src/patches/suse-2.6.27.31/patches.fixes/seccomp-disable-tsc-option

   1 From: Andrea Arcangeli <andrea@cpushare.com>
   2 Subject: [PATCH seccomp: make tsc disabling optional
   3 Patch-mainline: unknown
   4 References: 191123
   5
   6 Make the TSC disable purely paranoid feature optional, so by default seccomp
   7 returns absolutely zerocost.
   8
   9 Ported from 2.6.19 to 2.6.24-rc7 by Jeff Mahoney.
  10 Addition of x86-64 by Jan Beulich.
  11
  12 Signed-off-by: Andrea Arcangeli <andrea@cpushare.com>
  13 Acked-by: Jeff Mahoney <jeffm@suse.com>
  14 ---
  15  arch/x86/Kconfig             |   12 ++++++++++++
  16  arch/x86/kernel/process_32.c |    2 ++
  17  arch/x86/kernel/process_64.c |    2 ++
  18  3 files changed, 16 insertions(+)
  19
  20 --- a/arch/x86/Kconfig
  21 +++ b/arch/x86/Kconfig
  22 @@ -1228,6 +1228,18 @@ config SECCOMP
  23
  24           If unsure, say Y. Only embedded should say N here.
  25
  26 +config SECCOMP_DISABLE_TSC
  27 +       bool "Disable the TSC for seccomp tasks"
  28 +       depends on SECCOMP
  29 +       default n
  30 +       help
  31 +         This feature mathematically prevents covert channels
  32 +         for tasks running under SECCOMP. This can generate
  33 +         a minuscule overhead in the scheduler.
  34 +
  35 +         If you care most about performance say N. Say Y only if you're
  36 +         paranoid about covert channels.
  37 +
  38  config CC_STACKPROTECTOR
  39         bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
  40         depends on X86_64 && EXPERIMENTAL && BROKEN
  41 --- a/arch/x86/kernel/process_32.c
  42 +++ b/arch/x86/kernel/process_32.c
  43 @@ -387,6 +387,7 @@ static void hard_disable_TSC(void)
  44
  45  void disable_TSC(void)
  46  {
  47 +#ifdef CONFIG_SECCOMP_DISABLE_TSC
  48         preempt_disable();
  49         if (!test_and_set_thread_flag(TIF_NOTSC))
  50                 /*
  51 @@ -395,6 +396,7 @@ void disable_TSC(void)
  52                  */
  53                 hard_disable_TSC();
  54         preempt_enable();
  55 +#endif
  56  }
  57
  58  static void hard_enable_TSC(void)
  59 --- a/arch/x86/kernel/process_64.c
  60 +++ b/arch/x86/kernel/process_64.c
  61 @@ -406,6 +406,7 @@ static void hard_disable_TSC(void)
  62
  63  void disable_TSC(void)
  64  {
  65 +#ifdef CONFIG_SECCOMP_DISABLE_TSC
  66         preempt_disable();
  67         if (!test_and_set_thread_flag(TIF_NOTSC))
  68                 /*
  69 @@ -414,6 +415,7 @@ void disable_TSC(void)
  70                  */
  71                 hard_disable_TSC();
  72         preempt_enable();
  73 +#endif
  74  }
  75
  76  static void hard_enable_TSC(void)