www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Thomas Gleixner <tglx@linutronix.de>
	Fri, 4 May 2018 13:12:06 +0000 (15:12 +0200)
committer	Brian Maly <brian.maly@oracle.com>
	Mon, 21 May 2018 22:05:50 +0000 (18:05 -0400)
commit	9814a0ae796a37ea4829f30c3559442a2de96ce1
tree	43f86b7ea25823212c2b98e1156c1c27df80ee1b	tree
parent	9a65dc3423325855fe423f1476b20e3d2d5f486d	commit \| diff

seccomp: Move speculation migitation control to arch code

The migitation control is simpler to implement in architecture code as it
avoids the extra function call to check the mode. Aside of that having an
explicit seccomp enabled mode in the architecture mitigations would require
even more workarounds.

Move it into architecture code and provide a weak function in the seccomp
code. Remove the 'which' argument as this allows the architecture to decide
which mitigations are relevant for seccomp.

OraBug: 28041771
CVE: CVE-2018-3639

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
(cherry picked from commit 8bf37d8c067bb7eb8e7c381bdadf9bd89182b6bc)
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Mihai Carabas <mihai.carabas@oracle.com>
Conflicts:
arch/x86/kernel/cpu/bugs.c
[Which is called bugs_64.c in UEK4]
include/linux/nospec.h

[Which is called nospec-branch.h]

Signed-off-by: Brian Maly <brian.maly@oracle.com>

arch/x86/include/asm/nospec-branch.h		diff \| blob \| history
arch/x86/kernel/cpu/bugs_64.c		diff \| blob \| history
kernel/seccomp.c		diff \| blob \| history