Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1/*
2 * linux/kernel/seccomp.c
3 *
4 * Copyright 2004-2005 Andrea Arcangeli <andrea@cpushare.com>
5 *
6 * This defines a simple but solid secure-computing mode.
7 */
8
9#include <linux/seccomp.h>
10#include <linux/sched.h>
11
12/* #define SECCOMP_DEBUG 1 */
13#define NR_SECCOMP_MODES 1
14
15/*
16 * Secure computing mode 1 allows only read/write/exit/sigreturn.
17 * To be fully secure this must be combined with rlimit
18 * to limit the stack allocations too.
19 */
20static int mode1_syscalls[] = {
21 __NR_seccomp_read, __NR_seccomp_write, __NR_seccomp_exit, __NR_seccomp_sigreturn,
22 0, /* null terminated */
23};
24
25#ifdef TIF_32BIT
26static int mode1_syscalls_32[] = {
27 __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,
28 0, /* null terminated */
29};
30#endif
31
32void __secure_computing(int this_syscall)
33{
34 int mode = current->seccomp.mode;
35 int * syscall;
36
37 switch (mode) {
38 case 1:
39 syscall = mode1_syscalls;
40#ifdef TIF_32BIT
41 if (test_thread_flag(TIF_32BIT))
42 syscall = mode1_syscalls_32;
43#endif
44 do {
45 if (*syscall == this_syscall)
46 return;
47 } while (*++syscall);
48 break;
49 default:
50 BUG();
51 }
52
53#ifdef SECCOMP_DEBUG
54 dump_stack();
55#endif
56 do_exit(SIGKILL);
57}
58
59long prctl_get_seccomp(void)
60{
61 return current->seccomp.mode;
62}
63
64long prctl_set_seccomp(unsigned long seccomp_mode)
65{
66 long ret;
67
68 /* can set it only once to be even more secure */
69 ret = -EPERM;
70 if (unlikely(current->seccomp.mode))
71 goto out;
72
73 ret = -EINVAL;
74 if (seccomp_mode && seccomp_mode <= NR_SECCOMP_MODES) {
75 current->seccomp.mode = seccomp_mode;
76 set_thread_flag(TIF_SECCOMP);
77#ifdef TIF_NOTSC
78 disable_TSC();
79#endif
80 ret = 0;
81 }
82
83 out:
84 return ret;
85}