]> git.itanic.dy.fi Git - linux-stable/commit
projects / linux-stable / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a92b6ff) | patch
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
authorKees Cook <keescook@chromium.org>
Thu, 3 May 2018 21:37:54 +0000 (14:37 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 22 May 2018 16:56:28 +0000 (18:56 +0200)
commit9378c64a76a07988b933383d947f919fc8a1d4ac
tree106509202f8b2086d3644f2895d2a7aa78d0e971tree | snapshot
parenta92b6ffb737fe3214251d3827bddefc012ead5a6commit | diff
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass

commit f21b53b20c754021935ea43364dbf53778eeba32 upstream

Unless explicitly opted out of, anything running under seccomp will have
SSB mitigations enabled. Choosing the "prctl" mode will disable this.

[ tglx: Adjusted it to the new arch_seccomp_spec_mitigate() mechanism ]

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Documentation/admin-guide/kernel-parameters.txt diff | blob | history
arch/x86/include/asm/nospec-branch.h diff | blob | history
arch/x86/kernel/cpu/bugs.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.