In order to mitigate against kernel or cross-process memory disclosure (the Spectre attack), the Linux kernel1 will be compiled with a new option, -mindirect-branch=thunk-extern introduced to gcc to perform indirect calls through a so-called retpoline.
This appears to be a newly invented term as a Google search turns up only very recent use (generally all in 2018).
What is a retpoline and how does it prevent the recent kernel information disclosure attacks?
1 It’s not Linux specific, however – similar or identical construct seems to be used as part of the mitigation strategies on other OSes.
