diff options
Diffstat (limited to 'arch/arm64/Kconfig')
| -rw-r--r-- | arch/arm64/Kconfig | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index be665760f2bd..c8c9f16e226f 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -305,6 +305,20 @@ endmenu menu "Kernel Features" +config RETPOLINE + bool "Avoid speculative indirect branches in kernel" + default y + select STACK_VALIDATION if HAVE_STACK_VALIDATION + help + Compile kernel with the retpoline compiler options to guard against + kernel-to-user data leaks by avoiding speculative indirect + branches. Requires a compiler with -mindirect-branch=thunk-extern + support for full protection. The kernel may run slower. + + Without compiler support, at least indirect branches in assembler + code are eliminated. Since this includes the syscall entry path, + it is not entirely pointless. + menu "ARM errata workarounds via the alternatives framework" config ARM64_ERRATUM_826319 |