summaryrefslogtreecommitdiffstats
path: root/arch/xtensa/Kconfig
diff options
context:
space:
mode:
authorMax Filippov <jcmvbkbc@gmail.com>2019-11-13 20:47:17 -0800
committerMax Filippov <jcmvbkbc@gmail.com>2020-07-28 00:57:06 -0700
commitda94a40f72859ce24dc72de9292981513a33e427 (patch)
treea265d62dcc8910668e63d0ca4d529f90c9fdffd0 /arch/xtensa/Kconfig
parent8b7a87a03f7c15c7a1e1647c3527292604e80f6f (diff)
downloadlinux-stable-da94a40f72859ce24dc72de9292981513a33e427.tar.gz
linux-stable-da94a40f72859ce24dc72de9292981513a33e427.tar.bz2
linux-stable-da94a40f72859ce24dc72de9292981513a33e427.zip
xtensa: add seccomp support
Add SECCOMP to xtensa Kconfig, select HAVE_ARCH_SECCOMP_FILTER, add TIF_SECCOMP and call secure_computing from do_syscall_trace_enter. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Diffstat (limited to 'arch/xtensa/Kconfig')
-rw-r--r--arch/xtensa/Kconfig15
1 files changed, 15 insertions, 0 deletions
diff --git a/arch/xtensa/Kconfig b/arch/xtensa/Kconfig
index a7def0991a01..a461ee051e73 100644
--- a/arch/xtensa/Kconfig
+++ b/arch/xtensa/Kconfig
@@ -24,6 +24,7 @@ config XTENSA
select HAVE_ARCH_AUDITSYSCALL
select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL
select HAVE_ARCH_KASAN if MMU && !XIP_KERNEL
+ select HAVE_ARCH_SECCOMP_FILTER
select HAVE_ARCH_TRACEHOOK
select HAVE_COPY_THREAD_TLS
select HAVE_DEBUG_KMEMLEAK
@@ -217,6 +218,20 @@ config HOTPLUG_CPU
Say N if you want to disable CPU hotplug.
+config SECCOMP
+ bool
+ prompt "Enable seccomp to safely compute untrusted bytecode"
+ help
+ This kernel feature is useful for number crunching applications
+ that may need to compute untrusted bytecode during their
+ execution. By using pipes or other transports made available to
+ the process as file descriptors supporting the read/write
+ syscalls, it's possible to isolate those applications in
+ their own address space using seccomp. Once seccomp is
+ enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
+ and the task is only allowed to execute a few safe syscalls
+ defined by each seccomp mode.
+
config FAST_SYSCALL_XTENSA
bool "Enable fast atomic syscalls"
default n