diff options
author | Darren Tucker <dtucker@dtucker.net> | 2018-02-11 09:32:37 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2018-02-11 09:32:37 +1100 |
commit | 3377df00ea3fece5293db85fe63baef33bf5152e (patch) | |
tree | 8bb0afdc52a68c51aa6aed773a9efc4db04ac492 | |
parent | d9e5cf078ea5380da6df767bb1773802ec557ef0 (diff) |
Add checks for Spectre v2 mitigation (retpoline)
This adds checks for gcc and clang flags for mitigations for Spectre
variant 2, ie "retpoline". It'll automatically enabled if the compiler
supports it as part of toolchain hardening flag. ok djm@
-rw-r--r-- | configure.ac | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 0476398ac..71174571b 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -163,6 +163,10 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then | |||
163 | OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) | 163 | OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) |
164 | OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) | 164 | OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) |
165 | if test "x$use_toolchain_hardening" = "x1"; then | 165 | if test "x$use_toolchain_hardening" = "x1"; then |
166 | OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc | ||
167 | OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc | ||
168 | OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang | ||
169 | OSSH_CHECK_CFLAG_LINK([-z retpolineplt]) | ||
166 | OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) | 170 | OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) |
167 | OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) | 171 | OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) |
168 | OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) | 172 | OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) |