Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
linux-davinci
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
linux
linux-davinci
Commits
bb49bcda
Commit
bb49bcda
authored
Jul 10, 2005
by
David S. Miller
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[SPARC64]: Add SECCOMP support.
Signed-off-by:
David S. Miller
<
davem@davemloft.net
>
parent
af166d15
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
30 additions
and
15 deletions
+30
-15
arch/sparc64/Kconfig
arch/sparc64/Kconfig
+17
-0
arch/sparc64/kernel/entry.S
arch/sparc64/kernel/entry.S
+5
-5
arch/sparc64/kernel/power.c
arch/sparc64/kernel/power.c
+2
-1
arch/sparc64/kernel/ptrace.c
arch/sparc64/kernel/ptrace.c
+4
-8
include/asm-sparc64/thread_info.h
include/asm-sparc64/thread_info.h
+2
-1
No files found.
arch/sparc64/Kconfig
View file @
bb49bcda
...
...
@@ -43,6 +43,23 @@ config SPARC64_PAGE_SIZE_4MB
endchoice
config SECCOMP
bool "Enable seccomp to safely compute untrusted bytecode"
depends on PROC_FS
default y
help
This kernel feature is useful for number crunching applications
that may need to compute untrusted bytecode during their
execution. By using pipes or other transports made available to
the process as file descriptors supporting the read/write
syscalls, it's possible to isolate those applications in
their own address space using seccomp. Once seccomp is
enabled via /proc/<pid>/seccomp, it cannot be disabled
and the task is only allowed to execute a few safe syscalls
defined by each seccomp mode.
If unsure, say Y. Only embedded should say N here.
source kernel/Kconfig.hz
source "init/Kconfig"
...
...
arch/sparc64/kernel/entry.S
View file @
bb49bcda
...
...
@@ -1552,7 +1552,7 @@ sys_ptrace: add %sp, PTREGS_OFF, %o0
nop
.
align
32
1
:
ldx
[%
curptr
+
TI_FLAGS
],
%
l5
andcc
%
l5
,
_TIF_SYSCALL_TRACE
,
%
g0
andcc
%
l5
,
(
_TIF_SYSCALL_TRACE
|
_TIF_SECCOMP
)
,
%
g0
be
,
pt
%
icc
,
rtrap
clr
%
l6
call
syscall_trace
...
...
@@ -1676,7 +1676,7 @@ linux_sparc_syscall32:
srl
%
i5
,
0
,
%
o5
!
IEU1
srl
%
i2
,
0
,
%
o2
!
IEU0
Group
andcc
%
l0
,
_TIF_SYSCALL_TRACE
,
%
g0
!
IEU0
Group
andcc
%
l0
,
(
_TIF_SYSCALL_TRACE
|
_TIF_SECCOMP
),
%
g0
!
IEU0
Group
bne
,
pn
%
icc
,
linux_syscall_trace32
!
CTI
mov
%
i0
,
%
l5
!
IEU1
call
%
l7
!
CTI
Group
brk
forced
...
...
@@ -1699,7 +1699,7 @@ linux_sparc_syscall:
mov
%
i3
,
%
o3
!
IEU1
mov
%
i4
,
%
o4
!
IEU0
Group
andcc
%
l0
,
_TIF_SYSCALL_TRACE
,
%
g0
!
IEU1
Group
+
1
bubble
andcc
%
l0
,
(
_TIF_SYSCALL_TRACE
|
_TIF_SECCOMP
),
%
g0
!
IEU1
Group
+
1
bubble
bne
,
pn
%
icc
,
linux_syscall_trace
!
CTI
Group
mov
%
i0
,
%
l5
!
IEU0
2
:
call
%
l7
!
CTI
Group
brk
forced
...
...
@@ -1727,7 +1727,7 @@ ret_sys_call:
1
:
cmp
%
o0
,
-
ERESTART_RESTARTBLOCK
bgeu
,
pn
%
xcc
,
1
f
andcc
%
l0
,
_TIF_SYSCALL_TRACE
,
%
l6
andcc
%
l0
,
(
_TIF_SYSCALL_TRACE
|
_TIF_SECCOMP
),
%
l6
80
:
/
*
System
call
success
,
clear
Carry
condition
code
.
*/
andn
%
g3
,
%
g2
,
%
g3
...
...
@@ -1742,7 +1742,7 @@ ret_sys_call:
/
*
System
call
failure
,
set
Carry
condition
code
.
*
Also
,
get
abs
(
errno
)
to
return
to
the
process
.
*/
andcc
%
l0
,
_TIF_SYSCALL_TRACE
,
%
l6
andcc
%
l0
,
(
_TIF_SYSCALL_TRACE
|
_TIF_SECCOMP
)
,
%
l6
sub
%
g0
,
%
o0
,
%
o0
or
%
g3
,
%
g2
,
%
g3
stx
%
o0
,
[%
sp
+
PTREGS_OFF
+
PT_V9_I0
]
...
...
arch/sparc64/kernel/power.c
View file @
bb49bcda
...
...
@@ -4,6 +4,8 @@
* Copyright (C) 1999 David S. Miller (davem@redhat.com)
*/
#define __KERNEL_SYSCALLS__
#include <linux/config.h>
#include <linux/kernel.h>
#include <linux/module.h>
...
...
@@ -17,7 +19,6 @@
#include <asm/ebus.h>
#include <asm/auxio.h>
#define __KERNEL_SYSCALLS__
#include <linux/unistd.h>
/*
...
...
arch/sparc64/kernel/ptrace.c
View file @
bb49bcda
...
...
@@ -630,9 +630,9 @@ out:
asmlinkage
void
syscall_trace
(
void
)
{
#ifdef DEBUG_PTRACE
printk
(
"%s [%d]: syscall_trace
\n
"
,
current
->
comm
,
current
->
pid
);
#endif
/* do the secure computing check first */
secure_computing
(
current_thread_info
()
->
kregs
->
u_regs
[
UREG_G1
]
);
if
(
!
test_thread_flag
(
TIF_SYSCALL_TRACE
))
return
;
if
(
!
(
current
->
ptrace
&
PT_PTRACED
))
...
...
@@ -645,12 +645,8 @@ asmlinkage void syscall_trace(void)
* for normal use. strace only continues with a signal if the
* stopping signal is not SIGTRAP. -brl
*/
#ifdef DEBUG_PTRACE
printk
(
"%s [%d]: syscall_trace exit= %x
\n
"
,
current
->
comm
,
current
->
pid
,
current
->
exit_code
);
#endif
if
(
current
->
exit_code
)
{
send_sig
(
current
->
exit_code
,
current
,
1
);
send_sig
(
current
->
exit_code
,
current
,
1
);
current
->
exit_code
=
0
;
}
}
include/asm-sparc64/thread_info.h
View file @
bb49bcda
...
...
@@ -220,7 +220,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define TIF_NEWSIGNALS 6
/* wants new-style signals */
#define TIF_32BIT 7
/* 32-bit binary */
#define TIF_NEWCHILD 8
/* just-spawned child process */
/* TIF_* value 9 is available
*/
#define TIF_SECCOMP 9
/* secure computing
*/
#define TIF_POLLING_NRFLAG 10
#define TIF_SYSCALL_SUCCESS 11
/* NOTE: Thread flags >= 12 should be ones we have no interest
...
...
@@ -239,6 +239,7 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define _TIF_NEWSIGNALS (1<<TIF_NEWSIGNALS)
#define _TIF_32BIT (1<<TIF_32BIT)
#define _TIF_NEWCHILD (1<<TIF_NEWCHILD)
#define _TIF_SECCOMP (1<<TIF_SECCOMP)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
#define _TIF_ABI_PENDING (1<<TIF_ABI_PENDING)
#define _TIF_SYSCALL_SUCCESS (1<<TIF_SYSCALL_SUCCESS)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment