From: Andrea Arcangeli Subject: [PATCH seccomp: make tsc disabling optional Patch-mainline: unknown References: 191123 Make the TSC disable purely paranoid feature optional, so by default seccomp returns absolutely zerocost. Ported from 2.6.19 to 2.6.24-rc7 by Jeff Mahoney. Addition of x86-64 by Jan Beulich. Signed-off-by: Andrea Arcangeli Acked-by: Jeff Mahoney --- arch/x86/Kconfig | 12 ++++++++++++ arch/x86/kernel/process.c | 2 ++ 2 files changed, 14 insertions(+) --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1485,6 +1485,18 @@ config SECCOMP If unsure, say Y. Only embedded should say N here. +config SECCOMP_DISABLE_TSC + bool "Disable the TSC for seccomp tasks" + depends on SECCOMP + default n + help + This feature mathematically prevents covert channels + for tasks running under SECCOMP. This can generate + a minuscule overhead in the scheduler. + + If you care most about performance say N. Say Y only if you're + paranoid about covert channels. + config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" ---help--- --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -139,6 +139,7 @@ static void hard_disable_TSC(void) void disable_TSC(void) { +#ifdef CONFIG_SECCOMP_DISABLE_TSC preempt_disable(); if (!test_and_set_thread_flag(TIF_NOTSC)) /* @@ -147,6 +148,7 @@ void disable_TSC(void) */ hard_disable_TSC(); preempt_enable(); +#endif } static void hard_enable_TSC(void)