x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
authorKees Cook <keescook@chromium.org>
Thu, 3 May 2018 21:37:54 +0000 (14:37 -0700)
committerThomas Gleixner <tglx@linutronix.de>
Fri, 4 May 2018 22:51:45 +0000 (00:51 +0200)
commitf21b53b20c754021935ea43364dbf53778eeba32
tree56c873b4f7dc9b7561858f8e7e4a6bfc2ba8eeeb
parent8bf37d8c067bb7eb8e7c381bdadf9bd89182b6bc
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass

Unless explicitly opted out of, anything running under seccomp will have
SSB mitigations enabled. Choosing the "prctl" mode will disable this.

[ tglx: Adjusted it to the new arch_seccomp_spec_mitigate() mechanism ]

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Documentation/admin-guide/kernel-parameters.txt
arch/x86/include/asm/nospec-branch.h
arch/x86/kernel/cpu/bugs.c