summaryrefslogtreecommitdiff
path: root/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf.h
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/sandbox/linux/seccomp-bpf/sandbox_bpf.h')
-rw-r--r--chromium/sandbox/linux/seccomp-bpf/sandbox_bpf.h7
1 files changed, 7 insertions, 0 deletions
diff --git a/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf.h
index 282852992b2..98475061bf2 100644
--- a/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf.h
+++ b/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf.h
@@ -101,6 +101,13 @@ class SANDBOX_EXPORT SandboxBPF {
// been configured with SetSandboxPolicy().
void InstallFilter(bool must_sync_threads);
+ // Disable indirect branch speculation by prctl. This will be done by
+ // seccomp if SECCOMP_FILTER_FLAG_SPEC_ALLOW is not set. Seccomp will
+ // disable indirect branch speculation and speculative store bypass
+ // simultaneously. We use prctl in supplement to control the speculation
+ // features separately.
+ void DisableIBSpec();
+
base::ScopedFD proc_fd_;
bool sandbox_has_started_;
std::unique_ptr<bpf_dsl::Policy> policy_;
View Lorry Controller Status