svn commit: r339511 - in head: . share/mk tools/build/options

Sun Oct 21 00:28:01 UTC 2018

Author: emaste
Date: Sun Oct 21 00:27:59 2018
New Revision: 339511
URL: https://svnweb.freebsd.org/changeset/base/339511

Log:
  Introduce src.conf knob to build userland with retpoline
  
  WITH_RETPOLINE enables -mretpoline vulnerability mitigation in userland
  for CVE-2017-5715.
  
  Reported by:	Peter Malcom
  Reviewed by:	markj
  MFC after:	1 week
  Sponsored by:	The FreeBSD Foundation
  Differential Revision:	https://reviews.freebsd.org/D17421

Added:
  head/tools/build/options/WITH_RETPOLINE   (contents, props changed)
Modified:
  head/Makefile.inc1
  head/share/mk/bsd.lib.mk
  head/share/mk/bsd.opts.mk
  head/share/mk/bsd.prog.mk

Modified: head/Makefile.inc1
==============================================================================

--- head/Makefile.inc1	Sun Oct 21 00:20:40 2018	(r339510)
+++ head/Makefile.inc1	Sun Oct 21 00:27:59 2018	(r339511)
@@ -659,7 +659,7 @@ BSARGS= 	DESTDIR= \
 		-DNO_PIC MK_PROFILE=no -DNO_SHARED \
 		-DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no \
 		MK_CLANG_EXTRAS=no MK_CLANG_FULL=no \
-		MK_LLDB=no MK_TESTS=no \
+		MK_LLDB=no MK_RETPOLINE=no MK_TESTS=no \
 		MK_INCLUDES=yes
 
 BMAKE=		\
@@ -680,7 +680,7 @@ TMAKE=		\
 		-DNO_LINT \
 		-DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no \
 		MK_CLANG_EXTRAS=no MK_CLANG_FULL=no \
-		MK_LLDB=no MK_TESTS=no
+		MK_LLDB=no MK_RETPOLINE=no MK_TESTS=no
 
 # cross-tools stage
 # TOOLS_PREFIX set in BMAKE
@@ -703,7 +703,7 @@ KTMAKE=		\
 		SSP_CFLAGS= \
 		MK_HTML=no -DNO_LINT MK_MAN=no \
 		-DNO_PIC MK_PROFILE=no -DNO_SHARED \
-		-DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no
+		-DNO_CPU_CFLAGS MK_RETPOLINE=no MK_WARNS=no MK_CTF=no
 
 # world stage
 WMAKEENV=	${CROSSENV} \
@@ -2383,6 +2383,7 @@ NXBMAKEARGS+= \
 	MK_OFED=no \
 	MK_OPENSSH=no \
 	MK_PROFILE=no \
+	MK_RETPOLINE=no \
 	MK_SENDMAIL=no \
 	MK_SVNLITE=no \
 	MK_TESTS=no \

Modified: head/share/mk/bsd.lib.mk
==============================================================================
--- head/share/mk/bsd.lib.mk	Sun Oct 21 00:20:40 2018	(r339510)
+++ head/share/mk/bsd.lib.mk	Sun Oct 21 00:27:59 2018	(r339511)
@@ -69,6 +69,12 @@ TAGS+=		package=${PACKAGE:Uruntime}
 TAG_ARGS=	-T ${TAGS:[*]:S/ /,/g}
 .endif
 
+.if ${MK_RETPOLINE} != "no"
+CFLAGS+= -mretpoline
+CXXFLAGS+= -mretpoline
+LDFLAGS+= -Wl,-zretpolineplt
+.endif
+
 .if ${MK_DEBUG_FILES} != "no" && empty(DEBUG_FLAGS:M-g) && \
     empty(DEBUG_FLAGS:M-gdwarf*)
 CFLAGS+= ${DEBUG_FILES_CFLAGS}

Modified: head/share/mk/bsd.opts.mk
==============================================================================
--- head/share/mk/bsd.opts.mk	Sun Oct 21 00:20:40 2018	(r339510)
+++ head/share/mk/bsd.opts.mk	Sun Oct 21 00:27:59 2018	(r339511)
@@ -72,6 +72,7 @@ __DEFAULT_NO_OPTIONS = \
     CCACHE_BUILD \
     CTF \
     INSTALL_AS_USER \
+    RETPOLINE \
     STALE_STAGED
 
 __DEFAULT_DEPENDENT_OPTIONS = \

Modified: head/share/mk/bsd.prog.mk
==============================================================================
--- head/share/mk/bsd.prog.mk	Sun Oct 21 00:20:40 2018	(r339510)
+++ head/share/mk/bsd.prog.mk	Sun Oct 21 00:27:59 2018	(r339511)
@@ -34,6 +34,12 @@ PROG=	${PROG_CXX}
 MK_DEBUG_FILES=	no
 .endif
 
+.if ${MK_RETPOLINE} != "no"
+CFLAGS+= -mretpoline
+CXXFLAGS+= -mretpoline
+LDFLAGS+= -Wl,-zretpolineplt
+.endif
+
 .if defined(CRUNCH_CFLAGS)
 CFLAGS+=${CRUNCH_CFLAGS}
 .else

Added: head/tools/build/options/WITH_RETPOLINE
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tools/build/options/WITH_RETPOLINE	Sun Oct 21 00:27:59 2018	(r339511)
@@ -0,0 +1,3 @@
+.\" $FreeBSD$
+Set to build the base system with the retpoline speculative execution
+vulnerability mitigation for CVE-2017-5715.
