Spectre probe for -mretpoline/-mindirect-branch=thunk-extern

-mretpoline is currently the clang-7.0 name for Spectre mitigation. gcc-7.3/8.1 branches currently use -mindirect-branch=thunk-extern for this. The default GNU linker check does not work though, you need llvm lld-7. so add -Wl,-z,retpolineplt only where the retpoline spectre option was added. Without linker support don't add the cflags neither, but warn. It needs lld-7 via LDFLAGS=-fuse-ld=lld-7 There is also a new -Wl,-z,textonly option. https://sourceware.org/ml/binutils/2017-11/msg00369.html Probe for it also.
rurban · Feb 6, 2018 · c86bd9e · c86bd9e
1 parent 31d910b
commit c86bd9e
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 4 deletions.
diff --git a/.appveyor.yml b/.appveyor.yml
@@ -55,7 +55,7 @@ build_script:
   - if "%CYGWIN%"=="1" set PATH=%CYGR%\bin;c:\Windows\system32;c:\Windows;c:\Windows\system32\Wbem
   - if "%MINGW%"=="1" call build-tools\msys2.bat
   - bash -c "build-tools/autogen.sh"
-  - bash -c "./configure -enable-unsafe --enable-norm-compat --enable-debug"
+  - bash -c "./configure -enable-unsafe --enable-norm-compat --enable-debug --enable-debug-build"
   - bash -c "make"
 
 test_script:

diff --git a/ChangeLog b/ChangeLog
@@ -17,6 +17,8 @@ Changes in v??022018 3.3.0
           sprintf functions. So do we. (GH #45)
         - sprintf_s/vsprintf_s on Windows use now the native vsnprintf_s function
           to reject illegal format specifiers.
+        - More hardening with gcc-7.3/clang-7: Probe for -Wl,-z,textonly and
+          -Wl,-z,retpolineplt, currently only with lld-7
         - Reworked C11 compatibility to closer align with the existing Windows+BSD
           sec_api's, esp. with slen=0 cases of the cpy and move functions, while still
           following the spec. (GH #39)

diff --git a/build-tools/smoke.sh b/build-tools/smoke.sh
@@ -34,6 +34,8 @@ CC="gcc-mp-4.3 -std=iso9899:199409" ./configure && \
     gmake -s -j4 check-log || exit
 CC="gcc-mp-6" ./configure && \
     gmake -s -j4 check-log || exit
+CC="gcc-mp-7" ./configure --enable-unsafe && \
+    gmake -s -j4 check-log || exit
 CC="g++-mp-6 -std=c++11" ./configure --enable-unsafe --enable-norm-compat && \
     $make -s -j4 check-log || exit
 CC=gcc-mp-6 \
@@ -86,6 +88,9 @@ CC="clang-5.0" \
 CC="clang-6.0 -fsanitize=address,undefined -fno-omit-frame-pointer" \
     ./configure --enable-debug --enable-unsafe --enable-norm-compat && \
     make -s -j4 check-log || exit
+# retpoline
+CC="clang-7" LDFLAGS="-fuse-ld=lld-7" ./configure && \
+    make -s -j4 check-log
 make -s clean
 ./configure --disable-wchar && \
     $make -s -j4 -f Makefile.kernel || exit

diff --git a/m4/ax_compiler_flags_cflags.m4 b/m4/ax_compiler_flags_cflags.m4
@@ -26,7 +26,7 @@
 #   and this notice are preserved.  This file is offered as-is, without any
 #   warranty.
 
-#serial 16
+#serial 17
 
 AC_DEFUN([AX_COMPILER_FLAGS_CFLAGS],[
     AC_REQUIRE([AC_PROG_SED])
@@ -65,6 +65,16 @@ AC_DEFUN([AX_COMPILER_FLAGS_CFLAGS],[
         ax_compiler_no_suggest_attribute_flags=""
     ])
 
+    # retpoline: clang-7. Note: requires lld-7 linker support
+    AX_APPEND_COMPILE_FLAGS(["-mretpoline -DRETPOLINE"],
+        [RETPOLINE_CFLAGS],[$ax_compiler_flags_test])
+    # or the equivalent gcc-7.3 variant
+    if test -z "$RETPOLINE_CFLAGS"; then
+        AX_APPEND_COMPILE_FLAGS(
+          ["-mindirect-branch=thunk-extern -mfunction-return=thunk-extern -mindirect-branch-register -DRETPOLINE"],
+          [RETPOLINE_CFLAGS],[$ax_compiler_flags_test])
+    fi
+
     # Base flags
     AX_APPEND_COMPILE_FLAGS([ dnl
         -fno-strict-aliasing dnl

diff --git a/m4/ax_compiler_flags_ldflags.m4 b/m4/ax_compiler_flags_ldflags.m4
@@ -26,7 +26,7 @@
 #   and this notice are preserved.  This file is offered as-is, without any
 #   warranty.
 
-#serial 10
+#serial 11
 
 AC_DEFUN([AX_COMPILER_FLAGS_LDFLAGS],[
     AX_REQUIRE_DEFINED([AX_APPEND_LINK_FLAGS])
@@ -63,7 +63,21 @@ AC_DEFUN([AX_COMPILER_FLAGS_LDFLAGS],[
         [AM_LDFLAGS],[$ax_compiler_flags_test])
     AX_APPEND_LINK_FLAGS([-Wl,-z,noexecstack],
         [AM_LDFLAGS],[$ax_compiler_flags_test])
-    # textonly, retpolineplt not yet
+    dnl /usr/bin/ld: warning: -z retpolineplt ignored.
+    case $RETPOLINE_CFLAGS in
+        *-mretpoline*|*-mindirect-branch=thunk-extern*)
+            AX_APPEND_LINK_FLAGS([-Wl,-z,retpolineplt],
+                [RETPOLINE_LDFLAGS],[$ax_compiler_flags_test])
+            if test -n "$RETPOLINE_LDFLAGS"; then
+                AM_CFLAGS="$AM_CFLAGS $RETPOLINE_CFLAGS"
+                AM_LDFLAGS="$AM_LDFLAGS $RETPOLINE_LDFLAGS"
+                AX_APPEND_LINK_FLAGS([-Wl,-z,textonly],
+                    [AM_LDFLAGS],[$ax_compiler_flags_test])
+            else
+                AC_MSG_WARN([Your LD does not support -z,retpolineplt try -fuse-ld=lld-7])
+            fi
+            ;;
+    esac
 
     # macOS linker speaks with a different accent
     ax_compiler_flags_fatal_warnings_option=""