Module Name:    src
Committed By:   mrg
Date:           Sat Apr  7 19:38:06 UTC 2018

Modified Files:
        src/share/man/man4: options.4
        src/sys/arch/amd64/conf: GENERIC Makefile.amd64 files.amd64
        src/sys/arch/i386/conf: GENERIC Makefile.i386 files.i386

Log Message:
add an SPECTRE_V2_GCC_MITIGATION option to x86 kernels, that turns
on the GCC spectre v2 mitigation options.

XXX: pullup-8.
XXX: turn on in all kernels.


To generate a diff of this commit:
cvs rdiff -u -r1.484 -r1.485 src/share/man/man4/options.4
cvs rdiff -u -r1.486 -r1.487 src/sys/arch/amd64/conf/GENERIC
cvs rdiff -u -r1.66 -r1.67 src/sys/arch/amd64/conf/Makefile.amd64
cvs rdiff -u -r1.101 -r1.102 src/sys/arch/amd64/conf/files.amd64
cvs rdiff -u -r1.1174 -r1.1175 src/sys/arch/i386/conf/GENERIC
cvs rdiff -u -r1.189 -r1.190 src/sys/arch/i386/conf/Makefile.i386
cvs rdiff -u -r1.391 -r1.392 src/sys/arch/i386/conf/files.i386

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/share/man/man4/options.4
diff -u src/share/man/man4/options.4:1.484 src/share/man/man4/options.4:1.485
--- src/share/man/man4/options.4:1.484	Sun Apr  1 04:35:02 2018
+++ src/share/man/man4/options.4	Sat Apr  7 19:38:05 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: options.4,v 1.484 2018/04/01 04:35:02 ryo Exp $
+.\"	$NetBSD: options.4,v 1.485 2018/04/07 19:38:05 mrg Exp $
 .\"
 .\" Copyright (c) 1996
 .\" 	Perry E. Metzger.  All rights reserved.
@@ -30,7 +30,7 @@
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .\"
-.Dd February 17, 2018
+.Dd April 5, 2018
 .Dt OPTIONS 4
 .Os
 .Sh NAME
@@ -2469,6 +2469,17 @@ base memory size to prevent programs ove
 This is correct behavior, and you should not use the
 .Em REALBASEMEM
 option to access this memory).
+.It Cd options SPECTRE_V2_GCC_MITIGATION=1
+Enable GCC-specific Spectre variant 2 mitigations.
+For 32-bit kernels this means these options:
+.Bd -literal -offset indent
+-mindirect-branch=thunk -mindirect-branch-register
+.Ed
+.Pp
+For 64-bit kernels this means these options:
+.Bd -literal -offset indent
+-mindirect-branch=thunk-inline -mindirect-branch-register
+.Ed
 .It Cd options REALEXTMEM=integer
 Overrides the extended memory size passed in from the boot block.
 (Value given in kilobytes.
@@ -2702,6 +2713,7 @@ bolded
 .\" .Sh EXAMPLES
 .Sh SEE ALSO
 .Xr config 1 ,
+.Xr gcc 1 ,
 .Xr gdb 1 ,
 .Xr ktrace 1 ,
 .Xr pmc 1 ,

Index: src/sys/arch/amd64/conf/GENERIC
diff -u src/sys/arch/amd64/conf/GENERIC:1.486 src/sys/arch/amd64/conf/GENERIC:1.487
--- src/sys/arch/amd64/conf/GENERIC:1.486	Thu Mar 22 12:26:29 2018
+++ src/sys/arch/amd64/conf/GENERIC	Sat Apr  7 19:38:06 2018
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.486 2018/03/22 12:26:29 rin Exp $
+# $NetBSD: GENERIC,v 1.487 2018/04/07 19:38:06 mrg Exp $
 #
 # GENERIC machine description file
 #
@@ -22,7 +22,7 @@ include 	"arch/amd64/conf/std.amd64"
 
 options 	INCLUDE_CONFIG_FILE	# embed config file in kernel binary
 
-#ident		"GENERIC-$Revision: 1.486 $"
+#ident		"GENERIC-$Revision: 1.487 $"
 
 maxusers	64		# estimated number of users
 
@@ -76,6 +76,8 @@ options 	SYSCTL_INCLUDE_DESCR	# Include 
 # CPU-related options
 #options 	USER_LDT	# user-settable LDT; used by WINE
 options 	SVS		# Separate Virtual Space
+makeoptions	SPECTRE_V2_GCC_MITIGATION=1	# GCC Spectre variant 2
+						# migitation
 
 # CPU features
 acpicpu*	at cpu?		# ACPI CPU (including frequency scaling)

Index: src/sys/arch/amd64/conf/Makefile.amd64
diff -u src/sys/arch/amd64/conf/Makefile.amd64:1.66 src/sys/arch/amd64/conf/Makefile.amd64:1.67
--- src/sys/arch/amd64/conf/Makefile.amd64:1.66	Fri Feb 23 14:16:52 2018
+++ src/sys/arch/amd64/conf/Makefile.amd64	Sat Apr  7 19:38:06 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.amd64,v 1.66 2018/02/23 14:16:52 maxv Exp $
+#	$NetBSD: Makefile.amd64,v 1.67 2018/04/07 19:38:06 mrg Exp $
 
 # Makefile for NetBSD
 #
@@ -43,6 +43,11 @@ CFLAGS+=	-msoft-float
 # For gcc we might need this, but other compilers barf
 # CFLAGS+=	-mno-fp-ret-in-387
 
+.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${HAVE_GCC:U0} > 0
+CFLAGS+=      -mindirect-branch=thunk-inline
+CFLAGS+=      -mindirect-branch-register
+.endif
+
 ##
 ## (3) libkern and compat
 ##

Index: src/sys/arch/amd64/conf/files.amd64
diff -u src/sys/arch/amd64/conf/files.amd64:1.101 src/sys/arch/amd64/conf/files.amd64:1.102
--- src/sys/arch/amd64/conf/files.amd64:1.101	Sat Jan 20 14:27:14 2018
+++ src/sys/arch/amd64/conf/files.amd64	Sat Apr  7 19:38:06 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: files.amd64,v 1.101 2018/01/20 14:27:14 maxv Exp $
+#	$NetBSD: files.amd64,v 1.102 2018/04/07 19:38:06 mrg Exp $
 #
 # new style config file for amd64 architecture
 #
@@ -19,6 +19,9 @@ defparam opt_realmem.h	REALBASEMEM REALE
 # The PHYSMEM_MAX_{SIZE,ADDR} optionms
 defparam opt_physmem.h	PHYSMEM_MAX_ADDR PHYSMEM_MAX_SIZE
 
+# Enable GCC spectre V2 mitigation options
+defflag opt_spectre.h	SPECTRE_V2_GCC_MITIGATION
+
 #
 # XXX these are just here at the moment so that we can share files
 # with the i386 (they include the opt_*.h for these)

Index: src/sys/arch/i386/conf/GENERIC
diff -u src/sys/arch/i386/conf/GENERIC:1.1174 src/sys/arch/i386/conf/GENERIC:1.1175
--- src/sys/arch/i386/conf/GENERIC:1.1174	Sun Dec 10 17:19:48 2017
+++ src/sys/arch/i386/conf/GENERIC	Sat Apr  7 19:38:06 2018
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.1174 2017/12/10 17:19:48 bouyer Exp $
+# $NetBSD: GENERIC,v 1.1175 2018/04/07 19:38:06 mrg Exp $
 #
 # GENERIC machine description file
 #
@@ -22,13 +22,15 @@ include 	"arch/i386/conf/std.i386"
 
 options 	INCLUDE_CONFIG_FILE	# embed config file in kernel binary
 
-#ident		"GENERIC-$Revision: 1.1174 $"
+#ident		"GENERIC-$Revision: 1.1175 $"
 
 maxusers	64		# estimated number of users
 
 # CPU-related options.
 options 	USER_LDT	# user-settable LDT; used by WINE
 #options 	PAE		# PAE mode (36 bits physical addressing)
+makeoptions	SPECTRE_V2_GCC_MITIGATION=1	# GCC Spectre variant 2
+						# migitation
 
 # CPU features
 acpicpu*	at cpu?		# ACPI CPU (including frequency scaling)

Index: src/sys/arch/i386/conf/Makefile.i386
diff -u src/sys/arch/i386/conf/Makefile.i386:1.189 src/sys/arch/i386/conf/Makefile.i386:1.190
--- src/sys/arch/i386/conf/Makefile.i386:1.189	Fri Feb 23 14:16:52 2018
+++ src/sys/arch/i386/conf/Makefile.i386	Sat Apr  7 19:38:06 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.i386,v 1.189 2018/02/23 14:16:52 maxv Exp $
+#	$NetBSD: Makefile.i386,v 1.190 2018/04/07 19:38:06 mrg Exp $
 
 # Makefile for NetBSD
 #
@@ -39,6 +39,11 @@ CFLAGS+=	-msoft-float
 ## no-sse implies no-sse2 but not no-avx
 CFLAGS+=	-mno-mmx -mno-sse -mno-avx
 
+.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${HAVE_GCC:U0} > 0
+CFLAGS+=	-mindirect-branch=thunk
+CFLAGS+=	-mindirect-branch-register
+.endif
+
 ##
 ## (3) libkern and compat
 ##

Index: src/sys/arch/i386/conf/files.i386
diff -u src/sys/arch/i386/conf/files.i386:1.391 src/sys/arch/i386/conf/files.i386:1.392
--- src/sys/arch/i386/conf/files.i386:1.391	Fri Mar 16 12:48:54 2018
+++ src/sys/arch/i386/conf/files.i386	Sat Apr  7 19:38:06 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: files.i386,v 1.391 2018/03/16 12:48:54 maxv Exp $
+#	$NetBSD: files.i386,v 1.392 2018/04/07 19:38:06 mrg Exp $
 #
 # new style config file for i386 architecture
 #
@@ -41,6 +41,9 @@ defparam opt_pcibios.h	PCIBIOS_IRQS_HINT
 # splraise()/spllower() debug
 defflag	opt_spldebug.h			SPLDEBUG
 
+# Enable GCC spectre V2 mitigation options
+defflag opt_spectre.h	SPECTRE_V2_GCC_MITIGATION
+
 # Beep on halt
 defflag 	opt_beep.h		BEEP_ONHALT
 defparam 	opt_beep.h		BEEP_ONHALT_COUNT=3

Reply via email to