Learn about `retpoline`

[yaobinwen]

What is retpoline all about?

[yaobinwen]

The Stack Overflow page [1] has a lot of information about it. Here are the major points:

• According to [2], the retpoline is "a special code sequence ... that can do indirect calls without speculation" to avoid the Spectre Attacks[3].
• According to [2], to use retpoline, the compiler that compiles the Linux kernel code must be configured to use the -mindirect-branch=thunk-extern option. After the compilation, the kernel's vermagic will include the string "retpoline".
• With that said, the various drivers' kernel modules need to be rebuilt to comply their vermagic lines with the kernel's vermagic, which further requires:
  • A compiler that supports the retpoline compilation, such as g++-7.
  • dkms package is recommended because it automatically rebuilds the drivers' kernel modules when a newer (or older) kernel is installed.

References:

• [1] What is a retpoline and how does it work?
• [2] Avoid speculative indirect calls in kernel
• [3] Spectre Attacks: Exploiting Speculative Execution