Loading arch/ppc/Kconfig +17 −0 Original line number Diff line number Diff line Loading @@ -1083,6 +1083,23 @@ source "drivers/zorro/Kconfig" source kernel/power/Kconfig config SECCOMP bool "Enable seccomp to safely compute untrusted bytecode" depends on PROC_FS default y help This kernel feature is useful for number crunching applications that may need to compute untrusted bytecode during their execution. By using pipes or other transports made available to the process as file descriptors supporting the read/write syscalls, it's possible to isolate those applications in their own address space using seccomp. Once seccomp is enabled via /proc/<pid>/seccomp, it cannot be disabled and the task is only allowed to execute a few safe syscalls defined by each seccomp mode. If unsure, say Y. Only embedded should say N here. endmenu config ISA_DMA_API Loading arch/ppc/kernel/entry.S +9 −7 Original line number Diff line number Diff line Loading @@ -202,7 +202,7 @@ _GLOBAL(DoSyscall) rlwinm r11,r11,0,~_TIFL_FORCE_NOERROR stw r11,TI_LOCAL_FLAGS(r10) lwz r11,TI_FLAGS(r10) andi. r11,r11,_TIF_SYSCALL_TRACE andi. r11,r11,_TIF_SYSCALL_T_OR_A bne- syscall_dotrace syscall_dotrace_cont: cmplwi 0,r0,NR_syscalls Loading Loading @@ -237,7 +237,7 @@ ret_from_syscall: SYNC MTMSRD(r10) lwz r9,TI_FLAGS(r12) andi. r0,r9,(_TIF_SYSCALL_TRACE|_TIF_SIGPENDING|_TIF_NEED_RESCHED) andi. r0,r9,(_TIF_SYSCALL_T_OR_A|_TIF_SIGPENDING|_TIF_NEED_RESCHED) bne- syscall_exit_work syscall_exit_cont: #if defined(CONFIG_4xx) || defined(CONFIG_BOOKE) Loading Loading @@ -277,7 +277,8 @@ syscall_dotrace: SAVE_NVGPRS(r1) li r0,0xc00 stw r0,TRAP(r1) bl do_syscall_trace addi r3,r1,STACK_FRAME_OVERHEAD bl do_syscall_trace_enter lwz r0,GPR0(r1) /* Restore original registers */ lwz r3,GPR3(r1) lwz r4,GPR4(r1) Loading @@ -291,7 +292,7 @@ syscall_dotrace: syscall_exit_work: stw r6,RESULT(r1) /* Save result */ stw r3,GPR3(r1) /* Update return value */ andi. r0,r9,_TIF_SYSCALL_TRACE andi. r0,r9,_TIF_SYSCALL_T_OR_A beq 5f ori r10,r10,MSR_EE SYNC Loading @@ -303,7 +304,8 @@ syscall_exit_work: li r4,0xc00 stw r4,TRAP(r1) 4: bl do_syscall_trace addi r3,r1,STACK_FRAME_OVERHEAD bl do_syscall_trace_leave REST_NVGPRS(r1) 2: lwz r3,GPR3(r1) Loading Loading @@ -627,8 +629,8 @@ sigreturn_exit: subi r1,r3,STACK_FRAME_OVERHEAD rlwinm r12,r1,0,0,18 /* current_thread_info() */ lwz r9,TI_FLAGS(r12) andi. r0,r9,_TIF_SYSCALL_TRACE bnel- do_syscall_trace andi. r0,r9,_TIF_SYSCALL_T_OR_A bnel- do_syscall_trace_leave /* fall through */ .globl ret_from_except_full Loading arch/ppc/kernel/ppc_ksyms.c +0 −2 Original line number Diff line number Diff line Loading @@ -55,7 +55,6 @@ #define EXPORT_SYMTAB_STROPS extern void transfer_to_handler(void); extern void do_syscall_trace(void); extern void do_IRQ(struct pt_regs *regs); extern void MachineCheckException(struct pt_regs *regs); extern void AlignmentException(struct pt_regs *regs); Loading @@ -74,7 +73,6 @@ extern unsigned long mm_ptov (unsigned long paddr); EXPORT_SYMBOL(clear_pages); EXPORT_SYMBOL(clear_user_page); EXPORT_SYMBOL(do_signal); EXPORT_SYMBOL(do_syscall_trace); EXPORT_SYMBOL(transfer_to_handler); EXPORT_SYMBOL(do_IRQ); EXPORT_SYMBOL(MachineCheckException); Loading arch/ppc/kernel/ptrace.c +36 −4 Original line number Diff line number Diff line Loading @@ -27,6 +27,9 @@ #include <linux/user.h> #include <linux/security.h> #include <linux/signal.h> #include <linux/seccomp.h> #include <linux/audit.h> #include <linux/module.h> #include <asm/uaccess.h> #include <asm/page.h> Loading Loading @@ -455,11 +458,10 @@ int sys_ptrace(long request, long pid, long addr, long data) return ret; } void do_syscall_trace(void) static void do_syscall_trace(void) { if (!test_thread_flag(TIF_SYSCALL_TRACE) || !(current->ptrace & PT_PTRACED)) return; /* the 0x80 provides a way for the tracing parent to distinguish between a syscall stop and SIGTRAP delivery */ ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) ? 0x80 : 0)); Loading @@ -473,3 +475,33 @@ void do_syscall_trace(void) current->exit_code = 0; } } void do_syscall_trace_enter(struct pt_regs *regs) { if (test_thread_flag(TIF_SYSCALL_TRACE) && (current->ptrace & PT_PTRACED)) do_syscall_trace(); if (unlikely(current->audit_context)) audit_syscall_entry(current, AUDIT_ARCH_PPC, regs->gpr[0], regs->gpr[3], regs->gpr[4], regs->gpr[5], regs->gpr[6]); } void do_syscall_trace_leave(struct pt_regs *regs) { secure_computing(regs->gpr[0]); if (unlikely(current->audit_context)) audit_syscall_exit(current, (regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS, regs->result); if ((test_thread_flag(TIF_SYSCALL_TRACE)) && (current->ptrace & PT_PTRACED)) do_syscall_trace(); } EXPORT_SYMBOL(do_syscall_trace_enter); EXPORT_SYMBOL(do_syscall_trace_leave); include/asm-ppc/seccomp.h 0 → 100644 +10 −0 Original line number Diff line number Diff line #ifndef _ASM_SECCOMP_H #include <linux/unistd.h> #define __NR_seccomp_read __NR_read #define __NR_seccomp_write __NR_write #define __NR_seccomp_exit __NR_exit #define __NR_seccomp_sigreturn __NR_rt_sigreturn #endif /* _ASM_SECCOMP_H */ Loading
arch/ppc/Kconfig +17 −0 Original line number Diff line number Diff line Loading @@ -1083,6 +1083,23 @@ source "drivers/zorro/Kconfig" source kernel/power/Kconfig config SECCOMP bool "Enable seccomp to safely compute untrusted bytecode" depends on PROC_FS default y help This kernel feature is useful for number crunching applications that may need to compute untrusted bytecode during their execution. By using pipes or other transports made available to the process as file descriptors supporting the read/write syscalls, it's possible to isolate those applications in their own address space using seccomp. Once seccomp is enabled via /proc/<pid>/seccomp, it cannot be disabled and the task is only allowed to execute a few safe syscalls defined by each seccomp mode. If unsure, say Y. Only embedded should say N here. endmenu config ISA_DMA_API Loading
arch/ppc/kernel/entry.S +9 −7 Original line number Diff line number Diff line Loading @@ -202,7 +202,7 @@ _GLOBAL(DoSyscall) rlwinm r11,r11,0,~_TIFL_FORCE_NOERROR stw r11,TI_LOCAL_FLAGS(r10) lwz r11,TI_FLAGS(r10) andi. r11,r11,_TIF_SYSCALL_TRACE andi. r11,r11,_TIF_SYSCALL_T_OR_A bne- syscall_dotrace syscall_dotrace_cont: cmplwi 0,r0,NR_syscalls Loading Loading @@ -237,7 +237,7 @@ ret_from_syscall: SYNC MTMSRD(r10) lwz r9,TI_FLAGS(r12) andi. r0,r9,(_TIF_SYSCALL_TRACE|_TIF_SIGPENDING|_TIF_NEED_RESCHED) andi. r0,r9,(_TIF_SYSCALL_T_OR_A|_TIF_SIGPENDING|_TIF_NEED_RESCHED) bne- syscall_exit_work syscall_exit_cont: #if defined(CONFIG_4xx) || defined(CONFIG_BOOKE) Loading Loading @@ -277,7 +277,8 @@ syscall_dotrace: SAVE_NVGPRS(r1) li r0,0xc00 stw r0,TRAP(r1) bl do_syscall_trace addi r3,r1,STACK_FRAME_OVERHEAD bl do_syscall_trace_enter lwz r0,GPR0(r1) /* Restore original registers */ lwz r3,GPR3(r1) lwz r4,GPR4(r1) Loading @@ -291,7 +292,7 @@ syscall_dotrace: syscall_exit_work: stw r6,RESULT(r1) /* Save result */ stw r3,GPR3(r1) /* Update return value */ andi. r0,r9,_TIF_SYSCALL_TRACE andi. r0,r9,_TIF_SYSCALL_T_OR_A beq 5f ori r10,r10,MSR_EE SYNC Loading @@ -303,7 +304,8 @@ syscall_exit_work: li r4,0xc00 stw r4,TRAP(r1) 4: bl do_syscall_trace addi r3,r1,STACK_FRAME_OVERHEAD bl do_syscall_trace_leave REST_NVGPRS(r1) 2: lwz r3,GPR3(r1) Loading Loading @@ -627,8 +629,8 @@ sigreturn_exit: subi r1,r3,STACK_FRAME_OVERHEAD rlwinm r12,r1,0,0,18 /* current_thread_info() */ lwz r9,TI_FLAGS(r12) andi. r0,r9,_TIF_SYSCALL_TRACE bnel- do_syscall_trace andi. r0,r9,_TIF_SYSCALL_T_OR_A bnel- do_syscall_trace_leave /* fall through */ .globl ret_from_except_full Loading
arch/ppc/kernel/ppc_ksyms.c +0 −2 Original line number Diff line number Diff line Loading @@ -55,7 +55,6 @@ #define EXPORT_SYMTAB_STROPS extern void transfer_to_handler(void); extern void do_syscall_trace(void); extern void do_IRQ(struct pt_regs *regs); extern void MachineCheckException(struct pt_regs *regs); extern void AlignmentException(struct pt_regs *regs); Loading @@ -74,7 +73,6 @@ extern unsigned long mm_ptov (unsigned long paddr); EXPORT_SYMBOL(clear_pages); EXPORT_SYMBOL(clear_user_page); EXPORT_SYMBOL(do_signal); EXPORT_SYMBOL(do_syscall_trace); EXPORT_SYMBOL(transfer_to_handler); EXPORT_SYMBOL(do_IRQ); EXPORT_SYMBOL(MachineCheckException); Loading
arch/ppc/kernel/ptrace.c +36 −4 Original line number Diff line number Diff line Loading @@ -27,6 +27,9 @@ #include <linux/user.h> #include <linux/security.h> #include <linux/signal.h> #include <linux/seccomp.h> #include <linux/audit.h> #include <linux/module.h> #include <asm/uaccess.h> #include <asm/page.h> Loading Loading @@ -455,11 +458,10 @@ int sys_ptrace(long request, long pid, long addr, long data) return ret; } void do_syscall_trace(void) static void do_syscall_trace(void) { if (!test_thread_flag(TIF_SYSCALL_TRACE) || !(current->ptrace & PT_PTRACED)) return; /* the 0x80 provides a way for the tracing parent to distinguish between a syscall stop and SIGTRAP delivery */ ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) ? 0x80 : 0)); Loading @@ -473,3 +475,33 @@ void do_syscall_trace(void) current->exit_code = 0; } } void do_syscall_trace_enter(struct pt_regs *regs) { if (test_thread_flag(TIF_SYSCALL_TRACE) && (current->ptrace & PT_PTRACED)) do_syscall_trace(); if (unlikely(current->audit_context)) audit_syscall_entry(current, AUDIT_ARCH_PPC, regs->gpr[0], regs->gpr[3], regs->gpr[4], regs->gpr[5], regs->gpr[6]); } void do_syscall_trace_leave(struct pt_regs *regs) { secure_computing(regs->gpr[0]); if (unlikely(current->audit_context)) audit_syscall_exit(current, (regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS, regs->result); if ((test_thread_flag(TIF_SYSCALL_TRACE)) && (current->ptrace & PT_PTRACED)) do_syscall_trace(); } EXPORT_SYMBOL(do_syscall_trace_enter); EXPORT_SYMBOL(do_syscall_trace_leave);
include/asm-ppc/seccomp.h 0 → 100644 +10 −0 Original line number Diff line number Diff line #ifndef _ASM_SECCOMP_H #include <linux/unistd.h> #define __NR_seccomp_read __NR_read #define __NR_seccomp_write __NR_write #define __NR_seccomp_exit __NR_exit #define __NR_seccomp_sigreturn __NR_rt_sigreturn #endif /* _ASM_SECCOMP_H */
