[S390] secure computing arch backend (bcf5cef7) · Commits · e / devices / android_kernel_xiaomi_markw

arch/s390/Kconfig

+18 −0

Original line number	Diff line number	Diff line
		@@ -567,6 +567,24 @@ bool "s390 guest support for KVM (EXPERIMENTAL)"
		the KVM hypervisor. This will add detection for KVM as well as a
		virtio transport. If KVM is detected, the virtio console will be
		the default console.

		config SECCOMP
		bool "Enable seccomp to safely compute untrusted bytecode"
		depends on PROC_FS
		default y
		help
		This kernel feature is useful for number crunching applications
		that may need to compute untrusted bytecode during their
		execution. By using pipes or other transports made available to
		the process as file descriptors supporting the read/write
		syscalls, it's possible to isolate those applications in
		their own address space using seccomp. Once seccomp is
		enabled via /proc/<pid>/seccomp, it cannot be disabled
		and the task is only allowed to execute a few safe syscalls
		defined by each seccomp mode.

		If unsure, say Y.

		endmenu

		source "net/Kconfig"

arch/s390/include/asm/seccomp.h

0 → 100644

+16 −0

Original line number	Diff line number	Diff line
		#ifndef _ASM_S390_SECCOMP_H
		#define _ASM_S390_SECCOMP_H

		#include <linux/unistd.h>

		#define __NR_seccomp_read __NR_read
		#define __NR_seccomp_write __NR_write
		#define __NR_seccomp_exit __NR_exit
		#define __NR_seccomp_sigreturn __NR_sigreturn

		#define __NR_seccomp_read_32 __NR_read
		#define __NR_seccomp_write_32 __NR_write
		#define __NR_seccomp_exit_32 __NR_exit
		#define __NR_seccomp_sigreturn_32 __NR_sigreturn

		#endif /* _ASM_S390_SECCOMP_H */

arch/s390/include/asm/thread_info.h

+6 −4

Original line number	Diff line number	Diff line
		@@ -83,14 +83,15 @@ static inline struct thread_info *current_thread_info(void)
		/*
		* thread information flags bit numbers
		*/
		#define TIF_SYSCALL_TRACE 0 /* syscall trace active */
		#define TIF_NOTIFY_RESUME 1 /* callback before returning to user */
		#define TIF_SIGPENDING 2 /* signal pending */
		#define TIF_NEED_RESCHED 3 /* rescheduling necessary */
		#define TIF_RESTART_SVC 4 /* restart svc with new svc number */
		#define TIF_SYSCALL_AUDIT 5 /* syscall auditing active */
		#define TIF_SINGLE_STEP 6 /* deliver sigtrap on return to user */
		#define TIF_MCCK_PENDING 7 /* machine check handling is pending */
		#define TIF_SYSCALL_TRACE 8 /* syscall trace active */
		#define TIF_SYSCALL_AUDIT 9 /* syscall auditing active */
		#define TIF_SECCOMP 10 /* secure computing */
		#define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */
		#define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling
		TIF_NEED_RESCHED */
		@@ -99,15 +100,16 @@ static inline struct thread_info *current_thread_info(void)
		#define TIF_RESTORE_SIGMASK 20 /* restore signal mask in do_signal() */
		#define TIF_FREEZE 21 /* thread is freezing for suspend */

		#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
		#define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME)
		#define _TIF_RESTORE_SIGMASK (1<<TIF_RESTORE_SIGMASK)
		#define _TIF_SIGPENDING (1<<TIF_SIGPENDING)
		#define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED)
		#define _TIF_RESTART_SVC (1<<TIF_RESTART_SVC)
		#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
		#define _TIF_SINGLE_STEP (1<<TIF_SINGLE_STEP)
		#define _TIF_MCCK_PENDING (1<<TIF_MCCK_PENDING)
		#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
		#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
		#define _TIF_SECCOMP (1<<TIF_SECCOMP)
		#define _TIF_USEDFPU (1<<TIF_USEDFPU)
		#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
		#define _TIF_31BIT (1<<TIF_31BIT)

arch/s390/kernel/entry.S

+3 −2

Original line number	Diff line number	Diff line
		@@ -53,6 +53,7 @@ _TIF_WORK_SVC = (_TIF_SIGPENDING \| _TIF_NOTIFY_RESUME \| _TIF_NEED_RESCHED \| \
		_TIF_MCCK_PENDING \| _TIF_RESTART_SVC \| _TIF_SINGLE_STEP )
		_TIF_WORK_INT = (_TIF_SIGPENDING \| _TIF_NOTIFY_RESUME \| _TIF_NEED_RESCHED \| \
		_TIF_MCCK_PENDING)
		_TIF_SYSCALL = (_TIF_SYSCALL_TRACE>>8 \| _TIF_SYSCALL_AUDIT>>8 \| _TIF_SECCOMP>>8)

		STACK_SHIFT = PAGE_SHIFT + THREAD_ORDER
		STACK_SIZE = 1 << STACK_SHIFT
		@@ -265,7 +266,7 @@ sysc_do_restart:
		sth %r7,SP_SVCNR(%r15)
		sll %r7,2 # svc number *4
		l %r8,BASED(.Lsysc_table)
		tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE\|_TIF_SYSCALL_AUDIT)
		tm __TI_flags+2(%r9),_TIF_SYSCALL
		l %r8,0(%r7,%r8) # get system call addr.
		bnz BASED(sysc_tracesys)
		basr %r14,%r8 # call sys_xxxx
		@@ -405,7 +406,7 @@ sysc_tracego:
		basr %r14,%r8 # call sys_xxx
		st %r2,SP_R2(%r15) # store return value
		sysc_tracenogo:
		tm __TI_flags+3(%r9),(_TIF_SYSCALL_TRACE\|_TIF_SYSCALL_AUDIT)
		tm __TI_flags+2(%r9),_TIF_SYSCALL
		bz BASED(sysc_return)
		l %r1,BASED(.Ltrace_exit)
		la %r2,SP_PTREGS(%r15) # load pt_regs

arch/s390/kernel/entry64.S

+3 −2

Original line number	Diff line number	Diff line
		@@ -56,6 +56,7 @@ _TIF_WORK_SVC = (_TIF_SIGPENDING \| _TIF_NOTIFY_RESUME \| _TIF_NEED_RESCHED \| \
		_TIF_MCCK_PENDING \| _TIF_RESTART_SVC \| _TIF_SINGLE_STEP )
		_TIF_WORK_INT = (_TIF_SIGPENDING \| _TIF_NOTIFY_RESUME \| _TIF_NEED_RESCHED \| \
		_TIF_MCCK_PENDING)
		_TIF_SYSCALL = (_TIF_SYSCALL_TRACE>>8 \| _TIF_SYSCALL_AUDIT>>8 \| _TIF_SECCOMP>>8)

		#define BASED(name) name-system_call(%r13)

		@@ -260,7 +261,7 @@ sysc_do_restart:
		larl %r10,sys_call_table_emu # use 31 bit emulation system calls
		sysc_noemu:
		#endif
		tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE\|_TIF_SYSCALL_AUDIT)
		tm __TI_flags+6(%r9),_TIF_SYSCALL
		lgf %r8,0(%r7,%r10) # load address of system call routine
		jnz sysc_tracesys
		basr %r14,%r8 # call sys_xxxx
		@@ -391,7 +392,7 @@ sysc_tracego:
		basr %r14,%r8 # call sys_xxx
		stg %r2,SP_R2(%r15) # store return value
		sysc_tracenogo:
		tm __TI_flags+7(%r9),(_TIF_SYSCALL_TRACE\|_TIF_SYSCALL_AUDIT)
		tm __TI_flags+6(%r9),_TIF_SYSCALL
		jz sysc_return
		la %r2,SP_PTREGS(%r15) # load pt_regs
		larl %r14,sysc_return # return point is sysc_return