HomeFreeBSD

Add kernel retpoline option for amd64

Description

Add kernel retpoline option for amd64

Retpoline is a compiler-based mitigation for CVE-2017-5715, also known
as Spectre V2, that protects against speculative execution branch target
injection attacks.

In this commit it is disabled by default, but will be changed in a
followup commit.

Reviewed by: bdrewery (previous version)
MFC after: 3 days
Security: CVE-2017-5715
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D14242

Details

Provenance
emasteAuthored on
Reviewer
bdrewery
Differential Revision
D14242: Enable kernel retpoline support
Parents
rS330109: MFC r329843:
Branches
Unknown
Tags
Unknown