diff options
author | Max Filippov <jcmvbkbc@gmail.com> | 2019-11-13 20:47:17 -0800 |
---|---|---|
committer | Max Filippov <jcmvbkbc@gmail.com> | 2020-07-28 00:57:06 -0700 |
commit | da94a40f72859ce24dc72de9292981513a33e427 (patch) | |
tree | a265d62dcc8910668e63d0ca4d529f90c9fdffd0 /arch/xtensa/Kconfig | |
parent | 8b7a87a03f7c15c7a1e1647c3527292604e80f6f (diff) | |
download | linux-stable-da94a40f72859ce24dc72de9292981513a33e427.tar.gz linux-stable-da94a40f72859ce24dc72de9292981513a33e427.tar.bz2 linux-stable-da94a40f72859ce24dc72de9292981513a33e427.zip |
xtensa: add seccomp support
Add SECCOMP to xtensa Kconfig, select HAVE_ARCH_SECCOMP_FILTER, add
TIF_SECCOMP and call secure_computing from do_syscall_trace_enter.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Diffstat (limited to 'arch/xtensa/Kconfig')
-rw-r--r-- | arch/xtensa/Kconfig | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/arch/xtensa/Kconfig b/arch/xtensa/Kconfig index a7def0991a01..a461ee051e73 100644 --- a/arch/xtensa/Kconfig +++ b/arch/xtensa/Kconfig @@ -24,6 +24,7 @@ config XTENSA select HAVE_ARCH_AUDITSYSCALL select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL select HAVE_ARCH_KASAN if MMU && !XIP_KERNEL + select HAVE_ARCH_SECCOMP_FILTER select HAVE_ARCH_TRACEHOOK select HAVE_COPY_THREAD_TLS select HAVE_DEBUG_KMEMLEAK @@ -217,6 +218,20 @@ config HOTPLUG_CPU Say N if you want to disable CPU hotplug. +config SECCOMP + bool + prompt "Enable seccomp to safely compute untrusted bytecode" + help + This kernel feature is useful for number crunching applications + that may need to compute untrusted bytecode during their + execution. By using pipes or other transports made available to + the process as file descriptors supporting the read/write + syscalls, it's possible to isolate those applications in + their own address space using seccomp. Once seccomp is + enabled via prctl(PR_SET_SECCOMP), it cannot be disabled + and the task is only allowed to execute a few safe syscalls + defined by each seccomp mode. + config FAST_SYSCALL_XTENSA bool "Enable fast atomic syscalls" default n |