kernel: add config for Spectre V1 mitigation
This is off by default, but may be selected by the arch configuration. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit is contained in:
Andrew Boie
Andrew Boie
parent
a96631dce9
commit
576ebf4991
1 changed files with 11 additions and 0 deletions
|
|
@ -651,6 +651,17 @@ config STACK_POINTER_RANDOM
|
||||||
This is currently only implemented for systems whose stack pointers
|
This is currently only implemented for systems whose stack pointers
|
||||||
grow towards lower memory addresses.
|
grow towards lower memory addresses.
|
||||||
|
|
||||||
|
config BOUNDS_CHECK_BYPASS_MITIGATION
|
||||||
|
bool "Enable bounds check bypass mitigations for speculative execution"
|
||||||
|
depends on USERSPACE
|
||||||
|
help
|
||||||
|
Untrusted parameters from user mode may be used in system calls to
|
||||||
|
index arrays during speculative execution, also known as the Spectre
|
||||||
|
V1 vulnerability. When enabled, various macros defined in
|
||||||
|
misc/speculation.h will insert fence instructions or other appropriate
|
||||||
|
mitigations after bounds checking any array index parameters passed
|
||||||
|
in from untrusted sources (user mode threads). When disabled, these
|
||||||
|
macros do nothing.
|
||||||
endmenu
|
endmenu
|
||||||
|
|
||||||
config MAX_DOMAIN_PARTITIONS
|
config MAX_DOMAIN_PARTITIONS
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue