summaryrefslogtreecommitdiffstats
path: root/arch/x86/Kconfig
diff options
context:
space:
mode:
authorWill Drewry <wad@chromium.org>2012-04-12 16:48:03 -0500
committerJames Morris <james.l.morris@oracle.com>2012-04-14 11:13:21 +1000
commitc6cfbeb4029610c8c330c312dcf4d514cc067554 (patch)
treed61f1431884e042dc47ceb020fbcfada0c66bb3b /arch/x86/Kconfig
parentfb0fadf9b213f55ca9368f3edafe51101d5d2deb (diff)
x86: Enable HAVE_ARCH_SECCOMP_FILTER
Enable support for seccomp filter on x86: - syscall_get_arch() - syscall_get_arguments() - syscall_rollback() - syscall_set_return_value() - SIGSYS siginfo_t support - secure_computing is called from a ptrace_event()-safe context - secure_computing return value is checked (see below). SECCOMP_RET_TRACE and SECCOMP_RET_TRAP may result in seccomp needing to skip a system call without killing the process. This is done by returning a non-zero (-1) value from secure_computing. This change makes x86 respect that return value. To ensure that minimal kernel code is exposed, a non-zero return value results in an immediate return to user space (with an invalid syscall number). Signed-off-by: Will Drewry <wad@chromium.org> Reviewed-by: H. Peter Anvin <hpa@zytor.com> Acked-by: Eric Paris <eparis@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org> v18: rebase and tweaked change description, acked-by v17: added reviewed by and rebased v..: all rebases since original introduction. Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'arch/x86/Kconfig')
-rw-r--r--arch/x86/Kconfig1
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 1d14cc6b79a..3a41c4424a0 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -82,6 +82,7 @@ config X86
select ARCH_HAVE_NMI_SAFE_CMPXCHG
select GENERIC_IOMAP
select DCACHE_WORD_ACCESS if !DEBUG_PAGEALLOC
+ select HAVE_ARCH_SECCOMP_FILTER
config INSTRUCTION_DECODER
def_bool (KPROBES || PERF_EVENTS)