Author: emaste Date: Sun Oct 21 00:27:59 2018 New Revision: 339511 URL: https://svnweb.freebsd.org/changeset/base/339511
Log: Introduce src.conf knob to build userland with retpoline WITH_RETPOLINE enables -mretpoline vulnerability mitigation in userland for CVE-2017-5715. Reported by: Peter Malcom Reviewed by: markj MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D17421 Added: head/tools/build/options/WITH_RETPOLINE (contents, props changed) Modified: head/Makefile.inc1 head/share/mk/bsd.lib.mk head/share/mk/bsd.opts.mk head/share/mk/bsd.prog.mk Modified: head/Makefile.inc1 ============================================================================== --- head/Makefile.inc1 Sun Oct 21 00:20:40 2018 (r339510) +++ head/Makefile.inc1 Sun Oct 21 00:27:59 2018 (r339511) @@ -659,7 +659,7 @@ BSARGS= DESTDIR= \ -DNO_PIC MK_PROFILE=no -DNO_SHARED \ -DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no \ MK_CLANG_EXTRAS=no MK_CLANG_FULL=no \ - MK_LLDB=no MK_TESTS=no \ + MK_LLDB=no MK_RETPOLINE=no MK_TESTS=no \ MK_INCLUDES=yes BMAKE= \ @@ -680,7 +680,7 @@ TMAKE= \ -DNO_LINT \ -DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no \ MK_CLANG_EXTRAS=no MK_CLANG_FULL=no \ - MK_LLDB=no MK_TESTS=no + MK_LLDB=no MK_RETPOLINE=no MK_TESTS=no # cross-tools stage # TOOLS_PREFIX set in BMAKE @@ -703,7 +703,7 @@ KTMAKE= \ SSP_CFLAGS= \ MK_HTML=no -DNO_LINT MK_MAN=no \ -DNO_PIC MK_PROFILE=no -DNO_SHARED \ - -DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no + -DNO_CPU_CFLAGS MK_RETPOLINE=no MK_WARNS=no MK_CTF=no # world stage WMAKEENV= ${CROSSENV} \ @@ -2383,6 +2383,7 @@ NXBMAKEARGS+= \ MK_OFED=no \ MK_OPENSSH=no \ MK_PROFILE=no \ + MK_RETPOLINE=no \ MK_SENDMAIL=no \ MK_SVNLITE=no \ MK_TESTS=no \ Modified: head/share/mk/bsd.lib.mk ============================================================================== --- head/share/mk/bsd.lib.mk Sun Oct 21 00:20:40 2018 (r339510) +++ head/share/mk/bsd.lib.mk Sun Oct 21 00:27:59 2018 (r339511) @@ -69,6 +69,12 @@ TAGS+= package=${PACKAGE:Uruntime} TAG_ARGS= -T ${TAGS:[*]:S/ /,/g} .endif +.if ${MK_RETPOLINE} != "no" +CFLAGS+= -mretpoline +CXXFLAGS+= -mretpoline +LDFLAGS+= -Wl,-zretpolineplt +.endif + .if ${MK_DEBUG_FILES} != "no" && empty(DEBUG_FLAGS:M-g) && \ empty(DEBUG_FLAGS:M-gdwarf*) CFLAGS+= ${DEBUG_FILES_CFLAGS} Modified: head/share/mk/bsd.opts.mk ============================================================================== --- head/share/mk/bsd.opts.mk Sun Oct 21 00:20:40 2018 (r339510) +++ head/share/mk/bsd.opts.mk Sun Oct 21 00:27:59 2018 (r339511) @@ -72,6 +72,7 @@ __DEFAULT_NO_OPTIONS = \ CCACHE_BUILD \ CTF \ INSTALL_AS_USER \ + RETPOLINE \ STALE_STAGED __DEFAULT_DEPENDENT_OPTIONS = \ Modified: head/share/mk/bsd.prog.mk ============================================================================== --- head/share/mk/bsd.prog.mk Sun Oct 21 00:20:40 2018 (r339510) +++ head/share/mk/bsd.prog.mk Sun Oct 21 00:27:59 2018 (r339511) @@ -34,6 +34,12 @@ PROG= ${PROG_CXX} MK_DEBUG_FILES= no .endif +.if ${MK_RETPOLINE} != "no" +CFLAGS+= -mretpoline +CXXFLAGS+= -mretpoline +LDFLAGS+= -Wl,-zretpolineplt +.endif + .if defined(CRUNCH_CFLAGS) CFLAGS+=${CRUNCH_CFLAGS} .else Added: head/tools/build/options/WITH_RETPOLINE ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tools/build/options/WITH_RETPOLINE Sun Oct 21 00:27:59 2018 (r339511) @@ -0,0 +1,3 @@ +.\" $FreeBSD$ +Set to build the base system with the retpoline speculative execution +vulnerability mitigation for CVE-2017-5715. _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
