Skip to main content

Browse the archive

Revision 7205649778ca4a110d6098f8defd7312f0bb7289 authored by Linus Torvalds on 27 January 2011, 20:35:51 UTC, committed by Linus Torvalds on 27 January 2011, 20:35:51 UTC 
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
 
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (43 commits)
  bnx2: Eliminate AER error messages on systems not supporting it
  cnic: Fix big endian bug
  xfrm6: Don't forget to propagate peer into ipsec route.
  tg3: Use new VLAN code
  bonding: update documentation - alternate configuration.
  TCP: fix a bug that triggers large number of TCP RST by mistake
  MAINTAINERS: remove Reinette Chatre as iwlwifi maintainer
  rt2x00: add device id for windy31 usb device
  mac80211: fix a crash in ieee80211_beacon_get_tim on change_interface
  ipv6: Revert 'administrative down' address handling changes.
  textsearch: doc - fix spelling in lib/textsearch.c.
  USB NET KL5KUSB101: Fix mem leak in error path of kaweth_download_firmware()
  pch_gbe: don't use flush_scheduled_work()
  bnx2: Always set ETH_FLAG_TXVLAN
  net: clear heap allocation for ethtool_get_regs()
  ipv6: Always clone offlink routes.
  dcbnl: make get_app handling symmetric for IEEE and CEE DCBx
  tcp: fix bug in listening_get_next()
  inetpeer: Use correct AVL tree base pointer in inet_getpeer().
  GRO: fix merging a paged skb after non-paged skbs
  ...
2 parent s 0b711ca + 4bb9ebc
Raw File
seccomp.c 
/*
 * linux/kernel/seccomp.c
 *
 * Copyright 2004-2005  Andrea Arcangeli <andrea@cpushare.com>
 *
 * This defines a simple but solid secure-computing mode.
 */

#include <linux/seccomp.h>
#include <linux/sched.h>
#include <linux/compat.h>

/* #define SECCOMP_DEBUG 1 */
#define NR_SECCOMP_MODES 1

/*
 * Secure computing mode 1 allows only read/write/exit/sigreturn.
 * To be fully secure this must be combined with rlimit
 * to limit the stack allocations too.
 */
static int mode1_syscalls[] = {
	__NR_seccomp_read, __NR_seccomp_write, __NR_seccomp_exit, __NR_seccomp_sigreturn,
	0, /* null terminated */
};

#ifdef CONFIG_COMPAT
static int mode1_syscalls_32[] = {
	__NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,
	0, /* null terminated */
};
#endif

void __secure_computing(int this_syscall)
{
	int mode = current->seccomp.mode;
	int * syscall;

	switch (mode) {
	case 1:
		syscall = mode1_syscalls;
#ifdef CONFIG_COMPAT
		if (is_compat_task())
			syscall = mode1_syscalls_32;
#endif
		do {
			if (*syscall == this_syscall)
				return;
		} while (*++syscall);
		break;
	default:
		BUG();
	}

#ifdef SECCOMP_DEBUG
	dump_stack();
#endif
	do_exit(SIGKILL);
}

long prctl_get_seccomp(void)
{
	return current->seccomp.mode;
}

long prctl_set_seccomp(unsigned long seccomp_mode)
{
	long ret;

	/* can set it only once to be even more secure */
	ret = -EPERM;
	if (unlikely(current->seccomp.mode))
		goto out;

	ret = -EINVAL;
	if (seccomp_mode && seccomp_mode <= NR_SECCOMP_MODES) {
		current->seccomp.mode = seccomp_mode;
		set_thread_flag(TIF_SECCOMP);
#ifdef TIF_NOTSC
		disable_TSC();
#endif
		ret = 0;
	}

 out:
	return ret;
}
back to top