diff options
| author | Kees Cook <keescook@chromium.org> | 2018-05-03 14:37:54 -0700 |
|---|---|---|
| committer | Thomas Gleixner <tglx@linutronix.de> | 2018-05-05 00:51:45 +0200 |
| commit | f21b53b20c754021935ea43364dbf53778eeba32 (patch) | |
| tree | 56c873b4f7dc9b7561858f8e7e4a6bfc2ba8eeeb /arch/x86/include/asm/nospec-branch.h | |
| parent | 8bf37d8c067bb7eb8e7c381bdadf9bd89182b6bc (diff) | |
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
Unless explicitly opted out of, anything running under seccomp will have
SSB mitigations enabled. Choosing the "prctl" mode will disable this.
[ tglx: Adjusted it to the new arch_seccomp_spec_mitigate() mechanism ]
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Diffstat (limited to 'arch/x86/include/asm/nospec-branch.h')
| -rw-r--r-- | arch/x86/include/asm/nospec-branch.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index 71ad01422655..328ea3cb769f 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -233,6 +233,7 @@ enum ssb_mitigation { SPEC_STORE_BYPASS_NONE, SPEC_STORE_BYPASS_DISABLE, SPEC_STORE_BYPASS_PRCTL, + SPEC_STORE_BYPASS_SECCOMP, }; extern char __indirect_thunk_start[]; |