Message ID | 20240925203232.565086-4-benjamin@sipsolutions.net |
---|---|
State | RFC |
Headers | show |
Series | SECCOMP based userspace for UML | expand |
On Wed, 2024-09-25 at 22:32 +0200, Benjamin Berg wrote: > Add the UML_SECCOMP configuration options. The next commits will add the > support itself in smaller chunks. > > Only x86_64 will be supported for now. > > Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net> > Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> > --- > arch/um/Kconfig | 20 ++++++++++++++++++++ > 1 file changed, 20 insertions(+) > > diff --git a/arch/um/Kconfig b/arch/um/Kconfig > index 48db1c99bd46..4698e4c8ef29 100644 > --- a/arch/um/Kconfig > +++ b/arch/um/Kconfig > @@ -240,6 +240,26 @@ config KASAN_SHADOW_OFFSET > set to a large value. On low-memory systems, try 0x7fff8000, as it fits > into the immediate of most instructions, improving performance. > > +config UML_SECCOMP > + bool "SECCOMP based userspace" > + default n > n is the default so you don't need "default n" :) johannes
diff --git a/arch/um/Kconfig b/arch/um/Kconfig index 48db1c99bd46..4698e4c8ef29 100644 --- a/arch/um/Kconfig +++ b/arch/um/Kconfig @@ -240,6 +240,26 @@ config KASAN_SHADOW_OFFSET set to a large value. On low-memory systems, try 0x7fff8000, as it fits into the immediate of most instructions, improving performance. +config UML_SECCOMP + bool "SECCOMP based userspace" + default n + help + With SECCOMP userspace processes work collaboratively with the kernel + instead of being traced using ptrace. All syscalls from the application + are caught and redirected using a signal. This signal handler in turn + is permitted to do the selected set of syscalls to communicate with + the UML kernel and do the required memory management. + + This method is overall faster than the ptrace based userspace, + primarily because it reduces the number of context switches for + (minor) page faults. + However, the SECCOMP filter is not (yet) restrictive enough to prevent + userspace from reading and writing all physical memory. Userspace + processes could also trick the stub into disabling SIGALRM which + prevents it from being interrupted for scheduling purposes. + + If in doubt say N, as the feature has security implications. + endmenu source "arch/um/drivers/Kconfig"