We add two points where we add lfences to disable speculation: * In the memory buffer validation code, which takes memory addresses and sizes from userspace and determins whether this memory is actually accessible. * In the system call landing site, after the system call ID has been validated but before it is used. Kconfigs have been added to enable these checks if the CPU is not known to be immune on X86. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com> |
||
---|---|---|
.. | ||
arc | ||
arm | ||
common | ||
nios2 | ||
posix | ||
riscv32 | ||
x86 | ||
x86_64 | ||
xtensa | ||
CMakeLists.txt | ||
Kconfig |