From 9a90f5a2a15560c03e09f39d4181d3b14f96ab3d Mon Sep 17 00:00:00 2001 From: codarrenvelvindron Date: Sat, 17 Feb 2018 14:28:48 -0500 Subject: [PATCH] configure: Add spectre variant 2 mitigations --enable-hardening adds -mfunction-return=thunk and -mindirect-branch=thunk compiler options if supported. --- configure.ac | 1 + m4/cc_retpoline.m4 | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 m4/cc_retpoline.m4 diff --git a/configure.ac b/configure.ac index 3c692cd8c0..2920f336db 100644 --- a/configure.ac +++ b/configure.ac @@ -321,6 +321,7 @@ CC_CLANG AC_CC_PIE AC_CC_F_STACK_PROTECTOR AC_CC_D_FORTIFY_SOURCE +AC_CC_RETPOLINE AC_LD_RELRO AC_LD_WHOLE_ARCHIVE diff --git a/m4/cc_retpoline.m4 b/m4/cc_retpoline.m4 new file mode 100644 index 0000000000..26f567c3a1 --- /dev/null +++ b/m4/cc_retpoline.m4 @@ -0,0 +1,18 @@ +dnl +dnl Check for support for Retpoline +dnl + +AC_DEFUN([AC_CC_RETPOLINE],[ + AC_REQUIRE([gl_UNKNOWN_WARNINGS_ARE_ERRORS]) + if test $enable_hardening = yes; then + case "$host" in + *) + gl_COMPILER_OPTION_IF([-mfunction-return=thunk -mindirect-branch=thunk], [ + CFLAGS="$CFLAGS -mfunction-return=thunk -mindirect-branch=thunk" + ], + [], + [AC_LANG_PROGRAM()] + ) + esac + fi +])