From: Huacai Chen <chenhuacai@kernel.org>
To: Masahiro Yamada <masahiroy@kernel.org>
Cc: WANG Xuerui <kernel@xen0n.name>,
loongarch@lists.linux.dev, YiFei Zhu <yifeifz2@illinois.edu>,
Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] loongarch: select HAVE_ARCH_SECCOMP to use the common SECCOMP menu
Date: Tue, 6 Feb 2024 12:04:31 +0800 [thread overview]
Message-ID: <CAAhV-H5HvqBk0O4M2MVh+qzP39oc22x3RXbwydiN+q_u32xbSA@mail.gmail.com> (raw)
In-Reply-To: <20240204134946.62509-1-masahiroy@kernel.org>
Queued, thanks.
Huacai
On Sun, Feb 4, 2024 at 9:49 PM Masahiro Yamada <masahiroy@kernel.org> wrote:
>
> LoongArch missed the refactoring made by commit 282a181b1a0d ("seccomp:
> Move config option SECCOMP to arch/Kconfig") because LoongArch was not
> mainlined at that time.
>
> The 'depends on PROC_FS' statement is stale as described in that commit.
> Select HAVE_ARCH_SECCOMP, and remove the duplicated config entry.
>
> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
> ---
>
> arch/loongarch/Kconfig | 18 +-----------------
> 1 file changed, 1 insertion(+), 17 deletions(-)
>
> diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
> index 64e9a01c7f36..929f68926b34 100644
> --- a/arch/loongarch/Kconfig
> +++ b/arch/loongarch/Kconfig
> @@ -100,6 +100,7 @@ config LOONGARCH
> select HAVE_ARCH_KFENCE
> select HAVE_ARCH_KGDB if PERF_EVENTS
> select HAVE_ARCH_MMAP_RND_BITS if MMU
> + select HAVE_ARCH_SECCOMP
> select HAVE_ARCH_SECCOMP_FILTER
> select HAVE_ARCH_TRACEHOOK
> select HAVE_ARCH_TRANSPARENT_HUGEPAGE
> @@ -633,23 +634,6 @@ config RANDOMIZE_BASE_MAX_OFFSET
>
> This is limited by the size of the lower address memory, 256MB.
>
> -config SECCOMP
> - bool "Enable seccomp to safely compute untrusted bytecode"
> - depends on PROC_FS
> - default y
> - help
> - This kernel feature is useful for number crunching applications
> - that may need to compute untrusted bytecode during their
> - execution. By using pipes or other transports made available to
> - the process as file descriptors supporting the read/write
> - syscalls, it's possible to isolate those applications in
> - their own address space using seccomp. Once seccomp is
> - enabled via /proc/<pid>/seccomp, it cannot be disabled
> - and the task is only allowed to execute a few safe syscalls
> - defined by each seccomp mode.
> -
> - If unsure, say Y. Only embedded should say N here.
> -
> endmenu
>
> config ARCH_SELECT_MEMORY_MODEL
> --
> 2.40.1
>
prev parent reply other threads:[~2024-02-06 4:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-04 13:49 [PATCH] loongarch: select HAVE_ARCH_SECCOMP to use the common SECCOMP menu Masahiro Yamada
2024-02-06 4:04 ` Huacai Chen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAAhV-H5HvqBk0O4M2MVh+qzP39oc22x3RXbwydiN+q_u32xbSA@mail.gmail.com \
--to=chenhuacai@kernel.org \
--cc=keescook@chromium.org \
--cc=kernel@xen0n.name \
--cc=linux-kernel@vger.kernel.org \
--cc=loongarch@lists.linux.dev \
--cc=masahiroy@kernel.org \
--cc=yifeifz2@illinois.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).