3.16.59-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner tglx@linutronix.de
commit b849a812f7eb92e96d1c8239b06581b2cfd8b275 upstream.
Use PR_SPEC_FORCE_DISABLE in seccomp() because seccomp does not allow to widen restrictions.
Signed-off-by: Thomas Gleixner tglx@linutronix.de Signed-off-by: Ben Hutchings ben@decadent.org.uk --- kernel/seccomp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -217,7 +217,7 @@ static inline void spec_mitigate(struct int state = arch_prctl_spec_ctrl_get(task, which);
if (state > 0 && (state & PR_SPEC_PRCTL)) - arch_prctl_spec_ctrl_set(task, which, PR_SPEC_DISABLE); + arch_prctl_spec_ctrl_set(task, which, PR_SPEC_FORCE_DISABLE); }
static inline void seccomp_assign_mode(unsigned long seccomp_mode)