Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 127c6f662348cbf2b1c09e6fc2748af316f7d2d6^! / .
commit127c6f662348cbf2b1c09e6fc2748af316f7d2d6[log] [tgz]
authorRalf Baechle <ralf@linux-mips.org>Fri Mar 18 17:36:42 2005 +0000
committerRalf Baechle <ralf@linux-mips.org>Sat Oct 29 19:30:58 2005 +0100
tree9e6b394e9987b933707856422879922016532533
parent53de0d471fe8ddbbeca938cffedb4cc94e04da10 [diff]
SECCOMP for MIPS.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index 41d782e..b54ac9a 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig

@@ -1530,6 +1530,23 @@
 	bool
 	default y if MIPS32_O32 || MIPS32_N32
 
+config SECCOMP
+	bool "Enable seccomp to safely compute untrusted bytecode"
+	depends on PROC_FS && BROKEN
+	default y
+	help
+	  This kernel feature is useful for number crunching applications
+	  that may need to compute untrusted bytecode during their
+	  execution. By using pipes or other transports made available to
+	  the process as file descriptors supporting the read/write
+	  syscalls, it's possible to isolate those applications in
+	  their own address space using seccomp. Once seccomp is
+	  enabled via /proc/<pid>/seccomp, it cannot be disabled
+	  and the task is only allowed to execute a few safe syscalls
+	  defined by each seccomp mode.
+
+	  If unsure, say Y. Only embedded should say N here.
+
 config PM
 	bool "Power Management support (EXPERIMENTAL)"
 	depends on EXPERIMENTAL && MACH_AU1X00

diff --git a/include/asm-mips/thread_info.h b/include/asm-mips/thread_info.h
index a70cb08..66a0c2a 100644
--- a/include/asm-mips/thread_info.h
+++ b/include/asm-mips/thread_info.h

@@ -114,6 +114,7 @@
 #define TIF_SIGPENDING		2	/* signal pending */
 #define TIF_NEED_RESCHED	3	/* rescheduling necessary */
 #define TIF_SYSCALL_AUDIT	4	/* syscall auditing active */
+#define TIF_SECCOMP		5	/* secure computing */
 #define TIF_USEDFPU		16	/* FPU was used by this task this quantum (SMP) */
 #define TIF_POLLING_NRFLAG	17	/* true if poll_idle() is polling TIF_NEED_RESCHED */
 #define TIF_MEMDIE		18
@@ -124,13 +125,14 @@
 #define _TIF_SIGPENDING		(1<<TIF_SIGPENDING)
 #define _TIF_NEED_RESCHED	(1<<TIF_NEED_RESCHED)
 #define _TIF_SYSCALL_AUDIT	(1<<TIF_SYSCALL_AUDIT)
+#define _TIF_SECCOMP		(1<<TIF_SECCOMP)
 #define _TIF_USEDFPU		(1<<TIF_USEDFPU)
 #define _TIF_POLLING_NRFLAG	(1<<TIF_POLLING_NRFLAG)
 
-#define _TIF_WORK_MASK		0x0000ffef	/* work to do on
-                                                   interrupt/exception return */
-#define _TIF_ALLWORK_MASK	0x8000ffff	/* work to do on any return to
-                                                   u-space */
+/* work to do on interrupt/exception return */
+#define _TIF_WORK_MASK		(0x0000ffef & ~_TIF_SECCOMP)
+/* work to do on any return to u-space */
+#define _TIF_ALLWORK_MASK	(0x8000ffff & ~_TIF_SECCOMP)
 
 #endif /* __KERNEL__ */