Merge branch 'linux-linaro-lsk-v4.4' into linux-linaro-lsk-v4.4-androidlsk-v4.4-18.02-android

author: Alex Shi <alex.shi@linaro.org> 2018-02-01 12:02:38 +0800
committer: Alex Shi <alex.shi@linaro.org> 2018-02-01 12:02:38 +0800
commit: 59e35359ec360b74e9013ccab84c19ce53db38f9 (patch)
tree: f6c5cca3189d2140f23e7a71ee3f167c7e6f748e /arch/x86/Kconfig
parent: c210bc406de6a7993b8d7f30c28436be80de7694 (diff)
parent: a40f2a595adfe0be6ced06fdb4c4a24ae3291a91 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 09332bd6e05a..6151c916dab7 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -395,6 +395,19 @@ config GOLDFISH
        def_bool y
        depends on X86_GOLDFISH
 
+config RETPOLINE
+	bool "Avoid speculative indirect branches in kernel"
+	default y
+	---help---
+	  Compile kernel with the retpoline compiler options to guard against
+	  kernel-to-user data leaks by avoiding speculative indirect
+	  branches. Requires a compiler with -mindirect-branch=thunk-extern
+	  support for full protection. The kernel may run slower.
+
+	  Without compiler support, at least indirect branches in assembler
+	  code are eliminated. Since this includes the syscall entry path,
+	  it is not entirely pointless.
+
 if X86_32
 config X86_EXTENDED_PLATFORM
 	bool "Support for extended (non-PC) x86 platforms"
author	Alex Shi <alex.shi@linaro.org>	2018-02-01 12:02:38 +0800
committer	Alex Shi <alex.shi@linaro.org>	2018-02-01 12:02:38 +0800
commit	59e35359ec360b74e9013ccab84c19ce53db38f9 (patch)
tree	f6c5cca3189d2140f23e7a71ee3f167c7e6f748e /arch/x86/Kconfig
parent	c210bc406de6a7993b8d7f30c28436be80de7694 (diff)
parent	a40f2a595adfe0be6ced06fdb4c4a24ae3291a91 (diff)