mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-22 20:23:57 +08:00
c50b4659e4
This brings SECCOMP_MODE_STRICT and SECCOMP_MODE_FILTER support through prctl(2) and seccomp(2) to User-mode Linux for i386 and x86_64 subarchitectures. secure_computing() is called first in handle_syscall() so that the syscall emulation will be aborted quickly if matching a seccomp rule. This is inspired from Meredydd Luff's patch (https://gerrit.chromium.org/gerrit/21425). Signed-off-by: Mickaël Salaün <mic@digikod.net> Cc: Jeff Dike <jdike@addtoit.com> Cc: Richard Weinberger <richard@nod.at> Cc: Ingo Molnar <mingo@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Will Drewry <wad@chromium.org> Cc: Chris Metcalf <cmetcalf@ezchip.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: James Hogan <james.hogan@imgtec.com> Cc: Meredydd Luff <meredydd@senatehouse.org> Cc: David Drysdale <drysdale@google.com> Signed-off-by: Richard Weinberger <richard@nod.at> Acked-by: Kees Cook <keescook@chromium.org>
75 lines
2.0 KiB
C
75 lines
2.0 KiB
C
/*
|
|
* Copyright (C) 2002 - 2007 Jeff Dike (jdike@{addtoit,linux.intel}.com)
|
|
* Licensed under the GPL
|
|
*/
|
|
|
|
#ifndef __UM_THREAD_INFO_H
|
|
#define __UM_THREAD_INFO_H
|
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
#include <asm/types.h>
|
|
#include <asm/page.h>
|
|
#include <asm/segment.h>
|
|
|
|
struct thread_info {
|
|
struct task_struct *task; /* main task structure */
|
|
unsigned long flags; /* low level flags */
|
|
__u32 cpu; /* current CPU */
|
|
int preempt_count; /* 0 => preemptable,
|
|
<0 => BUG */
|
|
mm_segment_t addr_limit; /* thread address space:
|
|
0-0xBFFFFFFF for user
|
|
0-0xFFFFFFFF for kernel */
|
|
struct thread_info *real_thread; /* Points to non-IRQ stack */
|
|
};
|
|
|
|
#define INIT_THREAD_INFO(tsk) \
|
|
{ \
|
|
.task = &tsk, \
|
|
.flags = 0, \
|
|
.cpu = 0, \
|
|
.preempt_count = INIT_PREEMPT_COUNT, \
|
|
.addr_limit = KERNEL_DS, \
|
|
.real_thread = NULL, \
|
|
}
|
|
|
|
#define init_thread_info (init_thread_union.thread_info)
|
|
#define init_stack (init_thread_union.stack)
|
|
|
|
#define THREAD_SIZE ((1 << CONFIG_KERNEL_STACK_ORDER) * PAGE_SIZE)
|
|
/* how to get the thread information struct from C */
|
|
static inline struct thread_info *current_thread_info(void)
|
|
{
|
|
struct thread_info *ti;
|
|
unsigned long mask = THREAD_SIZE - 1;
|
|
void *p;
|
|
|
|
asm volatile ("" : "=r" (p) : "0" (&ti));
|
|
ti = (struct thread_info *) (((unsigned long)p) & ~mask);
|
|
return ti;
|
|
}
|
|
|
|
#define THREAD_SIZE_ORDER CONFIG_KERNEL_STACK_ORDER
|
|
|
|
#endif
|
|
|
|
#define TIF_SYSCALL_TRACE 0 /* syscall trace active */
|
|
#define TIF_SIGPENDING 1 /* signal pending */
|
|
#define TIF_NEED_RESCHED 2 /* rescheduling necessary */
|
|
#define TIF_RESTART_BLOCK 4
|
|
#define TIF_MEMDIE 5 /* is terminating due to OOM killer */
|
|
#define TIF_SYSCALL_AUDIT 6
|
|
#define TIF_RESTORE_SIGMASK 7
|
|
#define TIF_NOTIFY_RESUME 8
|
|
#define TIF_SECCOMP 9 /* secure computing */
|
|
|
|
#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
|
|
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
|
|
#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
|
|
#define _TIF_MEMDIE (1 << TIF_MEMDIE)
|
|
#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT)
|
|
#define _TIF_SECCOMP (1 << TIF_SECCOMP)
|
|
|
|
#endif
|