From: Andrea Arcangeli <andrea@cpushare.com>
Subject: [PATCH seccomp: make tsc disabling optional
Patch-mainline: unknown
References: 191123

Make the TSC disable purely paranoid feature optional, so by default seccomp
returns absolutely zerocost.

Ported from 2.6.19 to 2.6.24-rc7 by Jeff Mahoney.
Addition of x86-64 by Jan Beulich.

Signed-off-by: Andrea Arcangeli <andrea@cpushare.com>
Acked-by: Jeff Mahoney <jeffm@suse.com>
---
 arch/x86/Kconfig          |   12 ++++++++++++
 arch/x86/kernel/process.c |    2 ++
 2 files changed, 14 insertions(+)

--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1437,6 +1437,18 @@ config SECCOMP
 
 	  If unsure, say Y. Only embedded should say N here.
 
+config SECCOMP_DISABLE_TSC
+	bool "Disable the TSC for seccomp tasks"
+	depends on SECCOMP
+	default n
+	help
+	  This feature mathematically prevents covert channels
+	  for tasks running under SECCOMP. This can generate
+	  a minuscule overhead in the scheduler.
+
+	  If you care most about performance say N. Say Y only if you're
+	  paranoid about covert channels.
+
 config CC_STACKPROTECTOR
 	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
 	---help---
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -115,6 +115,7 @@ static void hard_disable_TSC(void)
 
 void disable_TSC(void)
 {
+#ifdef CONFIG_SECCOMP_DISABLE_TSC
 	preempt_disable();
 	if (!test_and_set_thread_flag(TIF_NOTSC))
 		/*
@@ -123,6 +124,7 @@ void disable_TSC(void)
 		 */
 		hard_disable_TSC();
 	preempt_enable();
+#endif
 }
 
 static void hard_enable_TSC(void)
