From: Dave Hansen <dave.han...@linux.intel.com>
From: David Woodhouse <d...@amazon.co.uk>
Add retpoline compile option in Makefile
Update Makefile with retpoline compile options. This requires a gcc with the
retpoline compiler patches enabled.
Print a warning when the compiler doesn't support retpoline
[Originally from David and Tim, but hacked by AK]
v2: Use CONFIG option to enable
Signed-off-by: David Woodhouse <d...@amazon.co.uk>
Signed-off-by: Tim Chen <tim.c.c...@linux.intel.com>
---
arch/x86/Makefile | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 3e73bc255e4e..b02e35350244 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -230,6 +230,17 @@ KBUILD_CFLAGS += -Wno-sign-compare
#
KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
+#
+ifdef CONFIG_RETPOLINE
+ RETPOLINE_CFLAGS += $(call cc-option,-mindirect-branch=thunk-extern)
+ ifneq ($(RETPOLINE_CFLAGS),)
+ KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE
+ KBUILD_AFLAGS += -DRETPOLINE
+ else
+ $(warning Retpoline not supported in compiler. System may be
insecure.)
+ endif
+endif
+
archscripts: scripts_basic
$(Q)$(MAKE) $(build)=arch/x86/tools relocs
--
2.14.3
