arm64: add seccomp support · tjh.dev/kernel@a1ae65b

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

arm64: add seccomp support

secure_computing() is called first in syscall_trace_enter() so that
a system call will be aborted quickly without doing succeeding syscall
tracing if seccomp rules want to deny that system call.

On compat task, syscall numbers for system calls allowed in seccomp mode 1
are different from those on normal tasks, and so _NR_seccomp_xxx_32's need
to be redefined.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>

authored by

AKASHI Takahiro and committed by

Will Deacon 11 years ago a1ae65b2 cc5e9097

+47

4 changed files

expand all

arch

arm64

Kconfig

include

asm

seccomp.h

unistd.h

kernel

ptrace.c

+14

arch/arm64/Kconfig

··· 38 38 select HAVE_ARCH_AUDITSYSCALL 39 39 select HAVE_ARCH_JUMP_LABEL 40 40 select HAVE_ARCH_KGDB 41 + select HAVE_ARCH_SECCOMP_FILTER 41 42 select HAVE_ARCH_TRACEHOOK 42 43 select HAVE_BPF_JIT 43 44 select HAVE_C_RECORDMCOUNT ··· 455 454 def_bool y 456 455 457 456 source "mm/Kconfig" 457 + 458 + config SECCOMP 459 + bool "Enable seccomp to safely compute untrusted bytecode" 460 + ---help--- 461 + This kernel feature is useful for number crunching applications 462 + that may need to compute untrusted bytecode during their 463 + execution. By using pipes or other transports made available to 464 + the process as file descriptors supporting the read/write 465 + syscalls, it's possible to isolate those applications in 466 + their own address space using seccomp. Once seccomp is 467 + enabled via prctl(PR_SET_SECCOMP), it cannot be disabled 468 + and the task is only allowed to execute a few safe syscalls 469 + defined by each seccomp mode. 458 470 459 471 config XEN_DOM0 460 472 def_bool y

+25

arch/arm64/include/asm/seccomp.h

··· 1 + /* 2 + * arch/arm64/include/asm/seccomp.h 3 + * 4 + * Copyright (C) 2014 Linaro Limited 5 + * Author: AKASHI Takahiro <takahiro.akashi@linaro.org> 6 + * 7 + * This program is free software; you can redistribute it and/or modify 8 + * it under the terms of the GNU General Public License version 2 as 9 + * published by the Free Software Foundation. 10 + */ 11 + #ifndef _ASM_SECCOMP_H 12 + #define _ASM_SECCOMP_H 13 + 14 + #include <asm/unistd.h> 15 + 16 + #ifdef CONFIG_COMPAT 17 + #define __NR_seccomp_read_32 __NR_compat_read 18 + #define __NR_seccomp_write_32 __NR_compat_write 19 + #define __NR_seccomp_exit_32 __NR_compat_exit 20 + #define __NR_seccomp_sigreturn_32 __NR_compat_rt_sigreturn 21 + #endif /* CONFIG_COMPAT */ 22 + 23 + #include <asm-generic/seccomp.h> 24 + 25 + #endif /* _ASM_SECCOMP_H */

arch/arm64/include/asm/unistd.h

··· 31 31 * Compat syscall numbers used by the AArch64 kernel. 32 32 */ 33 33 #define __NR_compat_restart_syscall 0 34 + #define __NR_compat_exit 1 35 + #define __NR_compat_read 3 36 + #define __NR_compat_write 4 34 37 #define __NR_compat_sigreturn 119 35 38 #define __NR_compat_rt_sigreturn 173 36 39

arch/arm64/kernel/ptrace.c

··· 27 27 #include <linux/smp.h> 28 28 #include <linux/ptrace.h> 29 29 #include <linux/user.h> 30 + #include <linux/seccomp.h> 30 31 #include <linux/security.h> 31 32 #include <linux/init.h> 32 33 #include <linux/signal.h> ··· 1150 1149 1151 1150 asmlinkage int syscall_trace_enter(struct pt_regs *regs) 1152 1151 { 1152 + /* Do the secure computing check first; failures should be fast. */ 1153 + if (secure_computing() == -1) 1154 + return -1; 1155 + 1153 1156 if (test_thread_flag(TIF_SYSCALL_TRACE)) 1154 1157 tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER); 1155 1158