[21/27] um: Add UML_SECCOMP configuration option

Message ID	20210303155523.124277-22-benjamin@sipsolutions.net
State	Not Applicable
Headers	show Return-Path: <linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Benjamin Berg <benjamin@sipsolutions.net> To: linux-um@lists.infradead.org Cc: Benjamin Berg <benjamin@sipsolutions.net> Subject: [PATCH 21/27] um: Add UML_SECCOMP configuration option Date: Wed, 3 Mar 2021 16:55:17 +0100 Message-Id: <20210303155523.124277-22-benjamin@sipsolutions.net> In-Reply-To: <20210303155523.124277-1-benjamin@sipsolutions.net> References: <20210303155523.124277-1-benjamin@sipsolutions.net> MIME-Version: 1.0 preview: Add the UML_SECCOMP configuration options. The next commits will add the support itself in smaller chunks. Only x86_64 will be supported for now. Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net> --- arch/um/Kconfig \| 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) Content analysis details: (0.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-um" <linux-um-bounces@lists.infradead.org> Errors-To: linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	Implement SECCOMP based userland \| expand [00/27] Implement SECCOMP based userland [01/27] um: Switch printk calls to adhere to correct coding style [02/27] um: Declare fix_range_common as a static function [03/27] um: Drop support for hosts without SYSEMU_SINGLESTEP support [04/27] um: Drop NULL check from start_userspace [05/27] um: Make errors to stop ptraced child fatal during startup [06/27] um: Don't use vfprintf() for os_info() [07/27] um: Do not use printk in SIGWINCH helper thread [08/27] um: Reap winch thread if it fails [09/27] um: Do not use printk in userspace trampoline [10/27] um: Always inline stub functions [11/27] um: Rely on PTRACE_SETREGSET to set FS/GS base registers [12/27] um: Remove unused register save/restore functions [13/27] um: Mark 32bit syscall helpers as clobbering memory [14/27] um: Create signal stack memory assignment in stub_data [15/27] um: Add generic stub_syscall6 function [16/27] um: Rework syscall handling [17/27] um: Store full CSGSFS and SS register from mcontext [18/27] um: Pass full mm_id to functions creating helper processes [19/27] um: Move faultinfo extraction into userspace routine [20/27] um: Use struct uml_pt_regs for copy_context_skas0 [21/27] um: Add UML_SECCOMP configuration option [22/27] um: Add stub side of SECCOMP/futex based process handling [23/27] um: Add helper functions to get/set state for SECCOMP [24/27] um: Add SECCOMP support detection and initialization [25/27] um: Die if a child dies unexpectedly in seccomp mode [26/27] um: Implement kernel side of SECCOMP based process handling [27/27] um: Delay flushing syscalls until the thread is restarted

Message ID

20210303155523.124277-22-benjamin@sipsolutions.net

State

Not Applicable

Headers

From: Benjamin Berg <benjamin@sipsolutions.net>
To: linux-um@lists.infradead.org
Cc: Benjamin Berg <benjamin@sipsolutions.net>
Subject: [PATCH 21/27] um: Add UML_SECCOMP configuration option
Date: Wed,  3 Mar 2021 16:55:17 +0100
Message-Id: <20210303155523.124277-22-benjamin@sipsolutions.net>
In-Reply-To: <20210303155523.124277-1-benjamin@sipsolutions.net>
References: <20210303155523.124277-1-benjamin@sipsolutions.net>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-um" <linux-um-bounces@lists.infradead.org>
Errors-To: linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

Implement SECCOMP based userland | expand

Commit Message

Benjamin Berg March 3, 2021, 3:55 p.m. UTC

Add the UML_SECCOMP configuration options. The next commits will add the
support itself in smaller chunks.

Only x86_64 will be supported for now.

Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>
---
 arch/um/Kconfig | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/arch/um/Kconfig b/arch/um/Kconfig
index c3030db3325f..769bc770c5fa 100644
--- a/arch/um/Kconfig
+++ b/arch/um/Kconfig
@@ -188,6 +188,25 @@  config UML_TIME_TRAVEL_SUPPORT
 
 	  It is safe to say Y, but you probably don't need this.
 
+config UML_SECCOMP
+	bool "seccomp based process tracing"
+	default n
+	depends on 64BIT
+	help
+	  Enable this option will enable seccomp based tracing of processes.
+
+	  UML must call syscalls from within the userspace processes when
+	  mapping physical memory in response to page faults. Using seccomp
+	  based tracing permits delaying these host syscalls until userspace
+	  processes are resumed in order to run a task, thereby avoiding
+	  overhead for the host by saving context switches.
+
+	  This feature speeds up e.g. fork() heavy workloads considerably.
+	  However, the current implementation is not safe as userspace
+	  processes can trigger any syscall to the host OS.
+
+	  If in doubt say N, as the feature has security implications.
+
 endmenu
 
 source "arch/um/drivers/Kconfig"

[21/27] um: Add UML_SECCOMP configuration option

Commit Message

Patch