I see the ClearLinux kernel is compiled with retpolines. Any reason you choose not to support Control Flow Enforcement Tech of the Intel CPUs whenever possible? That is an option now in the glibc 2.7 + and binutils. I would think it might be something ClearLinux might support.
Relevant background: Kernel support for control-flow enforcement [LWN.net]
CET is not yet supported in any publicly available CPUs. We do however enable CET in our compiler flags. By the time these CPUs will be available, we should have all software recompiled with this feature.