[RFC PATCH 6/7] security: enable system call isolation in kernel config

[RFC PATCH 0/7] x86: introduce system calls addess space isolation · Mike Rapoport <hidden> · 2019-04-25
[RFC PATCH 1/7] x86/cpufeatures: add X86_FEATURE_SCI · Mike Rapoport <hidden> · 2019-04-25
[RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Mike Rapoport <hidden> · 2019-04-25
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Peter Zijlstra <peterz@infradead.org> · 2019-04-26
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Mike Rapoport <hidden> · 2019-04-28
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Ingo Molnar <mingo@kernel.org> · 2019-04-26
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Ingo Molnar <mingo@kernel.org> · 2019-04-26
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Andy Lutomirski <luto@kernel.org> · 2019-04-26
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Ingo Molnar <mingo@kernel.org> · 2019-04-27
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Ingo Molnar <mingo@kernel.org> · 2019-04-27
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · James Morris <jmorris@namei.org> · 2019-04-29
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Andy Lutomirski <luto@kernel.org> · 2019-04-29
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Andy Lutomirski <luto@kernel.org> · 2019-04-29
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Ingo Molnar <mingo@kernel.org> · 2019-04-30
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Peter Zijlstra <peterz@infradead.org> · 2019-04-30
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Ingo Molnar <mingo@kernel.org> · 2019-04-30
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Robert O'Callahan <hidden> · 2019-05-02
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Ingo Molnar <mingo@kernel.org> · 2019-05-02
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Robert O'Callahan <hidden> · 2019-05-02
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · James Bottomley <James.Bottomley@HansenPartnership.com> · 2019-04-26
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Dave Hansen <hidden> · 2019-04-26
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · James Bottomley <James.Bottomley@HansenPartnership.com> · 2019-04-26
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Andy Lutomirski <luto@amacapital.net> · 2019-04-26
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · James Bottomley <James.Bottomley@HansenPartnership.com> · 2019-04-26
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Andy Lutomirski <luto@amacapital.net> · 2019-04-26
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · James Bottomley <James.Bottomley@HansenPartnership.com> · 2019-04-26
Re: [RFC PATCH 2/7] x86/sci: add core implementation for system call isolation · Andy Lutomirski <luto@amacapital.net> · 2019-04-26
[RFC PATCH 3/7] x86/entry/64: add infrastructure for switching to isolated syscall context · Mike Rapoport <hidden> · 2019-04-25
[RFC PATCH 4/7] x86/sci: hook up isolated system call entry and exit · Mike Rapoport <hidden> · 2019-04-25
[RFC PATCH 5/7] x86/mm/fault: hook up SCI verification · Mike Rapoport <hidden> · 2019-04-25
Re: [RFC PATCH 5/7] x86/mm/fault: hook up SCI verification · Peter Zijlstra <peterz@infradead.org> · 2019-04-26
Re: [RFC PATCH 5/7] x86/mm/fault: hook up SCI verification · Mike Rapoport <hidden> · 2019-04-28
Re: [RFC PATCH 5/7] x86/mm/fault: hook up SCI verification · Andy Lutomirski <luto@kernel.org> · 2019-04-30
Re: [RFC PATCH 5/7] x86/mm/fault: hook up SCI verification · Mike Rapoport <hidden> · 2019-05-01
[RFC PATCH 6/7] security: enable system call isolation in kernel config · Mike Rapoport <hidden> · 2019-04-25
[RFC PATCH 7/7] sci: add example system calls to exercse SCI · Mike Rapoport <hidden> · 2019-04-25
Re: [RFC PATCH 0/7] x86: introduce system calls addess space isolation · Andy Lutomirski <luto@kernel.org> · 2019-04-26
Re: [RFC PATCH 0/7] x86: introduce system calls addess space isolation · Jiri Kosina <jikos@kernel.org> · 2019-04-26
Re: [RFC PATCH 0/7] x86: introduce system calls addess space isolation · Mike Rapoport <hidden> · 2019-04-28
Re: [RFC PATCH 0/7] x86: introduce system calls addess space isolation · Dave Hansen <hidden> · 2019-04-26
Re: [RFC PATCH 0/7] x86: introduce system calls addess space isolation · Mike Rapoport <hidden> · 2019-04-28

STALE2614d

From: Mike Rapoport <hidden>
Date: 2019-04-25 21:46:36
Also in: linux-mm, lkml
Subsystem: security subsystem, the rest · Maintainers: Paul Moore, James Morris, "Serge E. Hallyn", Linus Torvalds

Add SYSCALL_ISOLATION Kconfig option to enable build of SCI infrastructure.

Signed-off-by: Mike Rapoport <redacted>
---
 security/Kconfig | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/security/Kconfig b/security/Kconfig
index e4fe2f3..0c6929a 100644
--- a/security/Kconfig
+++ b/security/Kconfig

@@ -65,6 +65,16 @@ config PAGE_TABLE_ISOLATION
 
 	  See Documentation/x86/pti.txt for more details.
 
+config SYSCALL_ISOLATION
+	bool "System call isolation"
+	default n
+	depends on PAGE_TABLE_ISOLATION && !X86_PAE
+	help
+	  This is an experimental feature to allow executing system
+	  calls in an isolated address space.
+
+	  If you are unsure how to answer this question, answer N.
+
 config SECURITY_INFINIBAND
 	bool "Infiniband Security Hooks"
 	depends on SECURITY && INFINIBAND

-- 
2.7.4

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help