• Andy Lutomirski's avatar
    x86/ldt: Make modify_ldt() optional · a5b9e5a2
    Andy Lutomirski authored
    The modify_ldt syscall exposes a large attack surface and is
    unnecessary for modern userspace.  Make it optional.
    Signed-off-by: default avatarAndy Lutomirski <luto@kernel.org>
    Reviewed-by: default avatarKees Cook <keescook@chromium.org>
    Cc: Andrew Cooper <andrew.cooper3@citrix.com>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: Brian Gerst <brgerst@gmail.com>
    Cc: Denys Vlasenko <dvlasenk@redhat.com>
    Cc: H. Peter Anvin <hpa@zytor.com>
    Cc: Jan Beulich <jbeulich@suse.com>
    Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Sasha Levin <sasha.levin@oracle.com>
    Cc: Steven Rostedt <rostedt@goodmis.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: security@kernel.org <security@kernel.org>
    Cc: xen-devel <xen-devel@lists.xen.org>
    Link: http://lkml.kernel.org/r/a605166a771c343fd64802dece77a903507333bd.1438291540.git.luto@kernel.org
    [ Made MATH_EMULATION dependent on MODIFY_LDT_SYSCALL. ]
    Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
    a5b9e5a2
step.c 6.05 KB