www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Kees Cook <keescook@chromium.org>
	Thu, 3 May 2018 21:56:12 +0000 (14:56 -0700)
committer	Brian Maly <brian.maly@oracle.com>
	Mon, 21 May 2018 22:05:42 +0000 (18:05 -0400)
commit	9a65dc3423325855fe423f1476b20e3d2d5f486d
tree	f1ae4814e97f07da87ae0c1853c04de164ab298e	tree
parent	06a542b497e5c4a083873680df82e0134b2c2148	commit \| diff

seccomp: Add filter flag to opt-out of SSB mitigation

If a seccomp user is not interested in Speculative Store Bypass mitigation
by default, it can set the new SECCOMP_FILTER_FLAG_SPEC_ALLOW flag when
adding filters.

OraBug: 28041771
CVE: CVE-2018-3639

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
(cherry picked from commit 00a02d0c502a06d15e07b857f8ff921e3e402675)
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Mihai Carabas <mihai.carabas@oracle.com>
Conflicts:
include/linux/seccomp.h
include/uapi/linux/seccomp.h
tools/testing/selftests/seccomp/seccomp_bpf.c
[No eBPF in UEK4]

Signed-off-by: Brian Maly <brian.maly@oracle.com>

include/linux/seccomp.h		diff \| blob \| history
include/uapi/linux/seccomp.h		diff \| blob \| history
kernel/seccomp.c		diff \| blob \| history