UBUNTU: SAUCE: x86/bugs: Make boot modes __ro_after_init

CVE-2018-3639 (x86) There's no reason for these to be changed after boot. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Juerg Haefliger <juergh@canonical.com>

UBUNTU: SAUCE: x86/bugs: Make boot modes __ro_after_init
CVE-2018-3639 (x86) There's no reason for these to be changed after boot. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Juerg Haefliger <juergh@canonical.com>
d50a758a · Kees Cook · Juerg Haefliger · f3b21b13 · d50a758a
Commit d50a758a authored May 03, 2018 by Kees Cook Committed by Juerg Haefliger May 16, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

arch/x86/kernel/cpu/bugs.c arch/x86/kernel/cpu/bugs.c +3 -2

No files found.
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -129,7 +129,8 @@ static const char *spectre_v2_strings[] = {
 #undef pr_fmt
 #define pr_fmt(fmt)     "Spectre V2 : " fmt

-static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE;
+static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init =
+	SPECTRE_V2_NONE;

 void x86_spec_ctrl_set(u64 val)
 {
@@ -432,7 +433,7 @@ static void __init spectre_v2_select_mitigation(void)
 #undef pr_fmt
 #define pr_fmt(fmt)	"Speculative Store Bypass: " fmt

-static enum ssb_mitigation ssb_mode = SPEC_STORE_BYPASS_NONE;
+static enum ssb_mitigation ssb_mode __ro_after_init = SPEC_STORE_BYPASS_NONE;

 /* The kernel command line selection */
 enum ssb_mitigation_cmd {