Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
gsplhtlxg
clone-Linux
提交
a0ddef81
C
clone-Linux
项目概览
gsplhtlxg
/
clone-Linux
通知
2
Star
0
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
C
clone-Linux
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
a0ddef81
编写于
7月 22, 2015
作者:
C
Chris Metcalf
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
tile: enable full SECCOMP support
Signed-off-by:
N
Chris Metcalf
<
cmetcalf@ezchip.com
>
上级
38715df2
变更
10
隐藏空白更改
内联
并排
Showing
10 changed file
with
57 addition
and
5 deletion
+57
-5
Documentation/features/seccomp/seccomp-filter/arch-support.txt
...entation/features/seccomp/seccomp-filter/arch-support.txt
+1
-1
arch/tile/Kconfig
arch/tile/Kconfig
+17
-0
arch/tile/include/asm/Kbuild
arch/tile/include/asm/Kbuild
+1
-0
arch/tile/include/asm/elf.h
arch/tile/include/asm/elf.h
+1
-3
arch/tile/include/asm/syscall.h
arch/tile/include/asm/syscall.h
+27
-1
arch/tile/kernel/intvec_32.S
arch/tile/kernel/intvec_32.S
+1
-0
arch/tile/kernel/intvec_64.S
arch/tile/kernel/intvec_64.S
+1
-0
arch/tile/kernel/ptrace.c
arch/tile/kernel/ptrace.c
+3
-0
include/uapi/linux/audit.h
include/uapi/linux/audit.h
+3
-0
include/uapi/linux/elf-em.h
include/uapi/linux/elf-em.h
+2
-0
未找到文件。
Documentation/features/seccomp/seccomp-filter/arch-support.txt
浏览文件 @
a0ddef81
...
@@ -32,7 +32,7 @@
...
@@ -32,7 +32,7 @@
| score: | TODO |
| score: | TODO |
| sh: | TODO |
| sh: | TODO |
| sparc: | TODO |
| sparc: | TODO |
| tile: |
TODO
|
| tile: |
ok
|
| um: | TODO |
| um: | TODO |
| unicore32: | TODO |
| unicore32: | TODO |
| x86: | ok |
| x86: | ok |
...
...
arch/tile/Kconfig
浏览文件 @
a0ddef81
...
@@ -32,6 +32,7 @@ config TILE
...
@@ -32,6 +32,7 @@ config TILE
select EDAC_SUPPORT
select EDAC_SUPPORT
select GENERIC_STRNCPY_FROM_USER
select GENERIC_STRNCPY_FROM_USER
select GENERIC_STRNLEN_USER
select GENERIC_STRNLEN_USER
select HAVE_ARCH_SECCOMP_FILTER
# FIXME: investigate whether we need/want these options.
# FIXME: investigate whether we need/want these options.
# select HAVE_IOREMAP_PROT
# select HAVE_IOREMAP_PROT
...
@@ -221,6 +222,22 @@ config COMPAT
...
@@ -221,6 +222,22 @@ config COMPAT
If enabled, the kernel will support running TILE-Gx binaries
If enabled, the kernel will support running TILE-Gx binaries
that were built with the -m32 option.
that were built with the -m32 option.
config SECCOMP
bool "Enable seccomp to safely compute untrusted bytecode"
depends on PROC_FS
help
This kernel feature is useful for number crunching applications
that may need to compute untrusted bytecode during their
execution. By using pipes or other transports made available to
the process as file descriptors supporting the read/write
syscalls, it's possible to isolate those applications in
their own address space using seccomp. Once seccomp is
enabled via prctl, it cannot be disabled and the task is only
allowed to execute a few safe syscalls defined by each seccomp
mode.
If unsure, say N.
config SYSVIPC_COMPAT
config SYSVIPC_COMPAT
def_bool y
def_bool y
depends on COMPAT && SYSVIPC
depends on COMPAT && SYSVIPC
...
...
arch/tile/include/asm/Kbuild
浏览文件 @
a0ddef81
...
@@ -28,6 +28,7 @@ generic-y += poll.h
...
@@ -28,6 +28,7 @@ generic-y += poll.h
generic-y += posix_types.h
generic-y += posix_types.h
generic-y += preempt.h
generic-y += preempt.h
generic-y += resource.h
generic-y += resource.h
generic-y += seccomp.h
generic-y += sembuf.h
generic-y += sembuf.h
generic-y += serial.h
generic-y += serial.h
generic-y += shmbuf.h
generic-y += shmbuf.h
...
...
arch/tile/include/asm/elf.h
浏览文件 @
a0ddef81
...
@@ -22,6 +22,7 @@
...
@@ -22,6 +22,7 @@
#include <arch/chip.h>
#include <arch/chip.h>
#include <linux/ptrace.h>
#include <linux/ptrace.h>
#include <linux/elf-em.h>
#include <asm/byteorder.h>
#include <asm/byteorder.h>
#include <asm/page.h>
#include <asm/page.h>
...
@@ -30,9 +31,6 @@ typedef unsigned long elf_greg_t;
...
@@ -30,9 +31,6 @@ typedef unsigned long elf_greg_t;
#define ELF_NGREG (sizeof(struct pt_regs) / sizeof(elf_greg_t))
#define ELF_NGREG (sizeof(struct pt_regs) / sizeof(elf_greg_t))
typedef
elf_greg_t
elf_gregset_t
[
ELF_NGREG
];
typedef
elf_greg_t
elf_gregset_t
[
ELF_NGREG
];
#define EM_TILEPRO 188
#define EM_TILEGX 191
/* Provide a nominal data structure. */
/* Provide a nominal data structure. */
#define ELF_NFPREG 0
#define ELF_NFPREG 0
typedef
double
elf_fpreg_t
;
typedef
double
elf_fpreg_t
;
...
...
arch/tile/include/asm/syscall.h
浏览文件 @
a0ddef81
...
@@ -20,6 +20,8 @@
...
@@ -20,6 +20,8 @@
#include <linux/sched.h>
#include <linux/sched.h>
#include <linux/err.h>
#include <linux/err.h>
#include <linux/audit.h>
#include <linux/compat.h>
#include <arch/abi.h>
#include <arch/abi.h>
/* The array of function pointers for syscalls. */
/* The array of function pointers for syscalls. */
...
@@ -61,7 +63,15 @@ static inline void syscall_set_return_value(struct task_struct *task,
...
@@ -61,7 +63,15 @@ static inline void syscall_set_return_value(struct task_struct *task,
struct
pt_regs
*
regs
,
struct
pt_regs
*
regs
,
int
error
,
long
val
)
int
error
,
long
val
)
{
{
regs
->
regs
[
0
]
=
(
long
)
error
?:
val
;
if
(
error
)
{
/* R0 is the passed-in negative error, R1 is positive. */
regs
->
regs
[
0
]
=
error
;
regs
->
regs
[
1
]
=
-
error
;
}
else
{
/* R1 set to zero to indicate no error. */
regs
->
regs
[
0
]
=
val
;
regs
->
regs
[
1
]
=
0
;
}
}
}
static
inline
void
syscall_get_arguments
(
struct
task_struct
*
task
,
static
inline
void
syscall_get_arguments
(
struct
task_struct
*
task
,
...
@@ -82,4 +92,20 @@ static inline void syscall_set_arguments(struct task_struct *task,
...
@@ -82,4 +92,20 @@ static inline void syscall_set_arguments(struct task_struct *task,
memcpy
(
&
regs
[
i
],
args
,
n
*
sizeof
(
args
[
0
]));
memcpy
(
&
regs
[
i
],
args
,
n
*
sizeof
(
args
[
0
]));
}
}
/*
* We don't care about endianness (__AUDIT_ARCH_LE bit) here because
* tile has the same system calls both on little- and big- endian.
*/
static
inline
int
syscall_get_arch
(
void
)
{
if
(
is_compat_task
())
return
AUDIT_ARCH_TILEGX32
;
#ifdef CONFIG_TILEGX
return
AUDIT_ARCH_TILEGX
;
#else
return
AUDIT_ARCH_TILEPRO
;
#endif
}
#endif
/* _ASM_TILE_SYSCALL_H */
#endif
/* _ASM_TILE_SYSCALL_H */
arch/tile/kernel/intvec_32.S
浏览文件 @
a0ddef81
...
@@ -1224,6 +1224,7 @@ handle_syscall:
...
@@ -1224,6 +1224,7 @@ handle_syscall:
jal
do_syscall_trace_enter
jal
do_syscall_trace_enter
}
}
FEEDBACK_REENTER
(
handle_syscall
)
FEEDBACK_REENTER
(
handle_syscall
)
blz
r0
,
.
Lsyscall_sigreturn_skip
/
*
/
*
*
We
always
reload
our
registers
from
the
stack
at
this
*
We
always
reload
our
registers
from
the
stack
at
this
...
...
arch/tile/kernel/intvec_64.S
浏览文件 @
a0ddef81
...
@@ -1247,6 +1247,7 @@ handle_syscall:
...
@@ -1247,6 +1247,7 @@ handle_syscall:
jal
do_syscall_trace_enter
jal
do_syscall_trace_enter
}
}
FEEDBACK_REENTER
(
handle_syscall
)
FEEDBACK_REENTER
(
handle_syscall
)
bltz
r0
,
.
Lsyscall_sigreturn_skip
/
*
/
*
*
We
always
reload
our
registers
from
the
stack
at
this
*
We
always
reload
our
registers
from
the
stack
at
this
...
...
arch/tile/kernel/ptrace.c
浏览文件 @
a0ddef81
...
@@ -262,6 +262,9 @@ int do_syscall_trace_enter(struct pt_regs *regs)
...
@@ -262,6 +262,9 @@ int do_syscall_trace_enter(struct pt_regs *regs)
if
(
work
&
_TIF_NOHZ
)
if
(
work
&
_TIF_NOHZ
)
user_exit
();
user_exit
();
if
(
secure_computing
()
==
-
1
)
return
-
1
;
if
(
work
&
_TIF_SYSCALL_TRACE
)
{
if
(
work
&
_TIF_SYSCALL_TRACE
)
{
if
(
tracehook_report_syscall_entry
(
regs
))
if
(
tracehook_report_syscall_entry
(
regs
))
regs
->
regs
[
TREG_SYSCALL_NR
]
=
-
1
;
regs
->
regs
[
TREG_SYSCALL_NR
]
=
-
1
;
...
...
include/uapi/linux/audit.h
浏览文件 @
a0ddef81
...
@@ -382,6 +382,9 @@ enum {
...
@@ -382,6 +382,9 @@ enum {
#define AUDIT_ARCH_SHEL64 (EM_SH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_SHEL64 (EM_SH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_SPARC (EM_SPARC)
#define AUDIT_ARCH_SPARC (EM_SPARC)
#define AUDIT_ARCH_SPARC64 (EM_SPARCV9|__AUDIT_ARCH_64BIT)
#define AUDIT_ARCH_SPARC64 (EM_SPARCV9|__AUDIT_ARCH_64BIT)
#define AUDIT_ARCH_TILEGX (EM_TILEGX|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_TILEGX32 (EM_TILEGX|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_TILEPRO (EM_TILEPRO|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#define AUDIT_PERM_EXEC 1
#define AUDIT_PERM_EXEC 1
...
...
include/uapi/linux/elf-em.h
浏览文件 @
a0ddef81
...
@@ -38,6 +38,8 @@
...
@@ -38,6 +38,8 @@
#define EM_ALTERA_NIOS2 113
/* Altera Nios II soft-core processor */
#define EM_ALTERA_NIOS2 113
/* Altera Nios II soft-core processor */
#define EM_TI_C6000 140
/* TI C6X DSPs */
#define EM_TI_C6000 140
/* TI C6X DSPs */
#define EM_AARCH64 183
/* ARM 64 bit */
#define EM_AARCH64 183
/* ARM 64 bit */
#define EM_TILEPRO 188
/* Tilera TILEPro */
#define EM_TILEGX 191
/* Tilera TILE-Gx */
#define EM_FRV 0x5441
/* Fujitsu FR-V */
#define EM_FRV 0x5441
/* Fujitsu FR-V */
#define EM_AVR32 0x18ad
/* Atmel AVR32 */
#define EM_AVR32 0x18ad
/* Atmel AVR32 */
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录