Message ID | 20221122100759.208290-23-benjamin@sipsolutions.net |
---|---|
State | Under Review |
Delegated to: | Richard Weinberger |
Headers | show
Return-Path: <linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=<UNKNOWN>) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=k7n1iQWH; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=sipsolutions.net header.i=@sipsolutions.net header.a=rsa-sha256 header.s=mail header.b=NeKzY+PE; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NGg5k3Jbrz23nl for <incoming@patchwork.ozlabs.org>; Tue, 22 Nov 2022 21:11:38 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=JdtsObb2VFiVINa11jTvFF/VfCut7YbPf+MmlLgLiAc=; b=k7n1iQWHIGeoLl kP3mtPSU+wgvibKrB6s5fkHGyo6owUcE9DI0roxzyqnUnzuRulrmlEfT//z/q1plypNJP6ala8OZt ZZEPtduDqw5AQyoPH0tkOnLX995o2m1LdA3sBjIbfujBEiO0VEcd13Dp13uFPFiS5mlQLovXuaDbX FJB84JEig+vFyky7iWN+V/vX9s9OEg3tXn6WG0xYFS70+S1pa9v1TwYbGP71yTMSsEf2ZFSXU/mUS caWA5uvRX2NZYE+7J/F2idM1TnSQ5lmEAqJyD6WGC5LARy958XCqN4YrhPkIb3Fu11/Nnp8qWyUZn 037JHdK9PWyDl8qGHVFA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oxQFU-007g98-SZ; Tue, 22 Nov 2022 10:11:28 +0000 Received: from s3.sipsolutions.net ([2a01:4f8:191:4433::2] helo=sipsolutions.net) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oxQF3-007feV-4C for linux-um@lists.infradead.org; Tue, 22 Nov 2022 10:11:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sipsolutions.net; s=mail; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Content-Type:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-To: Resent-Cc:Resent-Message-ID; bh=5L1D6OT+aIBztZuiRFU8yv3CLkxmEuW5lEpp3nLtTtg=; t=1669111857; x=1670321457; b=NeKzY+PE0MbjydYKukdK1s2YwtDJJOp86dd0ri9dckkTnum M+ZUCoUWkGTSvZ88kL/TsN7EdU1FP3V4naPoeDpiyz35mIH4hTFsiI2qeABFxOrThDqHxDyPhS8fw rarESW97S4ZCDhp2bDJvTJHt7eepgNvViT3XUdT+drXAV36o2WTiWxvdEA5Cp5ZISI1wRdXyapL17 Cw133aInAbmS5mHrAMXJnLNBnRcCh6IZyao6ObqjcoDIAjCgcou0OEK8XupL6F/CfYD5ZjvEBWpnG p1HvngnZkG5hgg1P+BAxa5WG4szd3/72rIxcofYZl7Ny2K9RtKRWT0pvNLCWyezg==; Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <benjamin@sipsolutions.net>) id 1oxQEt-006IGn-0q; Tue, 22 Nov 2022 11:10:51 +0100 From: benjamin@sipsolutions.net To: linux-um@lists.infradead.org Cc: Benjamin Berg <benjamin@sipsolutions.net> Subject: [PATCH v2 22/28] um: Add UML_SECCOMP configuration option Date: Tue, 22 Nov 2022 11:07:53 +0100 Message-Id: <20221122100759.208290-23-benjamin@sipsolutions.net> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221122100759.208290-1-benjamin@sipsolutions.net> References: <20221122100759.208290-1-benjamin@sipsolutions.net> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221122_021101_273246_025D38DD X-CRM114-Status: UNSURE ( 9.17 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Benjamin Berg <benjamin@sipsolutions.net> Add the UML_SECCOMP configuration options. The next commits will add the support itself in smaller chunks. Only x86_64 will be supported for now. Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: linux-um@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: <linux-um.lists.infradead.org> List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-um>, <mailto:linux-um-request@lists.infradead.org?subject=unsubscribe> List-Archive: <http://lists.infradead.org/pipermail/linux-um/> List-Post: <mailto:linux-um@lists.infradead.org> List-Help: <mailto:linux-um-request@lists.infradead.org?subject=help> List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-um>, <mailto:linux-um-request@lists.infradead.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-um" <linux-um-bounces@lists.infradead.org> Errors-To: linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org |
Series |
Implement SECCOMP based userland
|
expand
|
diff --git a/arch/um/Kconfig b/arch/um/Kconfig index 78de31ac1da7..e67c6402dd4b 100644 --- a/arch/um/Kconfig +++ b/arch/um/Kconfig @@ -234,6 +234,25 @@ config KASAN_SHADOW_OFFSET set to a large value. On low-memory systems, try 0x7fff8000, as it fits into the immediate of most instructions, improving performance. +config UML_SECCOMP + bool "seccomp based process tracing" + default n + depends on 64BIT + help + Enable this option will enable seccomp based tracing of processes. + + UML must call syscalls from within the userspace processes when + mapping physical memory in response to page faults. Using seccomp + based tracing permits delaying these host syscalls until userspace + processes are resumed in order to run a task, thereby avoiding + overhead for the host by saving context switches. + + This feature speeds up e.g. fork() heavy workloads considerably. + However, the current implementation is not safe as userspace + processes can trigger any syscall to the host OS. + + If in doubt say N, as the feature has security implications. + endmenu source "arch/um/drivers/Kconfig"