diff mbox series

[v2,22/28] um: Add UML_SECCOMP configuration option

Message ID 20221122100759.208290-23-benjamin@sipsolutions.net
State Under Review
Delegated to: Richard Weinberger
Headers show
Series Implement SECCOMP based userland | expand

Commit Message

Benjamin Berg Nov. 22, 2022, 10:07 a.m. UTC
From: Benjamin Berg <benjamin@sipsolutions.net>

Add the UML_SECCOMP configuration options. The next commits will add the
support itself in smaller chunks.

Only x86_64 will be supported for now.

Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>
 arch/um/Kconfig | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
diff mbox series


diff --git a/arch/um/Kconfig b/arch/um/Kconfig
index 78de31ac1da7..e67c6402dd4b 100644
--- a/arch/um/Kconfig
+++ b/arch/um/Kconfig
@@ -234,6 +234,25 @@  config KASAN_SHADOW_OFFSET
 	  set to a large value. On low-memory systems, try 0x7fff8000, as it fits
 	  into the immediate of most instructions, improving performance.
+	bool "seccomp based process tracing"
+	default n
+	depends on 64BIT
+	help
+	  Enable this option will enable seccomp based tracing of processes.
+	  UML must call syscalls from within the userspace processes when
+	  mapping physical memory in response to page faults. Using seccomp
+	  based tracing permits delaying these host syscalls until userspace
+	  processes are resumed in order to run a task, thereby avoiding
+	  overhead for the host by saving context switches.
+	  This feature speeds up e.g. fork() heavy workloads considerably.
+	  However, the current implementation is not safe as userspace
+	  processes can trigger any syscall to the host OS.
+	  If in doubt say N, as the feature has security implications.
 source "arch/um/drivers/Kconfig"