]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
authorKees Cook <keescook@chromium.org>
Thu, 3 May 2018 21:37:54 +0000 (14:37 -0700)
committerStefan Bader <stefan.bader@canonical.com>
Wed, 16 May 2018 11:52:31 +0000 (13:52 +0200)
commitc74160030164da77f49bf9650d46ef888ed592ee
tree51de11cd841b325adce3e27f54453132c2d73e56
parent5b38e2446d357d573d1da424b9bfabef840d7fdf
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass

Unless explicitly opted out of, anything running under seccomp will have
SSB mitigations enabled. Choosing the "prctl" mode will disable this.

[ tglx: Adjusted it to the new arch_seccomp_spec_mitigate() mechanism ]

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
CVE-2018-3639 (x86)

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Documentation/admin-guide/kernel-parameters.txt
arch/x86/include/asm/nospec-branch.h
arch/x86/kernel/cpu/bugs.c