-
CONFIG_DISABLE_SSBD¶
Disable Speculative Store Bypass
Type: bool
Help¶
This option will disable Speculative Store Bypass in order to mitigate against certain kinds of side channel attacks. Quoting the “Speculative Execution Side Channels” document, version 2.0:
When SSBD is set, loads will not execute speculatively until the addresses of all older stores are known. This ensure s that a load does not speculatively consume stale data values due to bypassing an older store on the same logical processor.
If enabled, this applies to all threads in the system.
Even if enabled, will have no effect on CPUs that do not require this feature.
Defaults¶
- “y” if !
X86_NO_SPECTRE_V4&&USERSPACE&&X86
Kconfig definition¶
At arch/x86/core/Kconfig:66
Included via Kconfig:10 → Kconfig.zephyr:29 → arch/Kconfig:15 → arch/x86/Kconfig:14
Menu path: (top menu) → X86 Architecture Options
config DISABLE_SSBD
bool
prompt "Disable Speculative Store Bypass" if USERSPACE && X86
default "y" if !X86_NO_SPECTRE_V4 && USERSPACE && X86
depends on USERSPACE && X86
help
This option will disable Speculative Store Bypass in order to
mitigate against certain kinds of side channel attacks. Quoting
the "Speculative Execution Side Channels" document, version 2.0:
When SSBD is set, loads will not execute speculatively
until the addresses of all older stores are known. This
ensure s that a load does not speculatively consume stale
data values due to bypassing an older store on the same
logical processor.
If enabled, this applies to all threads in the system.
Even if enabled, will have no effect on CPUs that do not
require this feature.
(Definitions include propagated dependencies, including from if’s and menus.)