summaryrefslogtreecommitdiff
path: root/arch/arm/mm/Kconfig
diff options
context:
space:
mode:
Diffstat (limited to 'arch/arm/mm/Kconfig')
-rw-r--r--arch/arm/mm/Kconfig17
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
index 2c7e308f8cab..07c3309b6288 100644
--- a/arch/arm/mm/Kconfig
+++ b/arch/arm/mm/Kconfig
@@ -947,3 +947,20 @@ config ARM_SAVE_DEBUG_CONTEXT_NO_LOCK
the ARM debug registers across CPU powerdown. This option
should not be selected unless you are actively debugging
the context save/restore code. If unsure, say N.
+
+config HARDEN_BRANCH_PREDICTOR
+ bool "Harden the branch predictor against aliasing attacks" if EXPERT
+ default y
+ help
+ Speculation attacks against some high-performance processors rely on
+ being able to manipulate the branch predictor for a victim context by
+ executing aliasing branches in the attacker context. Such attacks
+ can be partially mitigated against by clearing internal branch
+ predictor state and limiting the prediction logic in some situations.
+
+ This config option will take CPU-specific actions to harden the
+ branch predictor against aliasing attacks and may rely on specific
+ instruction sequences or control bits being set by the system
+ firmware.
+
+ If unsure, say Y.
generated by cgit v1.2.3 (git 2.0.4) at 2024-05-21 01:43:04 +0000