Page MenuHomeFreeBSD

D14242.id39582.diff
No OneTemporary

D14242.id39582.diff

Index: sys/conf/kern.mk
===================================================================
--- sys/conf/kern.mk
+++ sys/conf/kern.mk
@@ -203,7 +203,7 @@
# gcc and clang opimizers take advantage of this. The kernel makes
# use of signed integer wraparound mechanics so we need the compiler
# to treat it as a wraparound and not take shortcuts.
-#
+#
CFLAGS+= -fwrapv
#
@@ -214,6 +214,14 @@
CFLAGS+= -fstack-protector
.endif
+#
+# Retpoline speculative execution vulnerability mitigation (CVE-2017-5715)
+#
+.if defined(COMPILER_FEATURES) && ${COMPILER_FEATURES:Mretpoline} != "" && \
+ ${MK_KERNEL_RETPOLINE} != "no"
+CFLAGS+= -mretpoline
+.endif
+
#
# Add -gdwarf-2 when compiling -g. The default starting in clang v3.4
# and gcc 4.8 is to generate DWARF version 4. However, our tools don't
Index: sys/conf/kern.opts.mk
===================================================================
--- sys/conf/kern.opts.mk
+++ sys/conf/kern.opts.mk
@@ -47,6 +47,7 @@
__DEFAULT_NO_OPTIONS = \
EXTRA_TCP_STACKS \
+ KERNEL_RETPOLINE \
NAND \
OFED \
RATELIMIT \
@@ -85,6 +86,11 @@
BROKEN_OPTIONS+= OFED
.endif
+# Things that don't work based on toolchain support.
+.if ${MACHINE} != "amd64"
+BROKEN_OPTIONS+= KERNEL_RETPOLINE
+.endif
+
# expanded inline from bsd.mkopt.mk to avoid share/mk dependency
# Those that default to yes
Index: tools/build/options/WITHOUT_KERNEL_RETPOLINE
===================================================================
--- /dev/null
+++ tools/build/options/WITHOUT_KERNEL_RETPOLINE
@@ -0,0 +1,3 @@
+.\" $FreeBSD$
+Set to disable the "retpoline" mitigation for CVE-2017-5715 in the kernel
+build.
Index: tools/build/options/WITH_KERNEL_RETPOLINE
===================================================================
--- /dev/null
+++ tools/build/options/WITH_KERNEL_RETPOLINE
@@ -0,0 +1,3 @@
+.\" $FreeBSD$
+Set to enable the "retpoline" mitigation for CVE-2017-5715 in the kernel
+build.

File Metadata

Mime Type
text/plain
Expires
Thu, Jul 2, 7:58 AM (9 h, 19 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
34590293
Default Alt Text
D14242.id39582.diff (1 KB)

Event Timeline