What is a retpoline and how does it work?
Asked 07 September, 2021
Viewed 1.7K times
  • 50
Votes

In order to mitigate against kernel or cross-process memory disclosure (the Spectre attack), the Linux kernel1 will be compiled with a new option, -mindirect-branch=thunk-extern introduced to gcc to perform indirect calls through a so-called retpoline.

This appears to be a newly invented term as a Google search turns up only very recent use (generally all in 2018).

What is a retpoline and how does it prevent the recent kernel information disclosure attacks?


1 It's not Linux specific, however - similar or identical construct seems to be used as part of the mitigation strategies on other OSes.

3 Answer