From: Dave Hansen <dave.han...@linux.intel.com>
From: David Woodhouse <d...@amazon.co.uk>
Add retpoline compile option in Makefile
Update Makefile with retpoline compile options. This requires a gcc with the
retpoline compiler patches enabled.
Print a warning when the compiler doesn't support retpoline
[Originally from David and Tim, but hacked by AK]
Signed-off-by: David Woodhouse <d...@amazon.co.uk>
Signed-off-by: Tim Chen <tim.c.c...@linux.intel.com>
---
arch/x86/Makefile | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 3e73bc255e4e..dad4b24abdc9 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -230,6 +230,15 @@ KBUILD_CFLAGS += -Wno-sign-compare
#
KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
+#
+RETPOLINE_CFLAGS += $(call cc-option,-mindirect-branch=thunk-extern)
+ifneq ($(RETPOLINE_CFLAGS),)
+ KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE
+ KBUILD_AFLAGS += -DRETPOLINE
+else
+ $(warning Retpoline not supported in compiler. Kernel may be insecure.)
+endif
+
archscripts: scripts_basic
$(Q)$(MAKE) $(build)=arch/x86/tools relocs
--
2.14.3
