/*
 * linux/kernel/seccomp.c
 *
 * Copyright 2004-2005  Andrea Arcangeli <andrea@cpushare.com>
 *
 * This defines a simple but solid secure-computing mode.
 */

#include <linux/seccomp.h>
#include <linux/sched.h>
#include <linux/compat.h>

/* #define SECCOMP_DEBUG 1 */
#define NR_SECCOMP_MODES 1

/*
 * Secure computing mode 1 allows only read/write/exit/sigreturn.
 * To be fully secure this must be combined with rlimit
 * to limit the stack allocations too.
 */
static int mode1_syscalls[] = {
        __NR_seccomp_read, __NR_seccomp_write, __NR_seccomp_exit, __NR_seccomp_sigreturn,
        0, /* null terminated */
};

#ifdef CONFIG_COMPAT
static int mode1_syscalls_32[] = {
        __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,
        0, /* null terminated */
};
#endif

void __secure_computing(int this_syscall)
{
        int mode = current->seccomp.mode;
        int * syscall;

        switch (mode) {
        case 1:
                syscall = mode1_syscalls;
#ifdef CONFIG_COMPAT
                if (is_compat_task())
                        syscall = mode1_syscalls_32;
#endif
                do {
                        if (*syscall == this_syscall)
                                return;
                } while (*++syscall);
                break;
        default:
                BUG();
        }

#ifdef SECCOMP_DEBUG
        dump_stack();
#endif
        do_exit(SIGKILL);
}

long prctl_get_seccomp(void)
{
        return current->seccomp.mode;
}

long prctl_set_seccomp(unsigned long seccomp_mode)
{
        long ret;

        /* can set it only once to be even more secure */
        ret = -EPERM;
        if (unlikely(current->seccomp.mode))
                goto out;

        ret = -EINVAL;
        if (seccomp_mode && seccomp_mode <= NR_SECCOMP_MODES) {
                current->seccomp.mode = seccomp_mode;
                set_thread_flag(TIF_SECCOMP);
#ifdef TIF_NOTSC
                disable_TSC();
#endif
                ret = 0;
        }

 out:
        return ret;
}