:orphan: .. title:: CONFIG_BOUNDS_CHECK_BYPASS_MITIGATION .. kconfig:: CONFIG_BOUNDS_CHECK_BYPASS_MITIGATION CONFIG_BOUNDS_CHECK_BYPASS_MITIGATION ##################################### *Enable bounds check bypass mitigations for speculative execution* Type: ``bool`` Help ==== .. code-block:: none Untrusted parameters from user mode may be used in system calls to index arrays during speculative execution, also known as the Spectre V1 vulnerability. When enabled, various macros defined in misc/speculation.h will insert fence instructions or other appropriate mitigations after bounds checking any array index parameters passed in from untrusted sources (user mode threads). When disabled, these macros do nothing. Direct dependencies =================== \ :kconfig:`USERSPACE ` *(Includes any dependencies from ifs and menus.)* Defaults ======== No defaults. Implicitly defaults to ``n``. Symbols that select this symbol =============================== - \ :kconfig:`X86_BOUNDS_CHECK_BYPASS_MITIGATION ` Kconfig definition ================== At ``/Kconfig:712`` Included via ``Kconfig:8`` → ``Kconfig.zephyr:40`` Menu path: (Top) → General Kernel Options → Security Options .. code-block:: kconfig config BOUNDS_CHECK_BYPASS_MITIGATION bool "Enable bounds check bypass mitigations for speculative execution" depends on USERSPACE help Untrusted parameters from user mode may be used in system calls to index arrays during speculative execution, also known as the Spectre V1 vulnerability. When enabled, various macros defined in misc/speculation.h will insert fence instructions or other appropriate mitigations after bounds checking any array index parameters passed in from untrusted sources (user mode threads). When disabled, these macros do nothing. *(The 'depends on' condition includes propagated dependencies from ifs and menus.)*