CONFIG_BOUNDS_CHECK_BYPASS_MITIGATION
Enable bounds check bypass mitigations for speculative execution
Type: bool
Help
Untrusted parameters from user mode may be used in system calls to
index arrays during speculative execution, also known as the Spectre
V1 vulnerability. When enabled, various macros defined in
misc/speculation.h will insert fence instructions or other appropriate
mitigations after bounds checking any array index parameters passed
in from untrusted sources (user mode threads). When disabled, these
macros do nothing.
Direct dependencies
(Includes any dependencies from ifs and menus.)
Defaults
No defaults. Implicitly defaults to n.
Symbols that select this symbol
Kconfig definition
At <Zephyr>/kernel/Kconfig:735
Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:40
Menu path: (Top) → General Kernel Options → Security Options
config BOUNDS_CHECK_BYPASS_MITIGATION
bool "Enable bounds check bypass mitigations for speculative execution"
depends on USERSPACE
help
Untrusted parameters from user mode may be used in system calls to
index arrays during speculative execution, also known as the Spectre
V1 vulnerability. When enabled, various macros defined in
misc/speculation.h will insert fence instructions or other appropriate
mitigations after bounds checking any array index parameters passed
in from untrusted sources (user mode threads). When disabled, these
macros do nothing.
(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)