From Andi Kleen <> Subject Avoid speculative indirect calls in kernel Date Wed, 3 Jan 2018 15:09:23 -0800 This is a fix for Variant 2 in

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html



Any speculative indirect calls in the kernel can be tricked

to execute any kernel code, which may allow side channel

attacks that can leak arbitrary kernel data.



So we want to avoid speculative indirect calls in the kernel.



There's a special code sequence called a retpoline that can

do indirect calls without speculation. We use a new compiler

option -mindirect-branch=thunk-extern (gcc patch will be released

separately) to recompile the kernel with this new sequence.



We also patch all the assembler code in the kernel to use

the new sequence.



The patches were originally from David Woodhouse and Tim Chen,

but then reworked and enhanced by me.



No performance numbers at this point. 32bit is only boot tested.



Git tree available in

git://git.kernel.org/pub/scm/linux/kernel/git/ak/linux-misc spec/retpoline-415-1



v1: Initial post.



