x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass

commit f21b53b20c754021935ea43364dbf53778eeba32 upstream Unless explicitly opted out of, anything running under seccomp will have SSB mitigations enabled. Choosing the "prctl" mode will disable this. [ tglx: Adjusted it to the new arch_seccomp_spec_mitigate() mechanism ] Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Kees Cook <keescook@chromium.org> 2018-05-04 00:37:54 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-05-22 17:58:02 +0300
commit: 05a85a396f3989e9ac953785d9dccfc7cd0110f2 (patch)
tree: 7636561963031b056f6bb829e0682bb9f9449582 /arch/x86/include/asm/nospec-branch.h
parent: 094c2767c4f02c36eabc27309d78b04f4a216e88 (diff)
download: linux-05a85a396f3989e9ac953785d9dccfc7cd0110f2.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index 71ad01422655..328ea3cb769f 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -233,6 +233,7 @@ enum ssb_mitigation {
 	SPEC_STORE_BYPASS_NONE,
 	SPEC_STORE_BYPASS_DISABLE,
 	SPEC_STORE_BYPASS_PRCTL,
+	SPEC_STORE_BYPASS_SECCOMP,
 };
 
 extern char __indirect_thunk_start[];
author	Kees Cook <keescook@chromium.org>	2018-05-04 00:37:54 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-05-22 17:58:02 +0300
commit	05a85a396f3989e9ac953785d9dccfc7cd0110f2 (patch)
tree	7636561963031b056f6bb829e0682bb9f9449582 /arch/x86/include/asm/nospec-branch.h
parent	094c2767c4f02c36eabc27309d78b04f4a216e88 (diff)
download	linux-05a85a396f3989e9ac953785d9dccfc7cd0110f2.tar.xz