[S390] secure computing arch backend · tjh.dev/kernel@bcf5cef

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[S390] secure computing arch backend

Enable secure computing on s390 as well.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

authored by

Heiko Carstens and committed by

Martin Schwidefsky 17 years ago bcf5cef7 7757591a

+51 -9

6 changed files

expand all

arch

s390

Kconfig

include

asm

seccomp.h

thread_info.h

kernel

entry.S

entry64.S

ptrace.c

+18

arch/s390/Kconfig

··· 567 567 the KVM hypervisor. This will add detection for KVM as well as a 568 568 virtio transport. If KVM is detected, the virtio console will be 569 569 the default console. 570 + 571 + config SECCOMP 572 + bool "Enable seccomp to safely compute untrusted bytecode" 573 + depends on PROC_FS 574 + default y 575 + help 576 + This kernel feature is useful for number crunching applications 577 + that may need to compute untrusted bytecode during their 578 + execution. By using pipes or other transports made available to 579 + the process as file descriptors supporting the read/write 580 + syscalls, it's possible to isolate those applications in 581 + their own address space using seccomp. Once seccomp is 582 + enabled via /proc/<pid>/seccomp, it cannot be disabled 583 + and the task is only allowed to execute a few safe syscalls 584 + defined by each seccomp mode. 585 + 586 + If unsure, say Y. 587 + 570 588 endmenu 571 589 572 590 source "net/Kconfig"

+16

arch/s390/include/asm/seccomp.h

··· 1 + #ifndef _ASM_S390_SECCOMP_H 2 + #define _ASM_S390_SECCOMP_H 3 + 4 + #include <linux/unistd.h> 5 + 6 + #define __NR_seccomp_read __NR_read 7 + #define __NR_seccomp_write __NR_write 8 + #define __NR_seccomp_exit __NR_exit 9 + #define __NR_seccomp_sigreturn __NR_sigreturn 10 + 11 + #define __NR_seccomp_read_32 __NR_read 12 + #define __NR_seccomp_write_32 __NR_write 13 + #define __NR_seccomp_exit_32 __NR_exit 14 + #define __NR_seccomp_sigreturn_32 __NR_sigreturn 15 + 16 + #endif /* _ASM_S390_SECCOMP_H */

+6 -4

arch/s390/include/asm/thread_info.h

··· 83 83 /* 84 84 * thread information flags bit numbers 85 85 */ 86 - #define TIF_SYSCALL_TRACE 0 /* syscall trace active */ 87 86 #define TIF_NOTIFY_RESUME 1 /* callback before returning to user */ 88 87 #define TIF_SIGPENDING 2 /* signal pending */ 89 88 #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ 90 89 #define TIF_RESTART_SVC 4 /* restart svc with new svc number */ 91 - #define TIF_SYSCALL_AUDIT 5 /* syscall auditing active */ 92 90 #define TIF_SINGLE_STEP 6 /* deliver sigtrap on return to user */ 93 91 #define TIF_MCCK_PENDING 7 /* machine check handling is pending */ 92 + #define TIF_SYSCALL_TRACE 8 /* syscall trace active */ 93 + #define TIF_SYSCALL_AUDIT 9 /* syscall auditing active */ 94 + #define TIF_SECCOMP 10 /* secure computing */ 94 95 #define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */ 95 96 #define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling 96 97 TIF_NEED_RESCHED */ ··· 100 99 #define TIF_RESTORE_SIGMASK 20 /* restore signal mask in do_signal() */ 101 100 #define TIF_FREEZE 21 /* thread is freezing for suspend */ 102 101 103 - #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) 104 102 #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) 105 103 #define _TIF_RESTORE_SIGMASK (1<<TIF_RESTORE_SIGMASK) 106 104 #define _TIF_SIGPENDING (1<<TIF_SIGPENDING) 107 105 #define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) 108 106 #define _TIF_RESTART_SVC (1<<TIF_RESTART_SVC) 109 - #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) 110 107 #define _TIF_SINGLE_STEP (1<<TIF_SINGLE_STEP) 111 108 #define _TIF_MCCK_PENDING (1<<TIF_MCCK_PENDING) 109 + #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) 110 + #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) 111 + #define _TIF_SECCOMP (1<<TIF_SECCOMP) 112 112 #define _TIF_USEDFPU (1<<TIF_USEDFPU) 113 113 #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) 114 114 #define _TIF_31BIT (1<<TIF_31BIT)

+3 -2

arch/s390/kernel/entry.S

··· 53 53 _TIF_MCCK_PENDING | _TIF_RESTART_SVC | _TIF_SINGLE_STEP ) 54 54 _TIF_WORK_INT = (_TIF_SIGPENDING | _TIF_NOTIFY_RESUME | _TIF_NEED_RESCHED | \ 55 55 _TIF_MCCK_PENDING) 56 + _TIF_SYSCALL = (_TIF_SYSCALL_TRACE>>8 | _TIF_SYSCALL_AUDIT>>8 | _TIF_SECCOMP>>8) 56 57 57 58 STACK_SHIFT = PAGE_SHIFT + THREAD_ORDER 58 59 STACK_SIZE = 1 << STACK_SHIFT ··· 266 265 sth %r7,SP_SVCNR(%r15) 267 266 sll %r7,2 # svc number *4 268 267 l %r8,BASED(.Lsysc_table) 269 - tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT) 268 + tm __TI_flags+2(%r9),_TIF_SYSCALL 270 269 l %r8,0(%r7,%r8) # get system call addr. 271 270 bnz BASED(sysc_tracesys) 272 271 basr %r14,%r8 # call sys_xxxx ··· 406 405 basr %r14,%r8 # call sys_xxx 407 406 st %r2,SP_R2(%r15) # store return value 408 407 sysc_tracenogo: 409 - tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT) 408 + tm __TI_flags+2(%r9),_TIF_SYSCALL 410 409 bz BASED(sysc_return) 411 410 l %r1,BASED(.Ltrace_exit) 412 411 la %r2,SP_PTREGS(%r15) # load pt_regs

+3 -2

arch/s390/kernel/entry64.S

··· 56 56 _TIF_MCCK_PENDING | _TIF_RESTART_SVC | _TIF_SINGLE_STEP ) 57 57 _TIF_WORK_INT = (_TIF_SIGPENDING | _TIF_NOTIFY_RESUME | _TIF_NEED_RESCHED | \ 58 58 _TIF_MCCK_PENDING) 59 + _TIF_SYSCALL = (_TIF_SYSCALL_TRACE>>8 | _TIF_SYSCALL_AUDIT>>8 | _TIF_SECCOMP>>8) 59 60 60 61 #define BASED(name) name-system_call(%r13) 61 62 ··· 261 260 larl %r10,sys_call_table_emu # use 31 bit emulation system calls 262 261 sysc_noemu: 263 262 #endif 264 - tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT) 263 + tm __TI_flags+6(%r9),_TIF_SYSCALL 265 264 lgf %r8,0(%r7,%r10) # load address of system call routine 266 265 jnz sysc_tracesys 267 266 basr %r14,%r8 # call sys_xxxx ··· 392 391 basr %r14,%r8 # call sys_xxx 393 392 stg %r2,SP_R2(%r15) # store return value 394 393 sysc_tracenogo: 395 - tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT) 394 + tm __TI_flags+6(%r9),_TIF_SYSCALL 396 395 jz sysc_return 397 396 la %r2,SP_PTREGS(%r15) # load pt_regs 398 397 larl %r14,sysc_return # return point is sysc_return

+5 -1

arch/s390/kernel/ptrace.c

··· 36 36 #include <linux/elf.h> 37 37 #include <linux/regset.h> 38 38 #include <linux/tracehook.h> 39 - #include <linux/compat.h> 39 + #include <linux/seccomp.h> 40 + #include <asm/compat.h> 40 41 #include <asm/segment.h> 41 42 #include <asm/page.h> 42 43 #include <asm/pgtable.h> ··· 640 639 asmlinkage long do_syscall_trace_enter(struct pt_regs *regs) 641 640 { 642 641 long ret; 642 + 643 + /* Do the secure computing check first. */ 644 + secure_computing(regs->gprs[2]); 643 645 644 646 /* 645 647 * The sysc_tracesys code in entry.S stored the system