lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 6 Feb 2024 12:04:31 +0800
From: Huacai Chen <chenhuacai@...nel.org>
To: Masahiro Yamada <masahiroy@...nel.org>
Cc: WANG Xuerui <kernel@...0n.name>, loongarch@...ts.linux.dev, 
	YiFei Zhu <yifeifz2@...inois.edu>, Kees Cook <keescook@...omium.org>, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] loongarch: select HAVE_ARCH_SECCOMP to use the common
 SECCOMP menu

Queued, thanks.

Huacai

On Sun, Feb 4, 2024 at 9:49 PM Masahiro Yamada <masahiroy@...nel.org> wrote:
>
> LoongArch missed the refactoring made by commit 282a181b1a0d ("seccomp:
> Move config option SECCOMP to arch/Kconfig") because LoongArch was not
> mainlined at that time.
>
> The 'depends on PROC_FS' statement is stale as described in that commit.
> Select HAVE_ARCH_SECCOMP, and remove the duplicated config entry.
>
> Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>
> ---
>
>  arch/loongarch/Kconfig | 18 +-----------------
>  1 file changed, 1 insertion(+), 17 deletions(-)
>
> diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
> index 64e9a01c7f36..929f68926b34 100644
> --- a/arch/loongarch/Kconfig
> +++ b/arch/loongarch/Kconfig
> @@ -100,6 +100,7 @@ config LOONGARCH
>         select HAVE_ARCH_KFENCE
>         select HAVE_ARCH_KGDB if PERF_EVENTS
>         select HAVE_ARCH_MMAP_RND_BITS if MMU
> +       select HAVE_ARCH_SECCOMP
>         select HAVE_ARCH_SECCOMP_FILTER
>         select HAVE_ARCH_TRACEHOOK
>         select HAVE_ARCH_TRANSPARENT_HUGEPAGE
> @@ -633,23 +634,6 @@ config RANDOMIZE_BASE_MAX_OFFSET
>
>           This is limited by the size of the lower address memory, 256MB.
>
> -config SECCOMP
> -       bool "Enable seccomp to safely compute untrusted bytecode"
> -       depends on PROC_FS
> -       default y
> -       help
> -         This kernel feature is useful for number crunching applications
> -         that may need to compute untrusted bytecode during their
> -         execution. By using pipes or other transports made available to
> -         the process as file descriptors supporting the read/write
> -         syscalls, it's possible to isolate those applications in
> -         their own address space using seccomp. Once seccomp is
> -         enabled via /proc/<pid>/seccomp, it cannot be disabled
> -         and the task is only allowed to execute a few safe syscalls
> -         defined by each seccomp mode.
> -
> -         If unsure, say Y. Only embedded should say N here.
> -
>  endmenu
>
>  config ARCH_SELECT_MEMORY_MODEL
> --
> 2.40.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ