projects / platform / kernel / linux-rpi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 61dfdc1) | patch
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
authorKees Cook <keescook@chromium.org>
Thu, 3 May 2018 21:37:54 +0000 (14:37 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 22 May 2018 16:54:04 +0000 (18:54 +0200)
commit0f18f44ce076e48d25c1b03e15f3b588ba0f9df1
tree58e299fad37e4a39c18bbb31547f36cd8da37d7atree | snapshot
parent61dfdc12ff35cd6f196a543271174ae611e36fb1commit | diff
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass

commit f21b53b20c754021935ea43364dbf53778eeba32 upstream

Unless explicitly opted out of, anything running under seccomp will have
SSB mitigations enabled. Choosing the "prctl" mode will disable this.

[ tglx: Adjusted it to the new arch_seccomp_spec_mitigate() mechanism ]

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Documentation/admin-guide/kernel-parameters.txt diff | blob | history
arch/x86/include/asm/nospec-branch.h diff | blob | history
arch/x86/kernel/cpu/bugs.c diff | blob | history
Domain: System / Kernel;