From 3377df00ea3fece5293db85fe63baef33bf5152e Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Sun, 11 Feb 2018 09:32:37 +1100
Subject: Add checks for Spectre v2 mitigation (retpoline)

This adds checks for gcc and clang flags for mitigations for Spectre
variant 2, ie "retpoline".  It'll automatically enabled if the compiler
supports it as part of toolchain hardening flag.  ok djm@
---
 configure.ac | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index 0476398ac..71174571b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -163,6 +163,10 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
 	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
 	OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
     if test "x$use_toolchain_hardening" = "x1"; then
+	OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc
+	OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc
+	OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
+	OSSH_CHECK_CFLAG_LINK([-z retpolineplt])
 	OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
 	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
 	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
-- 
cgit v1.2.3