From: Benjamin Berg <benjamin@sipsolutions.net>
To: linux-um@lists.infradead.org
Cc: Benjamin Berg <benjamin@sipsolutions.net>
Subject: [PATCH 9/9] um: Add UML_SECCOMP configuration option
Date: Mon, 24 Feb 2025 19:18:27 +0100 [thread overview]
Message-ID: <20250224181827.647129-10-benjamin@sipsolutions.net> (raw)
In-Reply-To: <20250224181827.647129-1-benjamin@sipsolutions.net>
Add the UML_SECCOMP configuration options.
Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>
---
v1:
- Move to the end
RFCv2:
- Remove "default n"
---
arch/um/Kconfig | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/arch/um/Kconfig b/arch/um/Kconfig
index 18051b1cfce0..11ed4422593c 100644
--- a/arch/um/Kconfig
+++ b/arch/um/Kconfig
@@ -258,6 +258,25 @@ config KASAN_SHADOW_OFFSET
set to a large value. On low-memory systems, try 0x7fff8000, as it fits
into the immediate of most instructions, improving performance.
+config UML_SECCOMP
+ bool "SECCOMP based userspace"
+ help
+ With SECCOMP userspace processes work collaboratively with the kernel
+ instead of being traced using ptrace. All syscalls from the application
+ are caught and redirected using a signal. This signal handler in turn
+ is permitted to do the selected set of syscalls to communicate with
+ the UML kernel and do the required memory management.
+
+ This method is overall faster than the ptrace based userspace,
+ primarily because it reduces the number of context switches for
+ (minor) page faults.
+ However, the SECCOMP filter is not (yet) restrictive enough to prevent
+ userspace from reading and writing all physical memory. Userspace
+ processes could also trick the stub into disabling SIGALRM which
+ prevents it from being interrupted for scheduling purposes.
+
+ If in doubt say N, as the feature has security implications.
+
endmenu
source "arch/um/drivers/Kconfig"
--
2.48.1
prev parent reply other threads:[~2025-02-24 18:24 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-24 18:18 [PATCH 0/9] SECCOMP based userspace for UML Benjamin Berg
2025-02-24 18:18 ` [PATCH 1/9] um: Store full CSGSFS and SS register from mcontext Benjamin Berg
2025-02-24 18:18 ` [PATCH 2/9] um: Move faultinfo extraction into userspace routine Benjamin Berg
2025-03-18 10:25 ` Johannes Berg
2025-02-24 18:18 ` [PATCH 3/9] um: Add stub side of SECCOMP/futex based process handling Benjamin Berg
2025-02-24 18:18 ` [PATCH 4/9] um: Add helper functions to get/set state for SECCOMP Benjamin Berg
2025-02-24 18:18 ` [PATCH 5/9] um: Add SECCOMP support detection and initialization Benjamin Berg
2025-02-24 18:18 ` [PATCH 6/9] um: Track userspace children dying in SECCOMP mode Benjamin Berg
2025-02-24 18:18 ` [PATCH 7/9] um: Implement kernel side of SECCOMP based process handling Benjamin Berg
2025-03-07 7:04 ` Hajime Tazaki
2025-03-07 10:27 ` Benjamin Berg
2025-02-24 18:18 ` [PATCH 8/9] um: pass FD for memory operations when needed Benjamin Berg
2025-02-24 18:18 ` Benjamin Berg [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250224181827.647129-10-benjamin@sipsolutions.net \
--to=benjamin@sipsolutions.net \
--cc=linux-um@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.