Loading Documentation/features/seccomp/seccomp-filter/arch-support.txt +1 −1 Original line number Original line Diff line number Diff line Loading @@ -32,7 +32,7 @@ | score: | TODO | | score: | TODO | | sh: | TODO | | sh: | TODO | | sparc: | TODO | | sparc: | TODO | | tile: | TODO | | tile: | ok | | um: | TODO | | um: | TODO | | unicore32: | TODO | | unicore32: | TODO | | x86: | ok | | x86: | ok | Loading arch/tile/Kconfig +17 −0 Original line number Original line Diff line number Diff line Loading @@ -32,6 +32,7 @@ config TILE select EDAC_SUPPORT select EDAC_SUPPORT select GENERIC_STRNCPY_FROM_USER select GENERIC_STRNCPY_FROM_USER select GENERIC_STRNLEN_USER select GENERIC_STRNLEN_USER select HAVE_ARCH_SECCOMP_FILTER # FIXME: investigate whether we need/want these options. # FIXME: investigate whether we need/want these options. # select HAVE_IOREMAP_PROT # select HAVE_IOREMAP_PROT Loading Loading @@ -221,6 +222,22 @@ config COMPAT If enabled, the kernel will support running TILE-Gx binaries If enabled, the kernel will support running TILE-Gx binaries that were built with the -m32 option. that were built with the -m32 option. config SECCOMP bool "Enable seccomp to safely compute untrusted bytecode" depends on PROC_FS help This kernel feature is useful for number crunching applications that may need to compute untrusted bytecode during their execution. By using pipes or other transports made available to the process as file descriptors supporting the read/write syscalls, it's possible to isolate those applications in their own address space using seccomp. Once seccomp is enabled via prctl, it cannot be disabled and the task is only allowed to execute a few safe syscalls defined by each seccomp mode. If unsure, say N. config SYSVIPC_COMPAT config SYSVIPC_COMPAT def_bool y def_bool y depends on COMPAT && SYSVIPC depends on COMPAT && SYSVIPC Loading arch/tile/include/asm/Kbuild +1 −0 Original line number Original line Diff line number Diff line Loading @@ -28,6 +28,7 @@ generic-y += poll.h generic-y += posix_types.h generic-y += posix_types.h generic-y += preempt.h generic-y += preempt.h generic-y += resource.h generic-y += resource.h generic-y += seccomp.h generic-y += sembuf.h generic-y += sembuf.h generic-y += serial.h generic-y += serial.h generic-y += shmbuf.h generic-y += shmbuf.h Loading arch/tile/include/asm/elf.h +1 −3 Original line number Original line Diff line number Diff line Loading @@ -22,6 +22,7 @@ #include <arch/chip.h> #include <arch/chip.h> #include <linux/ptrace.h> #include <linux/ptrace.h> #include <linux/elf-em.h> #include <asm/byteorder.h> #include <asm/byteorder.h> #include <asm/page.h> #include <asm/page.h> Loading @@ -30,9 +31,6 @@ typedef unsigned long elf_greg_t; #define ELF_NGREG (sizeof(struct pt_regs) / sizeof(elf_greg_t)) #define ELF_NGREG (sizeof(struct pt_regs) / sizeof(elf_greg_t)) typedef elf_greg_t elf_gregset_t[ELF_NGREG]; typedef elf_greg_t elf_gregset_t[ELF_NGREG]; #define EM_TILEPRO 188 #define EM_TILEGX 191 /* Provide a nominal data structure. */ /* Provide a nominal data structure. */ #define ELF_NFPREG 0 #define ELF_NFPREG 0 typedef double elf_fpreg_t; typedef double elf_fpreg_t; Loading arch/tile/include/asm/syscall.h +27 −1 Original line number Original line Diff line number Diff line Loading @@ -20,6 +20,8 @@ #include <linux/sched.h> #include <linux/sched.h> #include <linux/err.h> #include <linux/err.h> #include <linux/audit.h> #include <linux/compat.h> #include <arch/abi.h> #include <arch/abi.h> /* The array of function pointers for syscalls. */ /* The array of function pointers for syscalls. */ Loading Loading @@ -61,7 +63,15 @@ static inline void syscall_set_return_value(struct task_struct *task, struct pt_regs *regs, struct pt_regs *regs, int error, long val) int error, long val) { { regs->regs[0] = (long) error ?: val; if (error) { /* R0 is the passed-in negative error, R1 is positive. */ regs->regs[0] = error; regs->regs[1] = -error; } else { /* R1 set to zero to indicate no error. */ regs->regs[0] = val; regs->regs[1] = 0; } } } static inline void syscall_get_arguments(struct task_struct *task, static inline void syscall_get_arguments(struct task_struct *task, Loading @@ -82,4 +92,20 @@ static inline void syscall_set_arguments(struct task_struct *task, memcpy(®s[i], args, n * sizeof(args[0])); memcpy(®s[i], args, n * sizeof(args[0])); } } /* * We don't care about endianness (__AUDIT_ARCH_LE bit) here because * tile has the same system calls both on little- and big- endian. */ static inline int syscall_get_arch(void) { if (is_compat_task()) return AUDIT_ARCH_TILEGX32; #ifdef CONFIG_TILEGX return AUDIT_ARCH_TILEGX; #else return AUDIT_ARCH_TILEPRO; #endif } #endif /* _ASM_TILE_SYSCALL_H */ #endif /* _ASM_TILE_SYSCALL_H */ Loading
Documentation/features/seccomp/seccomp-filter/arch-support.txt +1 −1 Original line number Original line Diff line number Diff line Loading @@ -32,7 +32,7 @@ | score: | TODO | | score: | TODO | | sh: | TODO | | sh: | TODO | | sparc: | TODO | | sparc: | TODO | | tile: | TODO | | tile: | ok | | um: | TODO | | um: | TODO | | unicore32: | TODO | | unicore32: | TODO | | x86: | ok | | x86: | ok | Loading
arch/tile/Kconfig +17 −0 Original line number Original line Diff line number Diff line Loading @@ -32,6 +32,7 @@ config TILE select EDAC_SUPPORT select EDAC_SUPPORT select GENERIC_STRNCPY_FROM_USER select GENERIC_STRNCPY_FROM_USER select GENERIC_STRNLEN_USER select GENERIC_STRNLEN_USER select HAVE_ARCH_SECCOMP_FILTER # FIXME: investigate whether we need/want these options. # FIXME: investigate whether we need/want these options. # select HAVE_IOREMAP_PROT # select HAVE_IOREMAP_PROT Loading Loading @@ -221,6 +222,22 @@ config COMPAT If enabled, the kernel will support running TILE-Gx binaries If enabled, the kernel will support running TILE-Gx binaries that were built with the -m32 option. that were built with the -m32 option. config SECCOMP bool "Enable seccomp to safely compute untrusted bytecode" depends on PROC_FS help This kernel feature is useful for number crunching applications that may need to compute untrusted bytecode during their execution. By using pipes or other transports made available to the process as file descriptors supporting the read/write syscalls, it's possible to isolate those applications in their own address space using seccomp. Once seccomp is enabled via prctl, it cannot be disabled and the task is only allowed to execute a few safe syscalls defined by each seccomp mode. If unsure, say N. config SYSVIPC_COMPAT config SYSVIPC_COMPAT def_bool y def_bool y depends on COMPAT && SYSVIPC depends on COMPAT && SYSVIPC Loading
arch/tile/include/asm/Kbuild +1 −0 Original line number Original line Diff line number Diff line Loading @@ -28,6 +28,7 @@ generic-y += poll.h generic-y += posix_types.h generic-y += posix_types.h generic-y += preempt.h generic-y += preempt.h generic-y += resource.h generic-y += resource.h generic-y += seccomp.h generic-y += sembuf.h generic-y += sembuf.h generic-y += serial.h generic-y += serial.h generic-y += shmbuf.h generic-y += shmbuf.h Loading
arch/tile/include/asm/elf.h +1 −3 Original line number Original line Diff line number Diff line Loading @@ -22,6 +22,7 @@ #include <arch/chip.h> #include <arch/chip.h> #include <linux/ptrace.h> #include <linux/ptrace.h> #include <linux/elf-em.h> #include <asm/byteorder.h> #include <asm/byteorder.h> #include <asm/page.h> #include <asm/page.h> Loading @@ -30,9 +31,6 @@ typedef unsigned long elf_greg_t; #define ELF_NGREG (sizeof(struct pt_regs) / sizeof(elf_greg_t)) #define ELF_NGREG (sizeof(struct pt_regs) / sizeof(elf_greg_t)) typedef elf_greg_t elf_gregset_t[ELF_NGREG]; typedef elf_greg_t elf_gregset_t[ELF_NGREG]; #define EM_TILEPRO 188 #define EM_TILEGX 191 /* Provide a nominal data structure. */ /* Provide a nominal data structure. */ #define ELF_NFPREG 0 #define ELF_NFPREG 0 typedef double elf_fpreg_t; typedef double elf_fpreg_t; Loading
arch/tile/include/asm/syscall.h +27 −1 Original line number Original line Diff line number Diff line Loading @@ -20,6 +20,8 @@ #include <linux/sched.h> #include <linux/sched.h> #include <linux/err.h> #include <linux/err.h> #include <linux/audit.h> #include <linux/compat.h> #include <arch/abi.h> #include <arch/abi.h> /* The array of function pointers for syscalls. */ /* The array of function pointers for syscalls. */ Loading Loading @@ -61,7 +63,15 @@ static inline void syscall_set_return_value(struct task_struct *task, struct pt_regs *regs, struct pt_regs *regs, int error, long val) int error, long val) { { regs->regs[0] = (long) error ?: val; if (error) { /* R0 is the passed-in negative error, R1 is positive. */ regs->regs[0] = error; regs->regs[1] = -error; } else { /* R1 set to zero to indicate no error. */ regs->regs[0] = val; regs->regs[1] = 0; } } } static inline void syscall_get_arguments(struct task_struct *task, static inline void syscall_get_arguments(struct task_struct *task, Loading @@ -82,4 +92,20 @@ static inline void syscall_set_arguments(struct task_struct *task, memcpy(®s[i], args, n * sizeof(args[0])); memcpy(®s[i], args, n * sizeof(args[0])); } } /* * We don't care about endianness (__AUDIT_ARCH_LE bit) here because * tile has the same system calls both on little- and big- endian. */ static inline int syscall_get_arch(void) { if (is_compat_task()) return AUDIT_ARCH_TILEGX32; #ifdef CONFIG_TILEGX return AUDIT_ARCH_TILEGX; #else return AUDIT_ARCH_TILEPRO; #endif } #endif /* _ASM_TILE_SYSCALL_H */ #endif /* _ASM_TILE_SYSCALL_H */
Chris Metcalf <cmetcalf@ezchip.com>Chris Metcalf <cmetcalf@ezchip.com>