www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Kees Cook <keescook@chromium.org>
	Thu, 3 May 2018 21:37:54 +0000 (14:37 -0700)
committer	Brian Maly <brian.maly@oracle.com>
	Mon, 21 May 2018 22:05:58 +0000 (18:05 -0400)
commit	b2eaac4a86ea4a7a0b1d7edb656ed1418c83952e
tree	88faeedd944e14e00432ab46a4a8682b6f0cb048	tree
parent	9814a0ae796a37ea4829f30c3559442a2de96ce1	commit \| diff

x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass

Unless explicitly opted out of, anything running under seccomp will have
SSB mitigations enabled. Choosing the "prctl" mode will disable this.

[ tglx: Adjusted it to the new arch_seccomp_spec_mitigate() mechanism ]

OraBug: 28041771
CVE: CVE-2018-3639

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
(cherry picked from commit f21b53b20c754021935ea43364dbf53778eeba32)
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Mihai Carabas <mihai.carabas@oracle.com>
Conflicts:
Documentation/admin-guide/kernel-parameters.txt
[It is called Documentation/kernel-paramters.txt]

arch/x86/include/asm/nospec-branch.h

[Different name..]
arch/x86/kernel/cpu/bugs.c
[And again, bugs_64.c, and also we did provide the SPEC_STORE_BYPASS_USERSPACE]

Signed-off-by: Brian Maly <brian.maly@oracle.com>

Documentation/kernel-parameters.txt		diff \| blob \| history
arch/x86/include/asm/nospec-branch.h		diff \| blob \| history
arch/x86/kernel/cpu/bugs_64.c		diff \| blob \| history