summaryrefslogtreecommitdiff
path: root/arch/xtensa
diff options
context:
space:
mode:
authorMax Filippov <jcmvbkbc@gmail.com>2019-11-13 20:47:17 -0800
committerMax Filippov <jcmvbkbc@gmail.com>2020-07-28 00:57:06 -0700
commitda94a40f72859ce24dc72de9292981513a33e427 (patch)
treea265d62dcc8910668e63d0ca4d529f90c9fdffd0 /arch/xtensa
parent8b7a87a03f7c15c7a1e1647c3527292604e80f6f (diff)
xtensa: add seccomp support
Add SECCOMP to xtensa Kconfig, select HAVE_ARCH_SECCOMP_FILTER, add TIF_SECCOMP and call secure_computing from do_syscall_trace_enter. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Diffstat (limited to 'arch/xtensa')
-rw-r--r--arch/xtensa/Kconfig15
-rw-r--r--arch/xtensa/include/asm/Kbuild1
-rw-r--r--arch/xtensa/include/asm/thread_info.h5
-rw-r--r--arch/xtensa/kernel/ptrace.c4
4 files changed, 23 insertions, 2 deletions
diff --git a/arch/xtensa/Kconfig b/arch/xtensa/Kconfig
index a7def0991a01..a461ee051e73 100644
--- a/arch/xtensa/Kconfig
+++ b/arch/xtensa/Kconfig
@@ -24,6 +24,7 @@ config XTENSA
select HAVE_ARCH_AUDITSYSCALL
select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL
select HAVE_ARCH_KASAN if MMU && !XIP_KERNEL
+ select HAVE_ARCH_SECCOMP_FILTER
select HAVE_ARCH_TRACEHOOK
select HAVE_COPY_THREAD_TLS
select HAVE_DEBUG_KMEMLEAK
@@ -217,6 +218,20 @@ config HOTPLUG_CPU
Say N if you want to disable CPU hotplug.
+config SECCOMP
+ bool
+ prompt "Enable seccomp to safely compute untrusted bytecode"
+ help
+ This kernel feature is useful for number crunching applications
+ that may need to compute untrusted bytecode during their
+ execution. By using pipes or other transports made available to
+ the process as file descriptors supporting the read/write
+ syscalls, it's possible to isolate those applications in
+ their own address space using seccomp. Once seccomp is
+ enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
+ and the task is only allowed to execute a few safe syscalls
+ defined by each seccomp mode.
+
config FAST_SYSCALL_XTENSA
bool "Enable fast atomic syscalls"
default n
diff --git a/arch/xtensa/include/asm/Kbuild b/arch/xtensa/include/asm/Kbuild
index 9718e9593564..c59c42a1221a 100644
--- a/arch/xtensa/include/asm/Kbuild
+++ b/arch/xtensa/include/asm/Kbuild
@@ -7,4 +7,5 @@ generic-y += mcs_spinlock.h
generic-y += param.h
generic-y += qrwlock.h
generic-y += qspinlock.h
+generic-y += seccomp.h
generic-y += user.h
diff --git a/arch/xtensa/include/asm/thread_info.h b/arch/xtensa/include/asm/thread_info.h
index c49cc4a1f39a..8918f0f20c53 100644
--- a/arch/xtensa/include/asm/thread_info.h
+++ b/arch/xtensa/include/asm/thread_info.h
@@ -112,6 +112,7 @@ static inline struct thread_info *current_thread_info(void)
#define TIF_NOTIFY_RESUME 7 /* callback before returning to user */
#define TIF_DB_DISABLED 8 /* debug trap disabled for syscall */
#define TIF_SYSCALL_AUDIT 9 /* syscall auditing active */
+#define TIF_SECCOMP 10 /* secure computing */
#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
#define _TIF_SIGPENDING (1<<TIF_SIGPENDING)
@@ -119,9 +120,11 @@ static inline struct thread_info *current_thread_info(void)
#define _TIF_SINGLESTEP (1<<TIF_SINGLESTEP)
#define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT)
#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
+#define _TIF_SECCOMP (1<<TIF_SECCOMP)
#define _TIF_WORK_MASK (_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP | \
- _TIF_SYSCALL_TRACEPOINT | _TIF_SYSCALL_AUDIT)
+ _TIF_SYSCALL_TRACEPOINT | \
+ _TIF_SYSCALL_AUDIT | _TIF_SECCOMP)
#define THREAD_SIZE KERNEL_STACK_SIZE
#define THREAD_SIZE_ORDER (KERNEL_STACK_SHIFT - PAGE_SHIFT)
diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c
index 437b4297948d..ce4a32bd2294 100644
--- a/arch/xtensa/kernel/ptrace.c
+++ b/arch/xtensa/kernel/ptrace.c
@@ -22,6 +22,7 @@
#include <linux/regset.h>
#include <linux/sched.h>
#include <linux/sched/task_stack.h>
+#include <linux/seccomp.h>
#include <linux/security.h>
#include <linux/signal.h>
#include <linux/smp.h>
@@ -559,7 +560,8 @@ int do_syscall_trace_enter(struct pt_regs *regs)
return 0;
}
- if (regs->syscall == NO_SYSCALL) {
+ if (regs->syscall == NO_SYSCALL ||
+ secure_computing() == -1) {
do_syscall_trace_leave(regs);
return 0;
}