[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240213002235.671934-21-sashal@kernel.org>
Date: Mon, 12 Feb 2024 19:22:19 -0500
From: Sasha Levin <sashal@...nel.org>
To: linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Cc: Masahiro Yamada <masahiroy@...nel.org>,
Huacai Chen <chenhuacai@...ngson.cn>,
Sasha Levin <sashal@...nel.org>,
chenhuacai@...nel.org,
loongarch@...ts.linux.dev
Subject: [PATCH AUTOSEL 6.1 21/28] LoongArch: Select HAVE_ARCH_SECCOMP to use the common SECCOMP menu
From: Masahiro Yamada <masahiroy@...nel.org>
[ Upstream commit 6b79ecd084c99b31c8b4d0beda08893716d5558e ]
LoongArch missed the refactoring made by commit 282a181b1a0d ("seccomp:
Move config option SECCOMP to arch/Kconfig") because LoongArch was not
mainlined at that time.
The 'depends on PROC_FS' statement is stale as described in that commit.
Select HAVE_ARCH_SECCOMP, and remove the duplicated config entry.
Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>
Signed-off-by: Huacai Chen <chenhuacai@...ngson.cn>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
arch/loongarch/Kconfig | 18 +-----------------
1 file changed, 1 insertion(+), 17 deletions(-)
diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
index b1b4396dbac6..fa3171f56327 100644
--- a/arch/loongarch/Kconfig
+++ b/arch/loongarch/Kconfig
@@ -81,6 +81,7 @@ config LOONGARCH
select GPIOLIB
select HAVE_ARCH_AUDITSYSCALL
select HAVE_ARCH_MMAP_RND_BITS if MMU
+ select HAVE_ARCH_SECCOMP
select HAVE_ARCH_SECCOMP_FILTER
select HAVE_ARCH_TRACEHOOK
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
@@ -462,23 +463,6 @@ config PHYSICAL_START
specified in the "crashkernel=YM@XM" command line boot parameter
passed to the panic-ed kernel).
-config SECCOMP
- bool "Enable seccomp to safely compute untrusted bytecode"
- depends on PROC_FS
- default y
- help
- This kernel feature is useful for number crunching applications
- that may need to compute untrusted bytecode during their
- execution. By using pipes or other transports made available to
- the process as file descriptors supporting the read/write
- syscalls, it's possible to isolate those applications in
- their own address space using seccomp. Once seccomp is
- enabled via /proc/<pid>/seccomp, it cannot be disabled
- and the task is only allowed to execute a few safe syscalls
- defined by each seccomp mode.
-
- If unsure, say Y. Only embedded should say N here.
-
endmenu
config ARCH_SELECT_MEMORY_MODEL
--
2.43.0
Powered by blists - more mailing lists