5 files changed, 30 insertions, 15 deletions
diff --git a/arch/sparc64/Kconfig b/arch/sparc64/Kconfig
index 4b1329286242..6a4733683f0f 100644
--- a/arch/sparc64/Kconfig
+++ b/arch/sparc64/Kconfig
@@ -43,6 +43,23 @@ config SPARC64_PAGE_SIZE_4MB
 endchoice
+config SECCOMP
+        bool "Enable seccomp to safely compute untrusted bytecode"
+        depends on PROC_FS
+        default y
+        help
+          This kernel feature is useful for number crunching applications
+          that may need to compute untrusted bytecode during their
+          execution. By using pipes or other transports made available to
+          the process as file descriptors supporting the read/write
+          syscalls, it's possible to isolate those applications in
+          their own address space using seccomp. Once seccomp is
+          enabled via /proc/<pid>/seccomp, it cannot be disabled
+          and the task is only allowed to execute a few safe syscalls
+          defined by each seccomp mode.
+          If unsure, say Y. Only embedded should say N here.
 source kernel/Kconfig.hz
 source "init/Kconfig"
diff --git a/arch/sparc64/kernel/entry.S b/arch/sparc64/kernel/entry.S
index b51bd14cde44..acc323eef535 100644
--- a/arch/sparc64/kernel/entry.S
+++ b/arch/sparc64/kernel/entry.S
@@ -1552,7 +1552,7 @@ sys_ptrace:	add		%sp, PTREGS_OFF, %o0
                nop
                .align          32
 1:              ldx             [%curptr + TI_FLAGS], %l5
-                andcc           %l5, _TIF_SYSCALL_TRACE, %g0
+                andcc           %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0
                be,pt           %icc, rtrap
                 clr            %l6
                call            syscall_trace
@@ -1676,7 +1676,7 @@ linux_sparc_syscall32:
        srl             %i5, 0, %o5                             ! IEU1
        srl             %i2, 0, %o2                             ! IEU0  Group
-        andcc           %l0, _TIF_SYSCALL_TRACE, %g0            ! IEU0  Group
+        andcc           %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU0      Group
        bne,pn          %icc, linux_syscall_trace32             ! CTI
         mov            %i0, %l5                                ! IEU1
        call            %l7                                     ! CTI   Group brk forced
@@ -1699,7 +1699,7 @@ linux_sparc_syscall:
        mov             %i3, %o3                                ! IEU1
        mov             %i4, %o4                                ! IEU0  Group
-        andcc           %l0, _TIF_SYSCALL_TRACE, %g0            ! IEU1  Group+1 bubble
+        andcc           %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU1      Group+1 bubble
        bne,pn          %icc, linux_syscall_trace               ! CTI   Group
         mov            %i0, %l5                                ! IEU0
 2:      call            %l7                                     ! CTI   Group brk forced
@@ -1727,7 +1727,7 @@ ret_sys_call:
 1:
        cmp             %o0, -ERESTART_RESTARTBLOCK
        bgeu,pn         %xcc, 1f
-         andcc          %l0, _TIF_SYSCALL_TRACE, %l6    
+         andcc          %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6
 80:
        /* System call success, clear Carry condition code. */
        andn            %g3, %g2, %g3
@@ -1742,7 +1742,7 @@ ret_sys_call:
        /* System call failure, set Carry condition code.
         * Also, get abs(errno) to return to the process.
         */
-        andcc           %l0, _TIF_SYSCALL_TRACE, %l6    
+        andcc           %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6     
        sub             %g0, %o0, %o0
        or              %g3, %g2, %g3
        stx             %o0, [%sp + PTREGS_OFF + PT_V9_I0]
diff --git a/arch/sparc64/kernel/power.c b/arch/sparc64/kernel/power.c
index 52f14e399b1c..533104c7907d 100644
--- a/arch/sparc64/kernel/power.c
+++ b/arch/sparc64/kernel/power.c
@@ -4,6 +4,8 @@
 * Copyright (C) 1999 David S. Miller (davem@redhat.com)
 */
+#define __KERNEL_SYSCALLS__
 #include <linux/config.h>
 #include <linux/kernel.h>
 #include <linux/module.h>
@@ -17,7 +19,6 @@
 #include <asm/ebus.h>
 #include <asm/auxio.h>
-#define __KERNEL_SYSCALLS__
 #include <linux/unistd.h>
 /*
diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c
index 80a76e2ad732..5abf596f5964 100644
--- a/arch/sparc64/kernel/ptrace.c
+++ b/arch/sparc64/kernel/ptrace.c
@@ -630,9 +630,9 @@ out:
 asmlinkage void syscall_trace(void)
 {
-#ifdef DEBUG_PTRACE
+        /* do the secure computing check first */
-        printk("%s [%d]: syscall_trace\n", current->comm, current->pid);
+        secure_computing(current_thread_info()->kregs->u_regs[UREG_G1]);
-#endif
        if (!test_thread_flag(TIF_SYSCALL_TRACE))
                return;
        if (!(current->ptrace & PT_PTRACED))
@@ -645,12 +645,8 @@ asmlinkage void syscall_trace(void)
         * for normal use.  strace only continues with a signal if the
         * stopping signal is not SIGTRAP.  -brl
         */
-#ifdef DEBUG_PTRACE
-        printk("%s [%d]: syscall_trace exit= %x\n", current->comm,
-                current->pid, current->exit_code);
-#endif
        if (current->exit_code) {
-                send_sig (current->exit_code, current, 1);
+                send_sig(current->exit_code, current, 1);
                current->exit_code = 0;
        }
 }
diff --git a/include/asm-sparc64/thread_info.h b/include/asm-sparc64/thread_info.h
index 0cd652956929..6b2fbb89bb63 100644
--- a/include/asm-sparc64/thread_info.h
+++ b/include/asm-sparc64/thread_info.h
@@ -220,7 +220,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
 #define TIF_NEWSIGNALS          6       /* wants new-style signals */
 #define TIF_32BIT               7       /* 32-bit binary */
 #define TIF_NEWCHILD            8       /* just-spawned child process */
-/* TIF_* value 9 is available */
+#define TIF_SECCOMP             9       /* secure computing */
 #define TIF_POLLING_NRFLAG      10
 #define TIF_SYSCALL_SUCCESS     11
 /* NOTE: Thread flags >= 12 should be ones we have no interest
@@ -239,6 +239,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
 #define _TIF_NEWSIGNALS         (1<<TIF_NEWSIGNALS)
 #define _TIF_32BIT              (1<<TIF_32BIT)
 #define _TIF_NEWCHILD           (1<<TIF_NEWCHILD)
+#define _TIF_SECCOMP            (1<<TIF_SECCOMP)
 #define _TIF_POLLING_NRFLAG     (1<<TIF_POLLING_NRFLAG)
 #define _TIF_ABI_PENDING        (1<<TIF_ABI_PENDING)
 #define _TIF_SYSCALL_SUCCESS    (1<<TIF_SYSCALL_SUCCESS)

diff --git a/arch/sparc64/Kconfig b/arch/sparc64/Kconfig index 4b1329286242..6a4733683f0f 100644 --- a/arch/sparc64/Kconfig +++ b/arch/sparc64/Kconfig
@@ -43,6 +43,23 @@ config SPARC64_PAGE_SIZE_4MB
43		43
44	endchoice	44	endchoice
45		45
		46	config SECCOMP
		47	bool "Enable seccomp to safely compute untrusted bytecode"
		48	depends on PROC_FS
		49	default y
		50	help
		51	This kernel feature is useful for number crunching applications
		52	that may need to compute untrusted bytecode during their
		53	execution. By using pipes or other transports made available to
		54	the process as file descriptors supporting the read/write
		55	syscalls, it's possible to isolate those applications in
		56	their own address space using seccomp. Once seccomp is
		57	enabled via /proc/<pid>/seccomp, it cannot be disabled
		58	and the task is only allowed to execute a few safe syscalls
		59	defined by each seccomp mode.
		60
		61	If unsure, say Y. Only embedded should say N here.
		62
46	source kernel/Kconfig.hz	63	source kernel/Kconfig.hz
47		64
48	source "init/Kconfig"	65	source "init/Kconfig"


diff --git a/arch/sparc64/kernel/entry.S b/arch/sparc64/kernel/entry.S index b51bd14cde44..acc323eef535 100644 --- a/arch/sparc64/kernel/entry.S +++ b/arch/sparc64/kernel/entry.S
@@ -1552,7 +1552,7 @@ sys_ptrace: add %sp, PTREGS_OFF, %o0
1552	nop	1552	nop
1553	.align 32	1553	.align 32
1554	1: ldx [%curptr + TI_FLAGS], %l5	1554	1: ldx [%curptr + TI_FLAGS], %l5
1555	andcc %l5, _TIF_SYSCALL_TRACE, %g0	1555	andcc %l5, (_TIF_SYSCALL_TRACE\|_TIF_SECCOMP), %g0
1556	be,pt %icc, rtrap	1556	be,pt %icc, rtrap
1557	clr %l6	1557	clr %l6
1558	call syscall_trace	1558	call syscall_trace
@@ -1676,7 +1676,7 @@ linux_sparc_syscall32:
1676		1676
1677	srl %i5, 0, %o5 ! IEU1	1677	srl %i5, 0, %o5 ! IEU1
1678	srl %i2, 0, %o2 ! IEU0 Group	1678	srl %i2, 0, %o2 ! IEU0 Group
1679	andcc %l0, _TIF_SYSCALL_TRACE, %g0 ! IEU0 Group	1679	andcc %l0, (_TIF_SYSCALL_TRACE\|_TIF_SECCOMP), %g0 ! IEU0 Group
1680	bne,pn %icc, linux_syscall_trace32 ! CTI	1680	bne,pn %icc, linux_syscall_trace32 ! CTI
1681	mov %i0, %l5 ! IEU1	1681	mov %i0, %l5 ! IEU1
1682	call %l7 ! CTI Group brk forced	1682	call %l7 ! CTI Group brk forced
@@ -1699,7 +1699,7 @@ linux_sparc_syscall:
1699		1699
1700	mov %i3, %o3 ! IEU1	1700	mov %i3, %o3 ! IEU1
1701	mov %i4, %o4 ! IEU0 Group	1701	mov %i4, %o4 ! IEU0 Group
1702	andcc %l0, _TIF_SYSCALL_TRACE, %g0 ! IEU1 Group+1 bubble	1702	andcc %l0, (_TIF_SYSCALL_TRACE\|_TIF_SECCOMP), %g0 ! IEU1 Group+1 bubble
1703	bne,pn %icc, linux_syscall_trace ! CTI Group	1703	bne,pn %icc, linux_syscall_trace ! CTI Group
1704	mov %i0, %l5 ! IEU0	1704	mov %i0, %l5 ! IEU0
1705	2: call %l7 ! CTI Group brk forced	1705	2: call %l7 ! CTI Group brk forced
@@ -1727,7 +1727,7 @@ ret_sys_call:
1727	1:	1727	1:
1728	cmp %o0, -ERESTART_RESTARTBLOCK	1728	cmp %o0, -ERESTART_RESTARTBLOCK
1729	bgeu,pn %xcc, 1f	1729	bgeu,pn %xcc, 1f
1730	andcc %l0, _TIF_SYSCALL_TRACE, %l6	1730	andcc %l0, (_TIF_SYSCALL_TRACE\|_TIF_SECCOMP), %l6
1731	80:	1731	80:
1732	/* System call success, clear Carry condition code. */	1732	/* System call success, clear Carry condition code. */
1733	andn %g3, %g2, %g3	1733	andn %g3, %g2, %g3
@@ -1742,7 +1742,7 @@ ret_sys_call:
1742	/* System call failure, set Carry condition code.	1742	/* System call failure, set Carry condition code.
1743	* Also, get abs(errno) to return to the process.	1743	* Also, get abs(errno) to return to the process.
1744	*/	1744	*/
1745	andcc %l0, _TIF_SYSCALL_TRACE, %l6	1745	andcc %l0, (_TIF_SYSCALL_TRACE\|_TIF_SECCOMP), %l6
1746	sub %g0, %o0, %o0	1746	sub %g0, %o0, %o0
1747	or %g3, %g2, %g3	1747	or %g3, %g2, %g3
1748	stx %o0, [%sp + PTREGS_OFF + PT_V9_I0]	1748	stx %o0, [%sp + PTREGS_OFF + PT_V9_I0]


diff --git a/arch/sparc64/kernel/power.c b/arch/sparc64/kernel/power.c index 52f14e399b1c..533104c7907d 100644 --- a/arch/sparc64/kernel/power.c +++ b/arch/sparc64/kernel/power.c
@@ -4,6 +4,8 @@
4	* Copyright (C) 1999 David S. Miller (davem@redhat.com)	4	* Copyright (C) 1999 David S. Miller (davem@redhat.com)
5	*/	5	*/
6		6
		7	#define __KERNEL_SYSCALLS__
		8
7	#include <linux/config.h>	9	#include <linux/config.h>
8	#include <linux/kernel.h>	10	#include <linux/kernel.h>
9	#include <linux/module.h>	11	#include <linux/module.h>
@@ -17,7 +19,6 @@
17	#include <asm/ebus.h>	19	#include <asm/ebus.h>
18	#include <asm/auxio.h>	20	#include <asm/auxio.h>
19		21
20	#define __KERNEL_SYSCALLS__
21	#include <linux/unistd.h>	22	#include <linux/unistd.h>
22		23
23	/*	24	/*


diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c index 80a76e2ad732..5abf596f5964 100644 --- a/arch/sparc64/kernel/ptrace.c +++ b/arch/sparc64/kernel/ptrace.c
@@ -630,9 +630,9 @@ out:
630		630
631	asmlinkage void syscall_trace(void)	631	asmlinkage void syscall_trace(void)
632	{	632	{
633	#ifdef DEBUG_PTRACE	633	/* do the secure computing check first */
634	printk("%s [%d]: syscall_trace\n", current->comm, current->pid);	634	secure_computing(current_thread_info()->kregs->u_regs[UREG_G1]);
635	#endif	635
636	if (!test_thread_flag(TIF_SYSCALL_TRACE))	636	if (!test_thread_flag(TIF_SYSCALL_TRACE))
637	return;	637	return;
638	if (!(current->ptrace & PT_PTRACED))	638	if (!(current->ptrace & PT_PTRACED))
@@ -645,12 +645,8 @@ asmlinkage void syscall_trace(void)
645	* for normal use. strace only continues with a signal if the	645	* for normal use. strace only continues with a signal if the
646	* stopping signal is not SIGTRAP. -brl	646	* stopping signal is not SIGTRAP. -brl
647	*/	647	*/
648	#ifdef DEBUG_PTRACE
649	printk("%s [%d]: syscall_trace exit= %x\n", current->comm,
650	current->pid, current->exit_code);
651	#endif
652	if (current->exit_code) {	648	if (current->exit_code) {
653	send_sig (current->exit_code, current, 1);	649	send_sig(current->exit_code, current, 1);
654	current->exit_code = 0;	650	current->exit_code = 0;
655	}	651	}
656	}	652	}


diff --git a/include/asm-sparc64/thread_info.h b/include/asm-sparc64/thread_info.h index 0cd652956929..6b2fbb89bb63 100644 --- a/include/asm-sparc64/thread_info.h +++ b/include/asm-sparc64/thread_info.h
@@ -220,7 +220,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
220	#define TIF_NEWSIGNALS 6 /* wants new-style signals */	220	#define TIF_NEWSIGNALS 6 /* wants new-style signals */
221	#define TIF_32BIT 7 /* 32-bit binary */	221	#define TIF_32BIT 7 /* 32-bit binary */
222	#define TIF_NEWCHILD 8 /* just-spawned child process */	222	#define TIF_NEWCHILD 8 /* just-spawned child process */
223	/* TIF_* value 9 is available */	223	#define TIF_SECCOMP 9 /* secure computing */
224	#define TIF_POLLING_NRFLAG 10	224	#define TIF_POLLING_NRFLAG 10
225	#define TIF_SYSCALL_SUCCESS 11	225	#define TIF_SYSCALL_SUCCESS 11
226	/* NOTE: Thread flags >= 12 should be ones we have no interest	226	/* NOTE: Thread flags >= 12 should be ones we have no interest
@@ -239,6 +239,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
239	#define _TIF_NEWSIGNALS (1<<TIF_NEWSIGNALS)	239	#define _TIF_NEWSIGNALS (1<<TIF_NEWSIGNALS)
240	#define _TIF_32BIT (1<<TIF_32BIT)	240	#define _TIF_32BIT (1<<TIF_32BIT)
241	#define _TIF_NEWCHILD (1<<TIF_NEWCHILD)	241	#define _TIF_NEWCHILD (1<<TIF_NEWCHILD)
		242	#define _TIF_SECCOMP (1<<TIF_SECCOMP)
242	#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)	243	#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
243	#define _TIF_ABI_PENDING (1<<TIF_ABI_PENDING)	244	#define _TIF_ABI_PENDING (1<<TIF_ABI_PENDING)
244	#define _TIF_SYSCALL_SUCCESS (1<<TIF_SYSCALL_SUCCESS)	245	#define _TIF_SYSCALL_SUCCESS (1<<TIF_SYSCALL_SUCCESS)