linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] loongarch: select HAVE_ARCH_SECCOMP to use the common SECCOMP menu
@ 2024-02-04 13:49 Masahiro Yamada
  2024-02-06  4:04 ` Huacai Chen
  0 siblings, 1 reply; 2+ messages in thread
From: Masahiro Yamada @ 2024-02-04 13:49 UTC (permalink / raw)
  To: Huacai Chen, WANG Xuerui, loongarch
  Cc: YiFei Zhu, Kees Cook, Masahiro Yamada, linux-kernel

LoongArch missed the refactoring made by commit 282a181b1a0d ("seccomp:
Move config option SECCOMP to arch/Kconfig") because LoongArch was not
mainlined at that time.

The 'depends on PROC_FS' statement is stale as described in that commit.
Select HAVE_ARCH_SECCOMP, and remove the duplicated config entry.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
---

 arch/loongarch/Kconfig | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
index 64e9a01c7f36..929f68926b34 100644
--- a/arch/loongarch/Kconfig
+++ b/arch/loongarch/Kconfig
@@ -100,6 +100,7 @@ config LOONGARCH
 	select HAVE_ARCH_KFENCE
 	select HAVE_ARCH_KGDB if PERF_EVENTS
 	select HAVE_ARCH_MMAP_RND_BITS if MMU
+	select HAVE_ARCH_SECCOMP
 	select HAVE_ARCH_SECCOMP_FILTER
 	select HAVE_ARCH_TRACEHOOK
 	select HAVE_ARCH_TRANSPARENT_HUGEPAGE
@@ -633,23 +634,6 @@ config RANDOMIZE_BASE_MAX_OFFSET
 
 	  This is limited by the size of the lower address memory, 256MB.
 
-config SECCOMP
-	bool "Enable seccomp to safely compute untrusted bytecode"
-	depends on PROC_FS
-	default y
-	help
-	  This kernel feature is useful for number crunching applications
-	  that may need to compute untrusted bytecode during their
-	  execution. By using pipes or other transports made available to
-	  the process as file descriptors supporting the read/write
-	  syscalls, it's possible to isolate those applications in
-	  their own address space using seccomp. Once seccomp is
-	  enabled via /proc/<pid>/seccomp, it cannot be disabled
-	  and the task is only allowed to execute a few safe syscalls
-	  defined by each seccomp mode.
-
-	  If unsure, say Y. Only embedded should say N here.
-
 endmenu
 
 config ARCH_SELECT_MEMORY_MODEL
-- 
2.40.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] loongarch: select HAVE_ARCH_SECCOMP to use the common SECCOMP menu
  2024-02-04 13:49 [PATCH] loongarch: select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Masahiro Yamada
@ 2024-02-06  4:04 ` Huacai Chen
  0 siblings, 0 replies; 2+ messages in thread
From: Huacai Chen @ 2024-02-06  4:04 UTC (permalink / raw)
  To: Masahiro Yamada
  Cc: WANG Xuerui, loongarch, YiFei Zhu, Kees Cook, linux-kernel

Queued, thanks.

Huacai

On Sun, Feb 4, 2024 at 9:49 PM Masahiro Yamada <masahiroy@kernel.org> wrote:
>
> LoongArch missed the refactoring made by commit 282a181b1a0d ("seccomp:
> Move config option SECCOMP to arch/Kconfig") because LoongArch was not
> mainlined at that time.
>
> The 'depends on PROC_FS' statement is stale as described in that commit.
> Select HAVE_ARCH_SECCOMP, and remove the duplicated config entry.
>
> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
> ---
>
>  arch/loongarch/Kconfig | 18 +-----------------
>  1 file changed, 1 insertion(+), 17 deletions(-)
>
> diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
> index 64e9a01c7f36..929f68926b34 100644
> --- a/arch/loongarch/Kconfig
> +++ b/arch/loongarch/Kconfig
> @@ -100,6 +100,7 @@ config LOONGARCH
>         select HAVE_ARCH_KFENCE
>         select HAVE_ARCH_KGDB if PERF_EVENTS
>         select HAVE_ARCH_MMAP_RND_BITS if MMU
> +       select HAVE_ARCH_SECCOMP
>         select HAVE_ARCH_SECCOMP_FILTER
>         select HAVE_ARCH_TRACEHOOK
>         select HAVE_ARCH_TRANSPARENT_HUGEPAGE
> @@ -633,23 +634,6 @@ config RANDOMIZE_BASE_MAX_OFFSET
>
>           This is limited by the size of the lower address memory, 256MB.
>
> -config SECCOMP
> -       bool "Enable seccomp to safely compute untrusted bytecode"
> -       depends on PROC_FS
> -       default y
> -       help
> -         This kernel feature is useful for number crunching applications
> -         that may need to compute untrusted bytecode during their
> -         execution. By using pipes or other transports made available to
> -         the process as file descriptors supporting the read/write
> -         syscalls, it's possible to isolate those applications in
> -         their own address space using seccomp. Once seccomp is
> -         enabled via /proc/<pid>/seccomp, it cannot be disabled
> -         and the task is only allowed to execute a few safe syscalls
> -         defined by each seccomp mode.
> -
> -         If unsure, say Y. Only embedded should say N here.
> -
>  endmenu
>
>  config ARCH_SELECT_MEMORY_MODEL
> --
> 2.40.1
>

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-02-06  4:04 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-04 13:49 [PATCH] loongarch: select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Masahiro Yamada
2024-02-06  4:04 ` Huacai Chen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).