[PATCH 0/2] x86: allow to enable/disable modify_ldt at run time

From: Willy Tarreau
Date: Mon Aug 03 2015 - 14:24:59 EST

Next message: Shuah Khan: "Re: [PATCH 3.10 00/89] 3.10.85-stable review"
Previous message: Willy Tarreau: "[PATCH 2/2] x86/ldt: allow to disable modify_ldt at runtime"
Next in thread: Willy Tarreau: "[PATCH 1/2] sysctl: add a new generic strategy to make permanent changes on negative values"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is the second version. It adds a strategy for the sysctls so that we
can reject any change to a value that was already negative. This way it's
possible to disable modify_ldt temporarily or permanently (eg: lock down a
server) as suggested by Kees.

Willy Tarreau (2):
sysctl: add a new generic strategy to make permanent changes on
negative values
x86/ldt: allow to disable modify_ldt at runtime

Documentation/sysctl/kernel.txt | 16 +++++++++++++
arch/x86/Kconfig | 17 ++++++++++++++
arch/x86/kernel/ldt.c | 15 +++++++++++++
kernel/sysctl.c | 50 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 98 insertions(+)

--
1.7.12.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Shuah Khan: "Re: [PATCH 3.10 00/89] 3.10.85-stable review"
Previous message: Willy Tarreau: "[PATCH 2/2] x86/ldt: allow to disable modify_ldt at runtime"
Next in thread: Willy Tarreau: "[PATCH 1/2] sysctl: add a new generic strategy to make permanent changes on negative values"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]