[SPARC64]: Add SECCOMP support.

endchoice

config SECCOMP

	bool "Enable seccomp to safely compute untrusted bytecode"

	depends on PROC_FS

	default y

	help

	  This kernel feature is useful for number crunching applications

	  that may need to compute untrusted bytecode during their

	  execution. By using pipes or other transports made available to

	  the process as file descriptors supporting the read/write

	  syscalls, it's possible to isolate those applications in

	  their own address space using seccomp. Once seccomp is

	  enabled via /proc/<pid>/seccomp, it cannot be disabled

	  and the task is only allowed to execute a few safe syscalls

	  defined by each seccomp mode.

	  If unsure, say Y. Only embedded should say N here.

source kernel/Kconfig.hz

source "init/Kconfig"

		nop

		.align		32

1:		ldx		[%curptr + TI_FLAGS], %l5

		andcc		%l5, _TIF_SYSCALL_TRACE, %g0

		andcc		%l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0

		be,pt		%icc, rtrap

		 clr		%l6

		call		syscall_trace

	srl		%i5, 0, %o5				! IEU1

	srl		%i2, 0, %o2				! IEU0	Group

	andcc		%l0, _TIF_SYSCALL_TRACE, %g0		! IEU0	Group

	andcc		%l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU0	Group

	bne,pn		%icc, linux_syscall_trace32		! CTI

	 mov		%i0, %l5				! IEU1

	call		%l7					! CTI	Group brk forced

	mov		%i3, %o3				! IEU1

	mov		%i4, %o4				! IEU0	Group

	andcc		%l0, _TIF_SYSCALL_TRACE, %g0		! IEU1	Group+1 bubble

	andcc		%l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %g0 ! IEU1	Group+1 bubble

	bne,pn		%icc, linux_syscall_trace		! CTI	Group

	 mov		%i0, %l5				! IEU0

2:	call		%l7					! CTI	Group brk forced

1:

	cmp		%o0, -ERESTART_RESTARTBLOCK

	bgeu,pn		%xcc, 1f

	 andcc		%l0, _TIF_SYSCALL_TRACE, %l6	

	 andcc		%l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6

80:

	/* System call success, clear Carry condition code. */

	andn		%g3, %g2, %g3

	/* System call failure, set Carry condition code.

	 * Also, get abs(errno) to return to the process.

	 */

	andcc		%l0, _TIF_SYSCALL_TRACE, %l6	

	andcc		%l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP), %l6	

	sub		%g0, %o0, %o0

	or		%g3, %g2, %g3

	stx		%o0, [%sp + PTREGS_OFF + PT_V9_I0]

 * Copyright (C) 1999 David S. Miller (davem@redhat.com)

 */

#define __KERNEL_SYSCALLS__

#include <linux/config.h>

#include <linux/kernel.h>

#include <linux/module.h>

#include <asm/ebus.h>

#include <asm/auxio.h>

#define __KERNEL_SYSCALLS__

#include <linux/unistd.h>

/*

asmlinkage void syscall_trace(void)

{

#ifdef DEBUG_PTRACE

	printk("%s [%d]: syscall_trace\n", current->comm, current->pid);

#endif

	/* do the secure computing check first */

	secure_computing(current_thread_info()->kregs->u_regs[UREG_G1]);

	if (!test_thread_flag(TIF_SYSCALL_TRACE))

		return;

	if (!(current->ptrace & PT_PTRACED))

	 * for normal use.  strace only continues with a signal if the

	 * stopping signal is not SIGTRAP.  -brl

	 */

#ifdef DEBUG_PTRACE

	printk("%s [%d]: syscall_trace exit= %x\n", current->comm,

		current->pid, current->exit_code);

#endif

	if (current->exit_code) {

		send_sig(current->exit_code, current, 1);

		current->exit_code = 0;

#define TIF_NEWSIGNALS		6	/* wants new-style signals */

#define TIF_32BIT		7	/* 32-bit binary */

#define TIF_NEWCHILD		8	/* just-spawned child process */

/* TIF_* value 9 is available */

#define TIF_SECCOMP		9	/* secure computing */

#define TIF_POLLING_NRFLAG	10

#define TIF_SYSCALL_SUCCESS	11

/* NOTE: Thread flags >= 12 should be ones we have no interest

#define _TIF_NEWSIGNALS		(1<<TIF_NEWSIGNALS)

#define _TIF_32BIT		(1<<TIF_32BIT)

#define _TIF_NEWCHILD		(1<<TIF_NEWCHILD)

#define _TIF_SECCOMP		(1<<TIF_SECCOMP)

#define _TIF_POLLING_NRFLAG	(1<<TIF_POLLING_NRFLAG)

#define _TIF_ABI_PENDING	(1<<TIF_ABI_PENDING)

#define _TIF_SYSCALL_SUCCESS	(1<<TIF_SYSCALL_SUCCESS)