From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <keescook@chromium.org>
Received: from mail-pg0-x236.google.com ([2607:f8b0:400e:c05::236])
	by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80)
	(envelope-from <keescook@chromium.org>)
	id 1fE2Sm-0005Kd-HV
	for speck@linutronix.de; Thu, 03 May 2018 02:51:12 +0200
Received: by mail-pg0-x236.google.com with SMTP id g20-v6so5177075pgv.1
        for <speck@linutronix.de>; Wed, 02 May 2018 17:51:12 -0700 (PDT)
Received: from www.outflux.net
 (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])        by
 smtp.gmail.com with ESMTPSA id t24sm23554955pfj.75.2018.05.02.17.51.03
        for <speck@linutronix.de>        (version=TLS1_2
 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);        Wed, 02 May 2018
 17:51:04 -0700 (PDT)
Message-Id: <cover.1525308267.git.keescook@chromium.org>
From: Kees Cook <keescook@chromium.org>
Date: Wed, 2 May 2018 17:44:27 -0700
Subject: [MODERATED] [PATCH SSBv11 0/3] seccomp 1
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

As seccomp use overlaps best (though not perfectly) with applications
most likely to want speculation flaw mitigations enabled, seccomp will
enable them when seccomp is enabled for a task. Also adds a line to
/proc/$pid/status for examining the mitigation state of a task.

-Kees


Kees Cook (3):
  nospec: Allow getting/setting on non-current task
  proc: Provide details on speculation flaw mitigations
  seccomp: Enable speculation flaw mitigations

 arch/x86/kernel/cpu/bugs.c | 27 ++++++++++++++++-----------
 fs/proc/array.c            | 22 ++++++++++++++++++++++
 include/linux/nospec.h     |  7 +++++--
 kernel/seccomp.c           | 18 ++++++++++++++++++
 kernel/sys.c               | 10 ++++++----
 5 files changed, 67 insertions(+), 17 deletions(-)

-- 
2.17.0