lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 1 Nov 2021 09:44:50 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org,
        Andrea Arcangeli <aarcange@...hat.com>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Kees Cook <keescook@...omium.org>,
        Waiman Long <longman@...hat.com>
Subject: [GIT PULL] seccomp updates for v5.16-rc1

Hi Linus,

Please pull these seccomp updates for v5.16-rc1. These are x86-specific,
but I carried these since they're also seccomp-specific. This flips
the prior conservative defaults for spec_store_bypass_disable and
spectre_v2_user from "seccomp" to "prctl", as enough time has passed
to allow system owners to have updated the defensive stances of their
various workloads, and it's long overdue to unpessimize seccomp threads.
Extensive rationale and details are in Andrea's main patch[1].

Thanks!

-Kees

[1] https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/seccomp&id=2f46993d83ff4abb310ef7b4beced56ba96f0d9d

The following changes since commit e4e737bb5c170df6135a127739a9e6148ee3da82:

  Linux 5.15-rc2 (2021-09-19 17:28:22 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.16-rc1

for you to fetch changes up to d9bbdbf324cda23aa44873f505be77ed4b61d79c:

  x86: deduplicate the spectre_v2_user documentation (2021-10-04 12:12:57 -0700)

----------------------------------------------------------------
seccomp updates for v5.16-rc1

- set spec_store_bypass_disable & spectre_v2_user to prctl (Andrea Arcangeli)

----------------------------------------------------------------
Andrea Arcangeli (2):
      x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl
      x86: deduplicate the spectre_v2_user documentation

 Documentation/admin-guide/hw-vuln/spectre.rst   | 61 +++----------------------
 Documentation/admin-guide/kernel-parameters.txt |  5 +-
 arch/x86/kernel/cpu/bugs.c                      |  4 +-
 3 files changed, 10 insertions(+), 60 deletions(-)

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ