Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 923b5e25 authored by AKASHI Takahiro's avatar AKASHI Takahiro Committed by Ruchi Kandoi
Browse files

arm64: add seccomp support 



Note: This patch is from v6 of Takahiro's proposed
"arm64: add seccomp support" patchset (leecam@google.com)

secure_computing() is called first in syscall_trace_enter() so that a system
call will be aborted quickly without doing succeeding syscall tracing,
contrary to other cases, if seccomp rules deny that system call.

On compat task, syscall numbers for system calls allowed in seccomp mode 1
are different from those on normal tasks, and so _NR_seccomp_xxx_32's need
to be redefined.

Signed-off-by: default avatarAKASHI Takahiro <takahiro.akashi@linaro.org>

Conflicts:
	arch/arm64/Kconfig
	arch/arm64/kernel/entry.S

Change-Id: I5ec44507d7e536df7ec9d62d30a418c26ef15100
parent 17fa5771

arch/arm64/Kconfig

+14 −0
Original line number Diff line number Diff line
@@ -36,6 +36,7 @@ config ARM64 
	select HARDIRQS_SW_RESEND

	select HAVE_ARCH_AUDITSYSCALL

	select HAVE_ARCH_JUMP_LABEL

	select HAVE_ARCH_SECCOMP_FILTER

	select HAVE_ARCH_KGDB

	select HAVE_ARCH_TRACEHOOK

	select HAVE_BPF_JIT
@@ -404,6 +405,19 @@ config FORCE_MAX_ZONEORDER 
	default "14" if (ARM64_64K_PAGES && TRANSPARENT_HUGEPAGE)

	default "11"



config SECCOMP

	bool "Enable seccomp to safely compute untrusted bytecode"

	---help---

	  This kernel feature is useful for number crunching applications

	  that may need to compute untrusted bytecode during their

	  execution. By using pipes or other transports made available to

	  the process as file descriptors supporting the read/write

	  syscalls, it's possible to isolate those applications in

	  their own address space using seccomp. Once seccomp is

	  enabled via prctl(PR_SET_SECCOMP), it cannot be disabled

	  and the task is only allowed to execute a few safe syscalls

	  defined by each seccomp mode.



endmenu



menu "Boot options"

arch/arm64/include/asm/ptrace.h

+1 −0
Original line number Diff line number Diff line
@@ -71,6 +71,7 @@ 
 * with ptrace(PTRACE_SET_SYSCALL)

 */

#define RET_SKIP_SYSCALL	-1

#define RET_SKIP_SYSCALL_TRACE	-2

#define IS_SKIP_SYSCALL(no)	((int)(no & 0xffffffff) == -1)



#ifndef __ASSEMBLY__

arch/arm64/include/asm/seccomp.h

0 → 100644
+25 −0
Original line number Diff line number Diff line 
/*

 * arch/arm64/include/asm/seccomp.h

 *

 * Copyright (C) 2014 Linaro Limited

 * Author: AKASHI Takahiro <takahiro.akashi <at> linaro.org>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 as

 * published by the Free Software Foundation.

 */

#ifndef _ASM_SECCOMP_H

#define _ASM_SECCOMP_H



#include <asm/unistd.h>



#ifdef CONFIG_COMPAT

#define __NR_seccomp_read_32		__NR_compat_read

#define __NR_seccomp_write_32		__NR_compat_write

#define __NR_seccomp_exit_32		__NR_compat_exit

#define __NR_seccomp_sigreturn_32	__NR_compat_rt_sigreturn

#endif /* CONFIG_COMPAT */



#include <asm-generic/seccomp.h>



#endif /* _ASM_SECCOMP_H */

arch/arm64/include/asm/unistd.h

+3 −0
Original line number Diff line number Diff line
@@ -31,6 +31,9 @@ 
 * Compat syscall numbers used by the AArch64 kernel.

 */

#define __NR_compat_restart_syscall	0

#define __NR_compat_exit		1

#define __NR_compat_read		3

#define __NR_compat_write		4

#define __NR_compat_sigreturn		119

#define __NR_compat_rt_sigreturn	173

arch/arm64/kernel/entry.S

+2 −0
Original line number Diff line number Diff line
@@ -672,6 +672,8 @@ __sys_trace: 
	mov	x0, sp

	bl	syscall_trace_enter

	adr	lr, __sys_trace_return		// return address

	cmp	w0, #RET_SKIP_SYSCALL_TRACE	// skip syscall and tracing?

	b.eq	ret_to_user

	cmp	w0, #RET_SKIP_SYSCALL		// skip syscall?

	b.eq	__sys_trace_return_skipped

	uxtw	scno, w0			// syscall number (possibly new)