[src/trunk]: src add an SPECTRE_V2_GCC_MITIGATION option to x86 kernels, that...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src add an SPECTRE_V2_GCC_MITIGATION option to x86 kernels, that...
From: mrg <mrg%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 09:54:35 +0000

details:   https://anonhg.NetBSD.org/src/rev/14c11ad16635
branches:  trunk
changeset: 831608:14c11ad16635
user:      mrg <mrg%NetBSD.org@localhost>
date:      Sat Apr 07 19:38:05 2018 +0000

description:
add an SPECTRE_V2_GCC_MITIGATION option to x86 kernels, that turns
on the GCC spectre v2 mitigation options.

XXX: pullup-8.
XXX: turn on in all kernels.

diffstat:

 share/man/man4/options.4           |  16 ++++++++++++++--
 sys/arch/amd64/conf/GENERIC        |   6 ++++--
 sys/arch/amd64/conf/Makefile.amd64 |   7 ++++++-
 sys/arch/amd64/conf/files.amd64    |   5 ++++-
 sys/arch/i386/conf/GENERIC         |   6 ++++--
 sys/arch/i386/conf/Makefile.i386   |   7 ++++++-
 sys/arch/i386/conf/files.i386      |   5 ++++-
 7 files changed, 42 insertions(+), 10 deletions(-)

diffs (177 lines):

diff -r 0f115ce1cccc -r 14c11ad16635 share/man/man4/options.4
--- a/share/man/man4/options.4  Sat Apr 07 19:28:32 2018 +0000
+++ b/share/man/man4/options.4  Sat Apr 07 19:38:05 2018 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: options.4,v 1.484 2018/04/01 04:35:02 ryo Exp $
+.\"    $NetBSD: options.4,v 1.485 2018/04/07 19:38:05 mrg Exp $
 .\"
 .\" Copyright (c) 1996
 .\"    Perry E. Metzger.  All rights reserved.
@@ -30,7 +30,7 @@
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .\"
-.Dd February 17, 2018
+.Dd April 5, 2018
 .Dt OPTIONS 4
 .Os
 .Sh NAME
@@ -2469,6 +2469,17 @@
 This is correct behavior, and you should not use the
 .Em REALBASEMEM
 option to access this memory).
+.It Cd options SPECTRE_V2_GCC_MITIGATION=1
+Enable GCC-specific Spectre variant 2 mitigations.
+For 32-bit kernels this means these options:
+.Bd -literal -offset indent
+-mindirect-branch=thunk -mindirect-branch-register
+.Ed
+.Pp
+For 64-bit kernels this means these options:
+.Bd -literal -offset indent
+-mindirect-branch=thunk-inline -mindirect-branch-register
+.Ed
 .It Cd options REALEXTMEM=integer
 Overrides the extended memory size passed in from the boot block.
 (Value given in kilobytes.
@@ -2702,6 +2713,7 @@
 .\" .Sh EXAMPLES
 .Sh SEE ALSO
 .Xr config 1 ,
+.Xr gcc 1 ,
 .Xr gdb 1 ,
 .Xr ktrace 1 ,
 .Xr pmc 1 ,
diff -r 0f115ce1cccc -r 14c11ad16635 sys/arch/amd64/conf/GENERIC
--- a/sys/arch/amd64/conf/GENERIC       Sat Apr 07 19:28:32 2018 +0000
+++ b/sys/arch/amd64/conf/GENERIC       Sat Apr 07 19:38:05 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.486 2018/03/22 12:26:29 rin Exp $
+# $NetBSD: GENERIC,v 1.487 2018/04/07 19:38:06 mrg Exp $
 #
 # GENERIC machine description file
 #
@@ -22,7 +22,7 @@
 
 options        INCLUDE_CONFIG_FILE     # embed config file in kernel binary
 
-#ident         "GENERIC-$Revision: 1.486 $"
+#ident         "GENERIC-$Revision: 1.487 $"
 
 maxusers       64              # estimated number of users
 
@@ -76,6 +76,8 @@
 # CPU-related options
 #options       USER_LDT        # user-settable LDT; used by WINE
 options        SVS             # Separate Virtual Space
+makeoptions    SPECTRE_V2_GCC_MITIGATION=1     # GCC Spectre variant 2
+                                               # migitation
 
 # CPU features
 acpicpu*       at cpu?         # ACPI CPU (including frequency scaling)
diff -r 0f115ce1cccc -r 14c11ad16635 sys/arch/amd64/conf/Makefile.amd64
--- a/sys/arch/amd64/conf/Makefile.amd64        Sat Apr 07 19:28:32 2018 +0000
+++ b/sys/arch/amd64/conf/Makefile.amd64        Sat Apr 07 19:38:05 2018 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile.amd64,v 1.66 2018/02/23 14:16:52 maxv Exp $
+#      $NetBSD: Makefile.amd64,v 1.67 2018/04/07 19:38:06 mrg Exp $
 
 # Makefile for NetBSD
 #
@@ -43,6 +43,11 @@
 # For gcc we might need this, but other compilers barf
 # CFLAGS+=     -mno-fp-ret-in-387
 
+.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${HAVE_GCC:U0} > 0
+CFLAGS+=      -mindirect-branch=thunk-inline
+CFLAGS+=      -mindirect-branch-register
+.endif
+
 ##
 ## (3) libkern and compat
 ##
diff -r 0f115ce1cccc -r 14c11ad16635 sys/arch/amd64/conf/files.amd64
--- a/sys/arch/amd64/conf/files.amd64   Sat Apr 07 19:28:32 2018 +0000
+++ b/sys/arch/amd64/conf/files.amd64   Sat Apr 07 19:38:05 2018 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: files.amd64,v 1.101 2018/01/20 14:27:14 maxv Exp $
+#      $NetBSD: files.amd64,v 1.102 2018/04/07 19:38:06 mrg Exp $
 #
 # new style config file for amd64 architecture
 #
@@ -19,6 +19,9 @@
 # The PHYSMEM_MAX_{SIZE,ADDR} optionms
 defparam opt_physmem.h PHYSMEM_MAX_ADDR PHYSMEM_MAX_SIZE
 
+# Enable GCC spectre V2 mitigation options
+defflag opt_spectre.h  SPECTRE_V2_GCC_MITIGATION
+
 #
 # XXX these are just here at the moment so that we can share files
 # with the i386 (they include the opt_*.h for these)
diff -r 0f115ce1cccc -r 14c11ad16635 sys/arch/i386/conf/GENERIC
--- a/sys/arch/i386/conf/GENERIC        Sat Apr 07 19:28:32 2018 +0000
+++ b/sys/arch/i386/conf/GENERIC        Sat Apr 07 19:38:05 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.1174 2017/12/10 17:19:48 bouyer Exp $
+# $NetBSD: GENERIC,v 1.1175 2018/04/07 19:38:06 mrg Exp $
 #
 # GENERIC machine description file
 #
@@ -22,13 +22,15 @@
 
 options        INCLUDE_CONFIG_FILE     # embed config file in kernel binary
 
-#ident         "GENERIC-$Revision: 1.1174 $"
+#ident         "GENERIC-$Revision: 1.1175 $"
 
 maxusers       64              # estimated number of users
 
 # CPU-related options.
 options        USER_LDT        # user-settable LDT; used by WINE
 #options       PAE             # PAE mode (36 bits physical addressing)
+makeoptions    SPECTRE_V2_GCC_MITIGATION=1     # GCC Spectre variant 2
+                                               # migitation
 
 # CPU features
 acpicpu*       at cpu?         # ACPI CPU (including frequency scaling)
diff -r 0f115ce1cccc -r 14c11ad16635 sys/arch/i386/conf/Makefile.i386
--- a/sys/arch/i386/conf/Makefile.i386  Sat Apr 07 19:28:32 2018 +0000
+++ b/sys/arch/i386/conf/Makefile.i386  Sat Apr 07 19:38:05 2018 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile.i386,v 1.189 2018/02/23 14:16:52 maxv Exp $
+#      $NetBSD: Makefile.i386,v 1.190 2018/04/07 19:38:06 mrg Exp $
 
 # Makefile for NetBSD
 #
@@ -39,6 +39,11 @@
 ## no-sse implies no-sse2 but not no-avx
 CFLAGS+=       -mno-mmx -mno-sse -mno-avx
 
+.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${HAVE_GCC:U0} > 0
+CFLAGS+=       -mindirect-branch=thunk
+CFLAGS+=       -mindirect-branch-register
+.endif
+
 ##
 ## (3) libkern and compat
 ##
diff -r 0f115ce1cccc -r 14c11ad16635 sys/arch/i386/conf/files.i386
--- a/sys/arch/i386/conf/files.i386     Sat Apr 07 19:28:32 2018 +0000
+++ b/sys/arch/i386/conf/files.i386     Sat Apr 07 19:38:05 2018 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: files.i386,v 1.391 2018/03/16 12:48:54 maxv Exp $
+#      $NetBSD: files.i386,v 1.392 2018/04/07 19:38:06 mrg Exp $
 #
 # new style config file for i386 architecture
 #
@@ -41,6 +41,9 @@
 # splraise()/spllower() debug
 defflag        opt_spldebug.h                  SPLDEBUG
 
+# Enable GCC spectre V2 mitigation options
+defflag opt_spectre.h  SPECTRE_V2_GCC_MITIGATION
+
 # Beep on halt
 defflag        opt_beep.h              BEEP_ONHALT
 defparam       opt_beep.h              BEEP_ONHALT_COUNT=3

Prev by Date: [src/trunk]: src/external/apache2/mDNSResponder/usr.sbin/mdnsd show how to tu...
Next by Date: [src/trunk]: src/sys/arch actually do what the previous change said:
Previous by Thread: [src/trunk]: src/external/apache2/mDNSResponder/usr.sbin/mdnsd show how to tu...
Next by Thread: [src/trunk]: src/sys/arch actually do what the previous change said:
Indexes:

Home | Main Index | Thread Index | Old Index