Merge tag 'seccomp-v5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux (8b05418b) · Commits · 戴 / test

arch/Kconfig

+30 −0

Original line number	Diff line number	Diff line
		@@ -450,10 +450,23 @@ config ARCH_WANT_OLD_COMPAT_IPC
		select ARCH_WANT_COMPAT_IPC_PARSE_VERSION
		bool

		config HAVE_ARCH_SECCOMP
		bool
		help
		An arch should select this symbol to support seccomp mode 1 (the fixed
		syscall policy), and must provide an overrides for __NR_seccomp_sigreturn,
		and compat syscalls if the asm-generic/seccomp.h defaults need adjustment:
		- __NR_seccomp_read_32
		- __NR_seccomp_write_32
		- __NR_seccomp_exit_32
		- __NR_seccomp_sigreturn_32

		config HAVE_ARCH_SECCOMP_FILTER
		bool
		select HAVE_ARCH_SECCOMP
		help
		An arch should select this symbol if it provides all of these things:
		- all the requirements for HAVE_ARCH_SECCOMP
		- syscall_get_arch()
		- syscall_get_arguments()
		- syscall_rollback()
		@@ -464,6 +477,23 @@ config HAVE_ARCH_SECCOMP_FILTER
		results in the system call being skipped immediately.
		- seccomp syscall wired up

		config SECCOMP
		prompt "Enable seccomp to safely execute untrusted bytecode"
		def_bool y
		depends on HAVE_ARCH_SECCOMP
		help
		This kernel feature is useful for number crunching applications
		that may need to handle untrusted bytecode during their
		execution. By using pipes or other transports made available
		to the process as file descriptors supporting the read/write
		syscalls, it's possible to isolate those applications in their
		own address space using seccomp. Once seccomp is enabled via
		prctl(PR_SET_SECCOMP) or the seccomp() syscall, it cannot be
		disabled and the task is only allowed to execute a few safe
		syscalls defined by each seccomp mode.

		If unsure, say Y.

		config SECCOMP_FILTER
		def_bool y
		depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET

arch/arm/Kconfig

+1 −14

Original line number	Diff line number	Diff line
		@@ -68,6 +68,7 @@ config ARM
		select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL && !CPU_ENDIAN_BE32 && MMU
		select HAVE_ARCH_KGDB if !CPU_ENDIAN_BE32 && MMU
		select HAVE_ARCH_MMAP_RND_BITS if MMU
		select HAVE_ARCH_SECCOMP
		select HAVE_ARCH_SECCOMP_FILTER if AEABI && !OABI_COMPAT
		select HAVE_ARCH_THREAD_STRUCT_WHITELIST
		select HAVE_ARCH_TRACEHOOK
		@@ -1618,20 +1619,6 @@ config UACCESS_WITH_MEMCPY
		However, if the CPU data cache is using a write-allocate mode,
		this option is unlikely to provide any performance gain.

		config SECCOMP
		bool
		prompt "Enable seccomp to safely compute untrusted bytecode"
		help
		This kernel feature is useful for number crunching applications
		that may need to compute untrusted bytecode during their
		execution. By using pipes or other transports made available to
		the process as file descriptors supporting the read/write
		syscalls, it's possible to isolate those applications in
		their own address space using seccomp. Once seccomp is
		enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
		and the task is only allowed to execute a few safe syscalls
		defined by each seccomp mode.

		config PARAVIRT
		bool "Enable paravirtualization code"
		help

arch/arm64/Kconfig

+0 −13

Original line number	Diff line number	Diff line
		@@ -1041,19 +1041,6 @@ config ARCH_ENABLE_SPLIT_PMD_PTLOCK
		config CC_HAVE_SHADOW_CALL_STACK
		def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)

		config SECCOMP
		bool "Enable seccomp to safely compute untrusted bytecode"
		help
		This kernel feature is useful for number crunching applications
		that may need to compute untrusted bytecode during their
		execution. By using pipes or other transports made available to
		the process as file descriptors supporting the read/write
		syscalls, it's possible to isolate those applications in
		their own address space using seccomp. Once seccomp is
		enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
		and the task is only allowed to execute a few safe syscalls
		defined by each seccomp mode.

		config PARAVIRT
		bool "Enable paravirtualization code"
		help

arch/csky/Kconfig

+0 −13

Original line number	Diff line number	Diff line
		@@ -309,16 +309,3 @@ endmenu
		source "arch/csky/Kconfig.platforms"

		source "kernel/Kconfig.hz"

		config SECCOMP
		bool "Enable seccomp to safely compute untrusted bytecode"
		help
		This kernel feature is useful for number crunching applications
		that may need to compute untrusted bytecode during their
		execution. By using pipes or other transports made available to
		the process as file descriptors supporting the read/write
		syscalls, it's possible to isolate those applications in
		their own address space using seccomp. Once seccomp is
		enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
		and the task is only allowed to execute a few safe syscalls
		defined by each seccomp mode.

arch/microblaze/Kconfig

+1 −17

Original line number	Diff line number	Diff line
		@@ -26,6 +26,7 @@ config MICROBLAZE
		select GENERIC_SCHED_CLOCK
		select HAVE_ARCH_HASH
		select HAVE_ARCH_KGDB
		select HAVE_ARCH_SECCOMP
		select HAVE_DEBUG_KMEMLEAK
		select HAVE_DMA_CONTIGUOUS
		select HAVE_DYNAMIC_FTRACE
		@@ -120,23 +121,6 @@ config CMDLINE_FORCE
		Set this to have arguments from the default kernel command string
		override those passed by the boot loader.

		config SECCOMP
		bool "Enable seccomp to safely compute untrusted bytecode"
		depends on PROC_FS
		default y
		help
		This kernel feature is useful for number crunching applications
		that may need to compute untrusted bytecode during their
		execution. By using pipes or other transports made available to
		the process as file descriptors supporting the read/write
		syscalls, it's possible to isolate those applications in
		their own address space using seccomp. Once seccomp is
		enabled via /proc/<pid>/seccomp, it cannot be disabled
		and the task is only allowed to execute a few safe syscalls
		defined by each seccomp mode.

		If unsure, say Y. Only embedded should say N here.

		endmenu

		menu "Kernel features"

Admin message