ARM: SECCOMP support · tjh.dev/kernel@70c70d9

tjh.dev / kernel

fork atom

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

ARM: SECCOMP support

Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>

Nicolas Pitre 15 years ago 70c70d97 087aaffc

+40 -2

4 changed files

expand all

arch

arm

Kconfig

include

asm

seccomp.h

thread_info.h

kernel

entry-common.S

+14

arch/arm/Kconfig

··· 1463 1463 However, if the CPU data cache is using a write-allocate mode, 1464 1464 this option is unlikely to provide any performance gain. 1465 1465 1466 + config SECCOMP 1467 + bool 1468 + prompt "Enable seccomp to safely compute untrusted bytecode" 1469 + ---help--- 1470 + This kernel feature is useful for number crunching applications 1471 + that may need to compute untrusted bytecode during their 1472 + execution. By using pipes or other transports made available to 1473 + the process as file descriptors supporting the read/write 1474 + syscalls, it's possible to isolate those applications in 1475 + their own address space using seccomp. Once seccomp is 1476 + enabled via prctl(PR_SET_SECCOMP), it cannot be disabled 1477 + and the task is only allowed to execute a few safe syscalls 1478 + defined by each seccomp mode. 1479 + 1466 1480 config CC_STACKPROTECTOR 1467 1481 bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" 1468 1482 help

+11

arch/arm/include/asm/seccomp.h

··· 1 + #ifndef _ASM_ARM_SECCOMP_H 2 + #define _ASM_ARM_SECCOMP_H 3 + 4 + #include <linux/unistd.h> 5 + 6 + #define __NR_seccomp_read __NR_read 7 + #define __NR_seccomp_write __NR_write 8 + #define __NR_seccomp_exit __NR_exit 9 + #define __NR_seccomp_sigreturn __NR_rt_sigreturn 10 + 11 + #endif /* _ASM_ARM_SECCOMP_H */

arch/arm/include/asm/thread_info.h

··· 144 144 #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ 145 145 #define TIF_FREEZE 19 146 146 #define TIF_RESTORE_SIGMASK 20 147 + #define TIF_SECCOMP 21 147 148 148 149 #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) 149 150 #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) ··· 154 153 #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) 155 154 #define _TIF_FREEZE (1 << TIF_FREEZE) 156 155 #define _TIF_RESTORE_SIGMASK (1 << TIF_RESTORE_SIGMASK) 156 + #define _TIF_SECCOMP (1 << TIF_SECCOMP) 157 157 158 158 /* 159 159 * Change these and you break ASM code in entry-common.S

+13 -2

arch/arm/kernel/entry-common.S

··· 295 295 296 296 get_thread_info tsk 297 297 adr tbl, sys_call_table @ load syscall table pointer 298 - ldr ip, [tsk, #TI_FLAGS] @ check for syscall tracing 299 298 300 299 #if defined(CONFIG_OABI_COMPAT) 301 300 /* ··· 311 312 eor scno, scno, #__NR_SYSCALL_BASE @ check OS number 312 313 #endif 313 314 315 + ldr r10, [tsk, #TI_FLAGS] @ check for syscall tracing 314 316 stmdb sp!, {r4, r5} @ push fifth and sixth args 315 - tst ip, #_TIF_SYSCALL_TRACE @ are we tracing syscalls? 317 + 318 + #ifdef CONFIG_SECCOMP 319 + tst r10, #_TIF_SECCOMP 320 + beq 1f 321 + mov r0, scno 322 + bl __secure_computing 323 + add r0, sp, #S_R0 + S_OFF @ pointer to regs 324 + ldmia r0, {r0 - r3} @ have to reload r0 - r3 325 + 1: 326 + #endif 327 + 328 + tst r10, #_TIF_SYSCALL_TRACE @ are we tracing syscalls? 316 329 bne __sys_trace 317 330 318 331 cmp scno, #NR_syscalls @ check upper syscall limit