]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 32e3c48) | patch
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
authorKees Cook <keescook@chromium.org>
Thu, 3 May 2018 21:37:54 +0000 (14:37 -0700)
committerStefan Bader <stefan.bader@canonical.com>
Mon, 14 May 2018 10:39:18 +0000 (12:39 +0200)
commit4eae6d512317a9b3b4c1779691c94012e7c2d331
treedd756ee7d0e04b8c9733b924ebac12cf87e5d109tree
parent32e3c48098bc81b2f258e1baea3cc2851dd423e8commit | diff
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass

Unless explicitly opted out of, anything running under seccomp will have
SSB mitigations enabled. Choosing the "prctl" mode will disable this.

[ tglx: Adjusted it to the new arch_seccomp_spec_mitigate() mechanism ]

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
CVE-2018-3639 (x86)

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Documentation/admin-guide/kernel-parameters.txt diff | blob | blame | history
arch/x86/include/asm/nospec-branch.h diff | blob | blame | history
arch/x86/kernel/cpu/bugs.c diff | blob | blame | history
Ubuntu Artful kernel mirror