* [GIT PULL] seccomp updates for v5.16-rc1
@ 2021-11-01 16:44 Kees Cook
2021-11-02 0:51 ` pr-tracker-bot
0 siblings, 1 reply; 2+ messages in thread
From: Kees Cook @ 2021-11-01 16:44 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-kernel, Andrea Arcangeli, Josh Poimboeuf, Kees Cook, Waiman Long
Hi Linus,
Please pull these seccomp updates for v5.16-rc1. These are x86-specific,
but I carried these since they're also seccomp-specific. This flips
the prior conservative defaults for spec_store_bypass_disable and
spectre_v2_user from "seccomp" to "prctl", as enough time has passed
to allow system owners to have updated the defensive stances of their
various workloads, and it's long overdue to unpessimize seccomp threads.
Extensive rationale and details are in Andrea's main patch[1].
Thanks!
-Kees
[1] https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/seccomp&id=2f46993d83ff4abb310ef7b4beced56ba96f0d9d
The following changes since commit e4e737bb5c170df6135a127739a9e6148ee3da82:
Linux 5.15-rc2 (2021-09-19 17:28:22 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.16-rc1
for you to fetch changes up to d9bbdbf324cda23aa44873f505be77ed4b61d79c:
x86: deduplicate the spectre_v2_user documentation (2021-10-04 12:12:57 -0700)
----------------------------------------------------------------
seccomp updates for v5.16-rc1
- set spec_store_bypass_disable & spectre_v2_user to prctl (Andrea Arcangeli)
----------------------------------------------------------------
Andrea Arcangeli (2):
x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl
x86: deduplicate the spectre_v2_user documentation
Documentation/admin-guide/hw-vuln/spectre.rst | 61 +++----------------------
Documentation/admin-guide/kernel-parameters.txt | 5 +-
arch/x86/kernel/cpu/bugs.c | 4 +-
3 files changed, 10 insertions(+), 60 deletions(-)
--
Kees Cook
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [GIT PULL] seccomp updates for v5.16-rc1
2021-11-01 16:44 [GIT PULL] seccomp updates for v5.16-rc1 Kees Cook
@ 2021-11-02 0:51 ` pr-tracker-bot
0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2021-11-02 0:51 UTC (permalink / raw)
To: Kees Cook
Cc: Linus Torvalds, linux-kernel, Andrea Arcangeli, Josh Poimboeuf,
Kees Cook, Waiman Long
The pull request you sent on Mon, 1 Nov 2021 09:44:50 -0700:
> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.16-rc1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/a5a9e006059e7ac1af3df57d6d7c53e385da5deb
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-02 0:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-01 16:44 [GIT PULL] seccomp updates for v5.16-rc1 Kees Cook
2021-11-02 0:51 ` pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).