kernel: add config for Spectre V1 mitigation

This is off by default, but may be selected by the arch
configuration.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit is contained in:
Andrew Boie 2019-03-07 15:56:55 -08:00 committed by Andrew Boie
commit 576ebf4991

View file

@ -651,6 +651,17 @@ config STACK_POINTER_RANDOM
This is currently only implemented for systems whose stack pointers
grow towards lower memory addresses.
config BOUNDS_CHECK_BYPASS_MITIGATION
bool "Enable bounds check bypass mitigations for speculative execution"
depends on USERSPACE
help
Untrusted parameters from user mode may be used in system calls to
index arrays during speculative execution, also known as the Spectre
V1 vulnerability. When enabled, various macros defined in
misc/speculation.h will insert fence instructions or other appropriate
mitigations after bounds checking any array index parameters passed
in from untrusted sources (user mode threads). When disabled, these
macros do nothing.
endmenu
config MAX_DOMAIN_PARTITIONS