kernel: add config for Spectre V1 mitigation
This is off by default, but may be selected by the arch configuration. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit is contained in:
parent
a96631dce9
commit
576ebf4991
1 changed files with 11 additions and 0 deletions
|
@ -651,6 +651,17 @@ config STACK_POINTER_RANDOM
|
|||
This is currently only implemented for systems whose stack pointers
|
||||
grow towards lower memory addresses.
|
||||
|
||||
config BOUNDS_CHECK_BYPASS_MITIGATION
|
||||
bool "Enable bounds check bypass mitigations for speculative execution"
|
||||
depends on USERSPACE
|
||||
help
|
||||
Untrusted parameters from user mode may be used in system calls to
|
||||
index arrays during speculative execution, also known as the Spectre
|
||||
V1 vulnerability. When enabled, various macros defined in
|
||||
misc/speculation.h will insert fence instructions or other appropriate
|
||||
mitigations after bounds checking any array index parameters passed
|
||||
in from untrusted sources (user mode threads). When disabled, these
|
||||
macros do nothing.
|
||||
endmenu
|
||||
|
||||
config MAX_DOMAIN_PARTITIONS
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue