Avoid speculative indirect branches in kernel
modulename: retpoline-export.ko
configname: CONFIG_RETPOLINE
Linux Kernel Configuration
└─>Processor type and features
└─>Avoid speculative indirect branches in kernel
In linux kernel since version 3.10 (release Date: 2013-06-30)
Compile kernel with the retpoline compiler options to guard against
kernel-to-user data leaks by avoiding speculative indirect
branches. Requires a compiler with -mindirect-branch=thunk-extern
support for full protection. The kernel may run slower.
Without compiler support, at least indirect branches in assembler
code are eliminated. Since this includes the syscall entry path,
it is not entirely pointless.
kernel-to-user data leaks by avoiding speculative indirect
branches. Requires a compiler with -mindirect-branch=thunk-extern
support for full protection. The kernel may run slower.
Without compiler support, at least indirect branches in assembler
code are eliminated. Since this includes the syscall entry path,
it is not entirely pointless.