Page MenuHomeFreeBSD
Files F131985166

D14242.id39001.diff
No OneTemporary
Actions

D14242.id39001.diff
View Options

Index: sys/conf/kern.mk
===================================================================
--- sys/conf/kern.mk
+++ sys/conf/kern.mk
@@ -203,7 +203,7 @@
# gcc and clang opimizers take advantage of this. The kernel makes
# use of signed integer wraparound mechanics so we need the compiler
# to treat it as a wraparound and not take shortcuts.
-#
+#
CFLAGS+= -fwrapv
#
@@ -214,6 +214,16 @@
CFLAGS+= -fstack-protector
.endif
+#
+# Retpoline speculative execution vulnerability mitigation (CVE-2017-5715)
+#
+.if ${MK_RETPOLINE} != "no"
+.if defined(COMPILER_FEATURES) && ${LINKER_FEATURES:Mretpoline} == ""
+.error Retpoline enabled but not supported by the compiler.
+.endif
+CFLAGS+= -mretpoline
+.endif
+
#
# Add -gdwarf-2 when compiling -g. The default starting in clang v3.4
# and gcc 4.8 is to generate DWARF version 4. However, our tools don't
Index: sys/conf/kern.opts.mk
===================================================================
--- sys/conf/kern.opts.mk
+++ sys/conf/kern.opts.mk
@@ -41,6 +41,7 @@
NETGRAPH \
PF \
REPRODUCIBLE_BUILD \
+ RETPOLINE \
SOURCELESS_HOST \
SOURCELESS_UCODE \
TESTS \
@@ -87,6 +88,11 @@
BROKEN_OPTIONS+= OFED
.endif
+# Things that don't work based on toolchain support.
+.if ${MACHINE} != "amd64"
+BROKEN_OPTIONS+= RETPOLINE
+.endif
+
# expanded inline from bsd.mkopt.mk to avoid share/mk dependency
# Those that default to yes
Index: tools/build/options/WITHOUT_RETPOLINE
===================================================================
--- /dev/null
+++ tools/build/options/WITHOUT_RETPOLINE
@@ -0,0 +1,3 @@
+.\" $FreeBSD$
+Set to disable the "retpoline" mitigation for CVE-2017-5715 in the kernel
+build.

File Metadata

Mime Type
text/plain
Expires
Mon, Oct 13, 5:31 PM (12 h, 6 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
23685779
Default Alt Text
D14242.id39001.diff (1 KB)

Event Timeline