summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRalf Baechle <ralf@linux-mips.org>2005-03-18 17:36:42 +0000
committerRalf Baechle <ralf@linux-mips.org>2005-10-29 19:30:58 +0100
commit127c6f662348cbf2b1c09e6fc2748af316f7d2d6 (patch)
tree9e6b394e9987b933707856422879922016532533
parent53de0d471fe8ddbbeca938cffedb4cc94e04da10 (diff)
SECCOMP for MIPS.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-rw-r--r--arch/mips/Kconfig17
-rw-r--r--include/asm-mips/thread_info.h10
2 files changed, 23 insertions, 4 deletions
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index 41d782e207c..b54ac9a75d5 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -1530,6 +1530,23 @@ config BINFMT_ELF32
bool
default y if MIPS32_O32 || MIPS32_N32
+config SECCOMP
+ bool "Enable seccomp to safely compute untrusted bytecode"
+ depends on PROC_FS && BROKEN
+ default y
+ help
+ This kernel feature is useful for number crunching applications
+ that may need to compute untrusted bytecode during their
+ execution. By using pipes or other transports made available to
+ the process as file descriptors supporting the read/write
+ syscalls, it's possible to isolate those applications in
+ their own address space using seccomp. Once seccomp is
+ enabled via /proc/<pid>/seccomp, it cannot be disabled
+ and the task is only allowed to execute a few safe syscalls
+ defined by each seccomp mode.
+
+ If unsure, say Y. Only embedded should say N here.
+
config PM
bool "Power Management support (EXPERIMENTAL)"
depends on EXPERIMENTAL && MACH_AU1X00
diff --git a/include/asm-mips/thread_info.h b/include/asm-mips/thread_info.h
index a70cb0854c8..66a0c2ae7d6 100644
--- a/include/asm-mips/thread_info.h
+++ b/include/asm-mips/thread_info.h
@@ -114,6 +114,7 @@ register struct thread_info *__current_thread_info __asm__("$28");
#define TIF_SIGPENDING 2 /* signal pending */
#define TIF_NEED_RESCHED 3 /* rescheduling necessary */
#define TIF_SYSCALL_AUDIT 4 /* syscall auditing active */
+#define TIF_SECCOMP 5 /* secure computing */
#define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */
#define TIF_POLLING_NRFLAG 17 /* true if poll_idle() is polling TIF_NEED_RESCHED */
#define TIF_MEMDIE 18
@@ -124,13 +125,14 @@ register struct thread_info *__current_thread_info __asm__("$28");
#define _TIF_SIGPENDING (1<<TIF_SIGPENDING)
#define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED)
#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
+#define _TIF_SECCOMP (1<<TIF_SECCOMP)
#define _TIF_USEDFPU (1<<TIF_USEDFPU)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
-#define _TIF_WORK_MASK 0x0000ffef /* work to do on
- interrupt/exception return */
-#define _TIF_ALLWORK_MASK 0x8000ffff /* work to do on any return to
- u-space */
+/* work to do on interrupt/exception return */
+#define _TIF_WORK_MASK (0x0000ffef & ~_TIF_SECCOMP)
+/* work to do on any return to u-space */
+#define _TIF_ALLWORK_MASK (0x8000ffff & ~_TIF_SECCOMP)
#endif /* __KERNEL__ */