diff mbox series

[v2,8/8] um: Add UML_SECCOMP configuration option

Message ID 20250430160413.3250227-9-benjamin@sipsolutions.net
State Changes Requested
Headers show
Series SECCOMP based userspace for UML | expand

Commit Message

Benjamin Berg April 30, 2025, 4:04 p.m. UTC 
Add the UML_SECCOMP configuration options.

Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>

---
v1:
- Move to the end

RFCv2:
- Remove "default n"
---
 arch/um/Kconfig | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
diff mbox series

Patch

diff --git a/arch/um/Kconfig b/arch/um/Kconfig
index 79509c7f39de..f9ed39709a8a 100644
--- a/arch/um/Kconfig
+++ b/arch/um/Kconfig
@@ -259,6 +259,25 @@  config KASAN_SHADOW_OFFSET
 	  set to a large value. On low-memory systems, try 0x7fff8000, as it fits
 	  into the immediate of most instructions, improving performance.
 
+config UML_SECCOMP
+	bool "SECCOMP based userspace"
+	help
+	  With SECCOMP userspace processes work collaboratively with the kernel
+	  instead of being traced using ptrace. All syscalls from the application
+	  are caught and redirected using a signal. This signal handler in turn
+	  is permitted to do the selected set of syscalls to communicate with
+	  the UML kernel and do the required memory management.
+
+	  This method is overall faster than the ptrace based userspace,
+	  primarily because it reduces the number of context switches for
+	  (minor) page faults.
+	  However, the SECCOMP filter is not (yet) restrictive enough to prevent
+	  userspace from reading and writing all physical memory. Userspace
+	  processes could also trick the stub into disabling SIGALRM which
+	  prevents it from being interrupted for scheduling purposes.
+
+	  If in doubt say N, as the feature has security implications.
+
 endmenu
 
 source "arch/um/drivers/Kconfig"