+1 -1

arch/mips/Kconfig

reviewed

··· 1772 1772 1773 1773 config SECCOMP 1774 1774 bool "Enable seccomp to safely compute untrusted bytecode" 1775 1775 - depends on PROC_FS && BROKEN 1775 1775 + depends on PROC_FS 1776 1776 default y 1777 1777 help 1778 1778 This kernel feature is useful for number crunching applications

-1

arch/mips/kernel/asm-offsets.c

reviewed

··· 132 132 offset("#define THREAD_ECODE ", struct task_struct, \ 133 133 thread.error_code); 134 134 offset("#define THREAD_TRAPNO ", struct task_struct, thread.trap_no); 135 135 - offset("#define THREAD_MFLAGS ", struct task_struct, thread.mflags); 136 135 offset("#define THREAD_TRAMP ", struct task_struct, \ 137 136 thread.irix_trampoline); 138 137 offset("#define THREAD_OLDCTX ", struct task_struct, \

+5 -4

arch/mips/kernel/mips-mt-fpaff.c

reviewed

··· 50 50 cpumask_t effective_mask; 51 51 int retval; 52 52 struct task_struct *p; 53 53 + struct thread_info *ti; 53 54 54 55 if (len < sizeof(new_mask)) 55 56 return -EINVAL; ··· 94 93 read_unlock(&tasklist_lock); 95 94 96 95 /* Compute new global allowed CPU set if necessary */ 97 97 - if ((p->thread.mflags & MF_FPUBOUND) 98 98 - && cpus_intersects(new_mask, mt_fpu_cpumask)) { 96 96 + ti = task_thread_info(p); 97 97 + if (test_ti_thread_flag(ti, TIF_FPUBOUND) && 98 98 + cpus_intersects(new_mask, mt_fpu_cpumask)) { 99 99 cpus_and(effective_mask, new_mask, mt_fpu_cpumask); 100 100 retval = set_cpus_allowed(p, effective_mask); 101 101 } else { 102 102 - p->thread.mflags &= ~MF_FPUBOUND; 102 102 + clear_ti_thread_flag(ti, TIF_FPUBOUND); 103 103 retval = set_cpus_allowed(p, new_mask); 104 104 } 105 105 - 106 105 107 106 out_unlock: 108 107 put_task_struct(p);

+1 -1

arch/mips/kernel/process.c

reviewed

··· 77 77 status = regs->cp0_status & ~(ST0_CU0|ST0_CU1|KU_MASK); 78 78 #ifdef CONFIG_64BIT 79 79 status &= ~ST0_FR; 80 80 - status |= (current->thread.mflags & MF_32BIT_REGS) ? 0 : ST0_FR; 80 80 + status |= test_thread_flag(TIF_32BIT_REGS) ? 0 : ST0_FR; 81 81 #endif 82 82 status |= KU_USER; 83 83 regs->cp0_status = status;

+10 -4

arch/mips/kernel/ptrace.c

reviewed

··· 20 20 #include <linux/mm.h> 21 21 #include <linux/errno.h> 22 22 #include <linux/ptrace.h> 23 23 - #include <linux/audit.h> 24 23 #include <linux/smp.h> 25 24 #include <linux/user.h> 26 25 #include <linux/security.h> 27 27 - #include <linux/signal.h> 26 26 + #include <linux/audit.h> 27 27 + #include <linux/seccomp.h> 28 28 29 29 #include <asm/byteorder.h> 30 30 #include <asm/cpu.h> ··· 470 470 */ 471 471 asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit) 472 472 { 473 473 + /* do the secure computing check first */ 474 474 + if (!entryexit) 475 475 + secure_computing(regs->regs[0]); 476 476 + 473 477 if (unlikely(current->audit_context) && entryexit) 474 478 audit_syscall_exit(AUDITSC_RESULT(regs->regs[2]), 475 479 regs->regs[2]); 476 480 477 481 if (!(current->ptrace & PT_PTRACED)) 478 482 goto out; 483 483 + 479 484 if (!test_thread_flag(TIF_SYSCALL_TRACE)) 480 485 goto out; 481 486 ··· 498 493 send_sig(current->exit_code, current, 1); 499 494 current->exit_code = 0; 500 495 } 501 501 - out: 496 496 + 497 497 + out: 502 498 if (unlikely(current->audit_context) && !entryexit) 503 503 - audit_syscall_entry(audit_arch(), regs->regs[2], 499 499 + audit_syscall_entry(audit_arch(), regs->regs[0], 504 500 regs->regs[4], regs->regs[5], 505 501 regs->regs[6], regs->regs[7]); 506 502 }

+13 -5

arch/mips/kernel/syscall.c

reviewed

··· 281 281 282 282 asmlinkage int _sys_sysmips(int cmd, long arg1, int arg2, int arg3) 283 283 { 284 284 - int tmp; 285 285 - 286 286 - switch(cmd) { 284 284 + switch (cmd) { 287 285 case MIPS_ATOMIC_SET: 288 286 printk(KERN_CRIT "How did I get here?\n"); 289 287 return -EINVAL; 290 288 291 289 case MIPS_FIXADE: 292 292 - tmp = current->thread.mflags & ~3; 293 293 - current->thread.mflags = tmp | (arg1 & 3); 290 290 + if (arg1 & ~3) 291 291 + return -EINVAL; 292 292 + 293 293 + if (arg1 & 1) 294 294 + set_thread_flag(TIF_FIXADE); 295 295 + else 296 296 + clear_thread_flag(TIF_FIXADE); 297 297 + if (arg1 & 2) 298 298 + set_thread_flag(TIF_LOGADE); 299 299 + else 300 300 + clear_thread_flag(TIF_FIXADE); 301 301 + 294 302 return 0; 295 303 296 304 case FLUSH_CACHE:

+1 -1

arch/mips/kernel/traps.c

reviewed

··· 775 775 cpus_and(tmask, current->thread.user_cpus_allowed, 776 776 mt_fpu_cpumask); 777 777 set_cpus_allowed(current, tmask); 778 778 - current->thread.mflags |= MF_FPUBOUND; 778 778 + set_thread_flag(TIF_FPUBOUND); 779 779 } 780 780 } 781 781 #endif /* CONFIG_MIPS_MT_FPAFF */

+1 -1

arch/mips/kernel/unaligned.c

reviewed

··· 524 524 goto sigbus; 525 525 526 526 pc = (unsigned int __user *) exception_epc(regs); 527 527 - if (user_mode(regs) && (current->thread.mflags & MF_FIXADE) == 0) 527 527 + if (user_mode(regs) && !test_thread_flag(TIF_FIXADE)) 528 528 goto sigbus; 529 529 if (unaligned_action == UNALIGNED_ACTION_SIGNAL) 530 530 goto sigbus;

+1 -1

drivers/input/evdev.c

reviewed

··· 186 186 #elif defined(CONFIG_S390) 187 187 # define COMPAT_TEST test_thread_flag(TIF_31BIT) 188 188 #elif defined(CONFIG_MIPS) 189 189 - # define COMPAT_TEST (current->thread.mflags & MF_32BIT_ADDR) 189 189 + # define COMPAT_TEST test_thread_flag(TIF_32BIT_ADDR) 190 190 #else 191 191 # define COMPAT_TEST test_thread_flag(TIF_32BIT) 192 192 #endif

+2 -1

include/asm-mips/a.out.h

reviewed

··· 38 38 #define STACK_TOP TASK_SIZE 39 39 #endif 40 40 #ifdef CONFIG_64BIT 41 41 - #define STACK_TOP (current->thread.mflags & MF_32BIT_ADDR ? TASK_SIZE32 : TASK_SIZE) 41 41 + #define STACK_TOP \ 42 42 + (test_thread_flag(TIF_32BIT_ADDR) ? TASK_SIZE32 : TASK_SIZE) 42 43 #endif 43 44 #define STACK_TOP_MAX TASK_SIZE 44 45

+7 -6

include/asm-mips/elf.h

reviewed

··· 265 265 #ifdef CONFIG_MIPS32_N32 266 266 #define __SET_PERSONALITY32_N32() \ 267 267 do { \ 268 268 - current->thread.mflags |= MF_N32; \ 268 268 + set_thread_flag(TIF_32BIT_ADDR); \ 269 269 current->thread.abi = &mips_abi_n32; \ 270 270 } while (0) 271 271 #else ··· 276 276 #ifdef CONFIG_MIPS32_O32 277 277 #define __SET_PERSONALITY32_O32() \ 278 278 do { \ 279 279 - current->thread.mflags |= MF_O32; \ 279 279 + set_thread_flag(TIF_32BIT_REGS); \ 280 280 + set_thread_flag(TIF_32BIT_ADDR); \ 280 281 current->thread.abi = &mips_abi_32; \ 281 282 } while (0) 282 283 #else ··· 300 299 301 300 #define SET_PERSONALITY(ex, ibcs2) \ 302 301 do { \ 303 303 - current->thread.mflags &= ~MF_ABI_MASK; \ 302 302 + clear_thread_flag(TIF_32BIT_REGS); \ 303 303 + clear_thread_flag(TIF_32BIT_ADDR); \ 304 304 + \ 304 305 if ((ex).e_ident[EI_CLASS] == ELFCLASS32) \ 305 306 __SET_PERSONALITY32(ex); \ 306 306 - else { \ 307 307 - current->thread.mflags |= MF_N64; \ 307 307 + else \ 308 308 current->thread.abi = &mips_abi; \ 309 309 - } \ 310 309 \ 311 310 if (ibcs2) \ 312 311 set_personality(PER_SVR4); \

+3 -17

include/asm-mips/processor.h

reviewed

··· 62 62 * This decides where the kernel will search for a free chunk of vm 63 63 * space during mmap's. 64 64 */ 65 65 - #define TASK_UNMAPPED_BASE ((current->thread.mflags & MF_32BIT_ADDR) ? \ 66 66 - PAGE_ALIGN(TASK_SIZE32 / 3) : PAGE_ALIGN(TASK_SIZE / 3)) 65 65 + #define TASK_UNMAPPED_BASE \ 66 66 + (test_thread_flag(TIF_32BIT_ADDR) ? \ 67 67 + PAGE_ALIGN(TASK_SIZE32 / 3) : PAGE_ALIGN(TASK_SIZE / 3)) 67 68 #endif 68 69 69 70 #define NUM_FPU_REGS 32 ··· 133 132 unsigned long cp0_baduaddr; /* Last kernel fault accessing USEG */ 134 133 unsigned long error_code; 135 134 unsigned long trap_no; 136 136 - #define MF_FIXADE 1 /* Fix address errors in software */ 137 137 - #define MF_LOGADE 2 /* Log address errors to syslog */ 138 138 - #define MF_32BIT_REGS 4 /* also implies 16/32 fprs */ 139 139 - #define MF_32BIT_ADDR 8 /* 32-bit address space (o32/n32) */ 140 140 - #define MF_FPUBOUND 0x10 /* thread bound to FPU-full CPU set */ 141 141 - unsigned long mflags; 142 135 unsigned long irix_trampoline; /* Wheee... */ 143 136 unsigned long irix_oldctx; 144 137 struct mips_abi *abi; 145 138 }; 146 146 - 147 147 - #define MF_ABI_MASK (MF_32BIT_REGS | MF_32BIT_ADDR) 148 148 - #define MF_O32 (MF_32BIT_REGS | MF_32BIT_ADDR) 149 149 - #define MF_N32 MF_32BIT_ADDR 150 150 - #define MF_N64 0 151 139 152 140 #ifdef CONFIG_MIPS_MT_FPAFF 153 141 #define FPAFF_INIT \ ··· 190 200 .cp0_baduaddr = 0, \ 191 201 .error_code = 0, \ 192 202 .trap_no = 0, \ 193 193 - /* \ 194 194 - * For now the default is to fix address errors \ 195 195 - */ \ 196 196 - .mflags = MF_FIXADE, \ 197 203 .irix_trampoline = 0, \ 198 204 .irix_oldctx = 0, \ 199 205 }

+37

include/asm-mips/seccomp.h

reviewed

··· 1 1 + #ifndef __ASM_SECCOMP_H 2 2 + 3 3 + #include <linux/thread_info.h> 4 4 + #include <linux/unistd.h> 5 5 + 6 6 + #define __NR_seccomp_read __NR_read 7 7 + #define __NR_seccomp_write __NR_write 8 8 + #define __NR_seccomp_exit __NR_exit 9 9 + #define __NR_seccomp_sigreturn __NR_rt_sigreturn 10 10 + 11 11 + /* 12 12 + * Kludge alert: 13 13 + * 14 14 + * The generic seccomp code currently allows only a single compat ABI. Until 15 15 + * this is fixed we priorize O32 as the compat ABI over N32. 16 16 + */ 17 17 + #ifdef CONFIG_MIPS32_O32 18 18 + 19 19 + #define TIF_32BIT TIF_32BIT_REGS 20 20 + 21 21 + #define __NR_seccomp_read_32 4003 22 22 + #define __NR_seccomp_write_32 4004 23 23 + #define __NR_seccomp_exit_32 4001 24 24 + #define __NR_seccomp_sigreturn_32 4193 /* rt_sigreturn */ 25 25 + 26 26 + #elif defined(CONFIG_MIPS32_N32) 27 27 + 28 28 + #define TIF_32BIT _TIF_32BIT_ADDR 29 29 + 30 30 + #define __NR_seccomp_read_32 6000 31 31 + #define __NR_seccomp_write_32 6001 32 32 + #define __NR_seccomp_exit_32 6058 33 33 + #define __NR_seccomp_sigreturn_32 6211 /* rt_sigreturn */ 34 34 + 35 35 + #endif /* CONFIG_MIPS32_O32 */ 36 36 + 37 37 + #endif /* __ASM_SECCOMP_H */

+5 -3

include/asm-mips/system.h

reviewed

··· 46 46 47 47 #define __mips_mt_fpaff_switch_to(prev) \ 48 48 do { \ 49 49 + struct thread_info *__prev_ti = task_thread_info(prev); \ 50 50 + \ 49 51 if (cpu_has_fpu && \ 50 50 - (prev->thread.mflags & MF_FPUBOUND) && \ 51 51 - (!(KSTK_STATUS(prev) & ST0_CU1))) { \ 52 52 - prev->thread.mflags &= ~MF_FPUBOUND; \ 52 52 + test_ti_thread_flag(__prev_ti, TIF_FPUBOUND) && \ 53 53 + (!(KSTK_STATUS(prev) & ST0_CU1))) { \ 54 54 + clear_ti_thread_flag(__prev_ti, TIF_FPUBOUND); \ 53 55 prev->cpus_allowed = prev->thread.user_cpus_allowed; \ 54 56 } \ 55 57 next->thread.emulated_fp = 0; \

+11 -1

include/asm-mips/thread_info.h

reviewed

··· 46 46 { \ 47 47 .task = &tsk, \ 48 48 .exec_domain = &default_exec_domain, \ 49 49 - .flags = 0, \ 49 49 + .flags = _TIF_FIXADE, \ 50 50 .cpu = 0, \ 51 51 .preempt_count = 1, \ 52 52 .addr_limit = KERNEL_DS, \ ··· 119 119 #define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling TIF_NEED_RESCHED */ 120 120 #define TIF_MEMDIE 18 121 121 #define TIF_FREEZE 19 122 122 + #define TIF_FIXADE 20 /* Fix address errors in software */ 123 123 + #define TIF_LOGADE 21 /* Log address errors to syslog */ 124 124 + #define TIF_32BIT_REGS 22 /* also implies 16/32 fprs */ 125 125 + #define TIF_32BIT_ADDR 23 /* 32-bit address space (o32/n32) */ 126 126 + #define TIF_FPUBOUND 24 /* thread bound to FPU-full CPU set */ 122 127 #define TIF_SYSCALL_TRACE 31 /* syscall trace active */ 123 128 124 129 #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) ··· 136 131 #define _TIF_USEDFPU (1<<TIF_USEDFPU) 137 132 #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) 138 133 #define _TIF_FREEZE (1<<TIF_FREEZE) 134 134 + #define _TIF_FIXADE (1<<TIF_FIXADE) 135 135 + #define _TIF_LOGADE (1<<TIF_LOGADE) 136 136 + #define _TIF_32BIT_REGS (1<<TIF_32BIT_REGS) 137 137 + #define _TIF_32BIT_ADDR (1<<TIF_32BIT_ADDR) 138 138 + #define _TIF_FPUBOUND (1<<TIF_FPUBOUND) 139 139 140 140 /* work to do on interrupt/exception return */ 141 141 #define _TIF_WORK_MASK (0x0000ffef & ~_TIF_SECCOMP)