 58 | _TIF_MCCK_PENDING) | 58 | _TIF_MCCK_PENDING) |
| 59 | _TIF_SYSCALL = (_TIF_SYSCALL_TRACE>>8 | _TIF_SYSCALL_AUDIT>>8 | _TIF_SECCOMP>>8) | ||
| 59 | 60 | ||
| 60 | #define BASED(name) name-system_call(%r13) | 61 | #define BASED(name) name-system_call(%r13) |
| 61 | 62 | ||
| @@ -260,7 +261,7 @@ sysc_do_restart: | |||
| 260 | larl %r10,sys_call_table_emu # use 31 bit emulation system calls | 261 | larl %r10,sys_call_table_emu # use 31 bit emulation system calls |
| 261 | sysc_noemu: | 262 | sysc_noemu: |
| 262 | #endif | 263 | #endif |
| 263 | tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT) | 264 | tm __TI_flags+6(%r9),_TIF_SYSCALL |
| 264 | lgf %r8,0(%r7,%r10) # load address of system call routine | 265 | lgf %r8,0(%r7,%r10) # load address of system call routine |
| 265 | jnz sysc_tracesys | 266 | jnz sysc_tracesys |
| 266 | basr %r14,%r8 # call sys_xxxx | 267 | basr %r14,%r8 # call sys_xxxx |
| @@ -391,7 +392,7 @@ sysc_tracego: | |||
| 391 | basr %r14,%r8 # call sys_xxx | 392 | basr %r14,%r8 # call sys_xxx |
| 392 | stg %r2,SP_R2(%r15) # store return value | 393 | stg %r2,SP_R2(%r15) # store return value |
| 393 | sysc_tracenogo: | 394 | sysc_tracenogo: |
| 394 | tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT) | 395 | tm __TI_flags+6(%r9),_TIF_SYSCALL |
| 395 | jz sysc_return | 396 | jz sysc_return |
| 396 | la %r2,SP_PTREGS(%r15) # load pt_regs | 397 | la %r2,SP_PTREGS(%r15) # load pt_regs |
| 397 | larl %r14,sysc_return # return point is sysc_return | 398 | larl %r14,sysc_return # return point is sysc_return |
diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c index 99eef179e903..b6fc1ae2ffcb 100644 --- a/arch/s390/kernel/ptrace.c +++ b/arch/s390/kernel/ptrace.c | |||
| @@ -36,7 +36,8 @@ | |||
| 36 | #include <linux/elf.h> | 36 | #include <linux/elf.h> |
| 37 | #include <linux/regset.h> | 37 | #include <linux/regset.h> |
| 38 | #include <linux/tracehook.h> | 38 | #include <linux/tracehook.h> |
| 39 | #include <linux/compat.h> | 39 | #include <linux/seccomp.h> |
| 40 | #include <asm/compat.h> | ||
| 40 | #include <asm/segment.h> | 41 | #include <asm/segment.h> |
| 41 | #include <asm/page.h> | 42 | #include <asm/page.h> |
| 42 | #include <asm/pgtable.h> | 43 | #include <asm/pgtable.h> |
| @@ -640,6 +641,9 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) | |||
| 640 | { | 641 | { |
| 641 | long ret; | 642 | long ret; |
| 642 | 643 | ||
| 644 | /* Do the secure computing check first. */ | ||
| 645 | secure_computing(regs->gprs[2]); | ||
| 646 | |||
| 643 | /* | 647 | /* |
| 644 | * The sysc_tracesys code in entry.S stored the system | 648 | * The sysc_tracesys code in entry.S stored the system |
| 645 | * call number to gprs[2]. | 649 | * call number to gprs[2]. |