From: Ingo Molnar <mingo@elte.hu>
To: andrea@cpushare.com
Cc: Adrian Bunk <bunk@stusta.de>, Andrew Morton <akpm@osdl.org>,
Lee Revell <rlrevell@joe-job.com>,
linux-kernel@vger.kernel.org, Alan Cox <alan@redhat.com>,
Linus Torvalds <torvalds@osdl.org>
Subject: [patch] let CONFIG_SECCOMP default to n
Date: Tue, 11 Jul 2006 09:36:25 +0200 [thread overview]
Message-ID: <20060711073625.GA4722@elte.hu> (raw)
In-Reply-To: <20060630145825.GA10667@opteron.random>
* andrea@cpushare.com <andrea@cpushare.com> wrote:
> On Fri, Jun 30, 2006 at 11:47:53AM +0200, Ingo Molnar wrote:
> > and both are pledged and available to GPL users. [..]
>
> If the GPL offered any protection to my system software I would
> consider it too, but the GPL can't protect software that runs behind
> the corporate firewall. [...]
so you admit and confirm that you explicitly and intentionally do not
pledge your patent to GPL users. That is troubling (and unethical) in my
opinion and strengthens my argument that this feature should be _at a
minimum_ be made default-off, just like hundreds of other kernel
features are.
I'm also wondering what the upstream decision would have been, had you
disclosed this patent licensing intention of yours. (to use the GPL-ed
Linux kernel as a vehicle for your 'invention', while not fully living
up to the basic quid-pro-quo.).
and i'm not really interested in marketing arguments about cpushare and
seccomp in general. What matters to me is that this feature has been in
the kernel for more than a year already, that nobody but you is using it
and that _everyone_ using the default kernel options is paying the price
in the context-switch hotpath. (The fact that in my view one of
seccomp's obvious user-space usages is also patent-tainted without a
fair pledge is 'just' icing on the cake.)
So i'd like to request the patch below to be included in v2.6.18.
Ingo
---------------->
From: Ingo Molnar <mingo@elte.hu>
Subject: let CONFIG_SECCOMP default to n
I was profiling the scheduler on x86 and noticed some overhead related
to SECCOMP, and indeed, SECCOMP runs disable_tsc() at _every_
context-switch:
if (unlikely(prev->io_bitmap_ptr || next->io_bitmap_ptr))
handle_io_bitmap(next, tss);
disable_tsc(prev_p, next_p);
return prev_p;
these are a couple of instructions in the hottest scheduler codepath!
x86_64 already removed disable_tsc() from switch_to(), but i think the
right solution is to turn SECCOMP off by default.
besides the runtime overhead, there are a couple of other reasons as
well why this should be done:
- CONFIG_SECCOMP=y adds 836 bytes of bloat to the kernel:
text data bss dec hex filename
4185360 867112 391012 5443484 530f9c vmlinux-noseccomp
4185992 867316 391012 5444320 5312e0 vmlinux-seccomp
- virtually nobody seems to be using it (but cpushare.com, which seems
pretty inactive)
- users/distributions can still turn it on if they want it
- http://www.cpushare.com/legal seems to suggest that it is pursuing a
software patent to utilize the seccomp concept in a distributed
environment, and seems to give a promise that 'end users' will not be
affected by that patent. How about non-end-users [i.e. server-side]?
Has the Linux kernel become a vehicle for a propriety server-side
feature, with every Linux user paying the price of it?
so the patch below just does the minimal common-sense change: turn it
off by default.
Adrian Bunk:
I've removed the superfluous "default n"'s the original patch introduced.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
----
This patch was already sent on:
- 19 Apr 2006
- 11 Apr 2006
- 10 Mar 2006
- 29 Jan 2006
- 21 Jan 2006
This patch was sent by Ingo Molnar on:
- 9 Jan 2006
Index: linux/arch/i386/Kconfig
===================================================================
--- linux.orig/arch/i386/Kconfig
+++ linux/arch/i386/Kconfig
@@ -637,7 +637,6 @@ config REGPARM
config SECCOMP
bool "Enable seccomp to safely compute untrusted bytecode"
depends on PROC_FS
- default y
help
This kernel feature is useful for number crunching applications
that may need to compute untrusted bytecode during their
Index: linux/arch/mips/Kconfig
===================================================================
--- linux.orig/arch/mips/Kconfig
+++ linux/arch/mips/Kconfig
@@ -1787,7 +1787,6 @@ config BINFMT_ELF32
config SECCOMP
bool "Enable seccomp to safely compute untrusted bytecode"
depends on PROC_FS && BROKEN
- default y
help
This kernel feature is useful for number crunching applications
that may need to compute untrusted bytecode during their
Index: linux/arch/powerpc/Kconfig
===================================================================
--- linux.orig/arch/powerpc/Kconfig
+++ linux/arch/powerpc/Kconfig
@@ -666,7 +666,6 @@ endif
config SECCOMP
bool "Enable seccomp to safely compute untrusted bytecode"
depends on PROC_FS
- default y
help
This kernel feature is useful for number crunching applications
that may need to compute untrusted bytecode during their
Index: linux/arch/ppc/Kconfig
===================================================================
--- linux.orig/arch/ppc/Kconfig
+++ linux/arch/ppc/Kconfig
@@ -1127,7 +1127,6 @@ endif
config SECCOMP
bool "Enable seccomp to safely compute untrusted bytecode"
depends on PROC_FS
- default y
help
This kernel feature is useful for number crunching applications
that may need to compute untrusted bytecode during their
Index: linux/arch/sparc64/Kconfig
===================================================================
--- linux.orig/arch/sparc64/Kconfig
+++ linux/arch/sparc64/Kconfig
@@ -64,7 +64,6 @@ endchoice
config SECCOMP
bool "Enable seccomp to safely compute untrusted bytecode"
depends on PROC_FS
- default y
help
This kernel feature is useful for number crunching applications
that may need to compute untrusted bytecode during their
Index: linux/arch/x86_64/Kconfig
===================================================================
--- linux.orig/arch/x86_64/Kconfig
+++ linux/arch/x86_64/Kconfig
@@ -466,7 +466,6 @@ config PHYSICAL_START
config SECCOMP
bool "Enable seccomp to safely compute untrusted bytecode"
depends on PROC_FS
- default y
help
This kernel feature is useful for number crunching applications
that may need to compute untrusted bytecode during their
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2006-07-11 7:42 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-29 19:21 [2.6 patch] let CONFIG_SECCOMP default to n Adrian Bunk
2006-06-30 0:44 ` Lee Revell
2006-06-30 1:07 ` Andrew Morton
2006-06-30 1:40 ` Adrian Bunk
2006-06-30 4:52 ` Andrea Arcangeli
2006-06-30 9:47 ` Ingo Molnar
2006-06-30 14:58 ` andrea
2006-07-11 7:36 ` Ingo Molnar [this message]
2006-07-11 14:17 ` [patch] " andrea
2006-07-11 14:32 ` Arjan van de Ven
2006-07-11 15:31 ` andrea
2006-07-11 15:54 ` Arjan van de Ven
2006-07-11 16:13 ` andrea
2006-07-11 16:23 ` Arjan van de Ven
2006-07-11 16:57 ` Alan Cox
2006-07-11 16:25 ` Alan Cox
2006-07-11 16:02 ` Adrian Bunk
2006-07-11 16:16 ` andrea
2006-07-11 16:24 ` Alan Cox
2006-07-12 15:43 ` Andi Kleen
2006-07-12 21:07 ` Ingo Molnar
2006-07-12 22:06 ` Andi Kleen
2006-07-12 22:19 ` Ingo Molnar
2006-07-12 22:33 ` Andi Kleen
2006-07-12 22:49 ` Ingo Molnar
2006-07-13 3:16 ` Andrea Arcangeli
2006-07-13 11:23 ` Jeff Dike
2006-07-13 11:35 ` Ingo Molnar
2006-07-13 3:04 ` Andrea Arcangeli
2006-07-13 3:12 ` Linus Torvalds
2006-07-13 4:40 ` Andrea Arcangeli
2006-07-13 4:51 ` andrea
2006-07-13 5:12 ` Linus Torvalds
2006-07-13 6:22 ` andrea
2006-07-13 1:51 ` Andrew Morton
2006-07-13 2:00 ` Linus Torvalds
2006-07-13 7:44 ` James Bruce
2006-07-13 8:34 ` andrea
2006-07-13 9:18 ` Andrew Morton
2006-07-14 6:09 ` [PATCH] TIF_NOTSC and SECCOMP prctl andrea
2006-07-14 6:27 ` Andrew Morton
2006-07-14 6:33 ` andrea
2006-07-13 12:13 ` [patch] let CONFIG_SECCOMP default to n Andi Kleen
2006-07-12 21:22 ` Ingo Molnar
2006-07-12 22:11 ` Andi Kleen
2006-07-11 15:54 ` Pavel Machek
2006-06-30 12:39 ` [2.6 patch] " Alan Cox
2006-06-30 2:35 ` Randy.Dunlap
2006-06-30 15:03 ` Lee Revell
2006-07-08 9:23 ` Andrea Arcangeli
2006-07-11 1:59 ` Andrew James Wade
2006-07-11 4:16 ` andrea
2006-07-11 20:19 ` Andrew James Wade
2006-07-12 21:05 ` andrea
2006-07-12 22:02 ` Alan Cox
2006-07-12 23:44 ` andrea
2006-07-13 21:29 ` Pavel Machek
2006-07-13 23:11 ` andrea
2006-07-13 23:20 ` Pavel Machek
2006-07-14 0:34 ` andrea
2006-07-15 2:55 ` Valdis.Kletnieks
2006-07-16 0:51 ` andrea
2006-07-16 1:54 ` Pavel Machek
2006-07-16 15:36 ` andrea
2006-07-13 2:56 ` Andrew James Wade
2006-07-12 21:13 ` Ingo Molnar
2006-07-13 1:16 ` andrea
2006-07-13 1:37 ` Andrew James Wade
-- strict thread matches above, loose matches on Subject: below --
2006-07-12 21:37 [patch] " Chuck Ebbert
2006-07-12 21:55 ` Linus Torvalds
2006-07-12 22:48 ` andrea
2006-07-12 21:57 ` Andi Kleen
2006-07-13 5:43 Albert Cahalan
2006-07-13 7:07 ` andrea
[not found] <6tgj0-8ip-19@gated-at.bofh.it>
[not found] ` <6xP8s-5mc-9@gated-at.bofh.it>
[not found] ` <6xUhQ-4Wx-33@gated-at.bofh.it>
[not found] ` <6xVdX-6oH-53@gated-at.bofh.it>
[not found] ` <6xVnz-6AI-21@gated-at.bofh.it>
[not found] ` <6xZUd-4Es-13@gated-at.bofh.it>
[not found] ` <6y7yy-7ws-13@gated-at.bofh.it>
[not found] ` <6y7RK-7TX-9@gated-at.bofh.it>
2006-07-17 11:37 ` Bodo Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060711073625.GA4722@elte.hu \
--to=mingo@elte.hu \
--cc=akpm@osdl.org \
--cc=alan@redhat.com \
--cc=andrea@cpushare.com \
--cc=bunk@stusta.de \
--cc=linux-kernel@vger.kernel.org \
--cc=rlrevell@joe-job.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox