On 01/04/18 18:00, David Woodhouse wrote: > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index d4fc98c..1009d1a 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -429,6 +429,19 @@ config GOLDFISH > def_bool y > depends on X86_GOLDFISH > > +config RETPOLINE > + bool "Avoid speculative indirect branches in kernel" > + default y > + help > + Compile kernel with the retpoline compiler options to guard against > + kernel to user data leaks by avoiding speculative indirect
On first reading, I encountered a parse err^W^W <what the heck did that say> on "kernel to user data". I get it after rereading it, but kernel-to-user data leaks would be better. (IMHO) > + branches. Requires a compiler with -mindirect-branch=thunk-extern > + support for full protection. The kernel may run slower. > + > + Without compiler support, at least indirect branches in assembler > + code are eliminated. Since this includes the syscall entry path, > + it is not entirely pointless. -- ~Randy