This is the documentation for the latest (main) development branch of Zephyr. If you are looking for the documentation of previous releases, use the drop-down menu on the left and select the desired version.

CONFIG_BOUNDS_CHECK_BYPASS_MITIGATION

Enable bounds check bypass mitigations for speculative execution

Type: bool

Help

Untrusted parameters from user mode may be used in system calls to
index arrays during speculative execution, also known as the Spectre
V1 vulnerability. When enabled, various macros defined in
misc/speculation.h will insert fence instructions or other appropriate
mitigations after bounds checking any array index parameters passed
in from untrusted sources (user mode threads). When disabled, these
macros do nothing.

Direct dependencies

USERSPACE

(Includes any dependencies from ifs and menus.)

Defaults

No defaults. Implicitly defaults to n.

Symbols that select this symbol

Kconfig definition

At kernel/Kconfig:704

Included via Kconfig:8Kconfig.zephyr:38

Menu path: (Top) → General Kernel Options → Security Options

config BOUNDS_CHECK_BYPASS_MITIGATION
    bool "Enable bounds check bypass mitigations for speculative execution"
    depends on USERSPACE
    help
      Untrusted parameters from user mode may be used in system calls to
      index arrays during speculative execution, also known as the Spectre
      V1 vulnerability. When enabled, various macros defined in
      misc/speculation.h will insert fence instructions or other appropriate
      mitigations after bounds checking any array index parameters passed
      in from untrusted sources (user mode threads). When disabled, these
      macros do nothing.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)