Date: Tue, 20 Nov 2018 20:16:03 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r340697 - in stable/12: . rescue/rescue share/mk tools/build/options Message-ID: <201811202016.wAKKG30c003916@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Tue Nov 20 20:16:03 2018 New Revision: 340697 URL: https://svnweb.freebsd.org/changeset/base/340697 Log: Introduce src.conf knob to build userland with retpoline MFC r339511: Introduce src.conf knob to build userland with retpoline WITH_RETPOLINE enables -mretpoline vulnerability mitigation in userland for CVE-2017-5715. MFC r340099: libcompat: disable retpoline when building build tools These are built with the host toolchain which may not support retpoline. While here, move the MK_ overrides to a separate line and sort them alphabetically to support future changes. MFC r340650: Avoid retpolineplt with static linking Statically linked binaries linked with -zretpolineplt crash at startup as lld produces a broken PLT. MFC r340652: rescue: set NO_SHARED in Makefile The rescue binary is built statically via the Makefile generated by crunchgen, but that does not trigger other shared/static logic in bsd.prog.mk - in particular PR: 233336 Reported by: Peter Malcom (r339511), Charlie Li (r340652) Approved by: re (gjb, early MFC) Sponsored by: The FreeBSD Foundation Added: stable/12/tools/build/options/WITH_RETPOLINE - copied unchanged from r339511, head/tools/build/options/WITH_RETPOLINE Modified: stable/12/Makefile.inc1 stable/12/Makefile.libcompat stable/12/rescue/rescue/Makefile stable/12/share/mk/bsd.lib.mk stable/12/share/mk/bsd.opts.mk stable/12/share/mk/bsd.prog.mk Directory Properties: stable/12/ (props changed) Modified: stable/12/Makefile.inc1 ============================================================================== --- stable/12/Makefile.inc1 Tue Nov 20 20:08:51 2018 (r340696) +++ stable/12/Makefile.inc1 Tue Nov 20 20:16:03 2018 (r340697) @@ -659,7 +659,7 @@ BSARGS= DESTDIR= \ -DNO_PIC MK_PROFILE=no -DNO_SHARED \ -DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no \ MK_CLANG_EXTRAS=no MK_CLANG_FULL=no \ - MK_LLDB=no MK_TESTS=no \ + MK_LLDB=no MK_RETPOLINE=no MK_TESTS=no \ MK_INCLUDES=yes BMAKE= \ @@ -680,7 +680,7 @@ TMAKE= \ -DNO_LINT \ -DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no \ MK_CLANG_EXTRAS=no MK_CLANG_FULL=no \ - MK_LLDB=no MK_TESTS=no + MK_LLDB=no MK_RETPOLINE=no MK_TESTS=no # cross-tools stage # TOOLS_PREFIX set in BMAKE @@ -703,7 +703,7 @@ KTMAKE= \ SSP_CFLAGS= \ MK_HTML=no -DNO_LINT MK_MAN=no \ -DNO_PIC MK_PROFILE=no -DNO_SHARED \ - -DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no + -DNO_CPU_CFLAGS MK_RETPOLINE=no MK_WARNS=no MK_CTF=no # world stage WMAKEENV= ${CROSSENV} \ @@ -2390,6 +2390,7 @@ NXBMAKEARGS+= \ MK_OFED=no \ MK_OPENSSH=no \ MK_PROFILE=no \ + MK_RETPOLINE=no \ MK_SENDMAIL=no \ MK_SVNLITE=no \ MK_TESTS=no \ Modified: stable/12/Makefile.libcompat ============================================================================== --- stable/12/Makefile.libcompat Tue Nov 20 20:08:51 2018 (r340696) +++ stable/12/Makefile.libcompat Tue Nov 20 20:16:03 2018 (r340697) @@ -200,7 +200,8 @@ build${libcompat}: .PHONY OBJTOP=${LIBCOMPAT_OBJTOP} \ OBJROOT='$${OBJTOP}/' \ MAKEOBJDIRPREFIX= \ - DIRPRFX=${_dir}/ -DNO_LINT -DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no \ + DIRPRFX=${_dir}/ -DNO_LINT -DNO_CPU_CFLAGS \ + MK_CTF=no MK_RETPOLINE=no MK_WARNS=no \ ${_t} .endfor .endfor Modified: stable/12/rescue/rescue/Makefile ============================================================================== --- stable/12/rescue/rescue/Makefile Tue Nov 20 20:08:51 2018 (r340696) +++ stable/12/rescue/rescue/Makefile Tue Nov 20 20:16:03 2018 (r340697) @@ -6,6 +6,7 @@ PACKAGE=rescue MAN= MK_SSP= no +NO_SHARED= yes PROG= rescue BINDIR?=/rescue Modified: stable/12/share/mk/bsd.lib.mk ============================================================================== --- stable/12/share/mk/bsd.lib.mk Tue Nov 20 20:08:51 2018 (r340696) +++ stable/12/share/mk/bsd.lib.mk Tue Nov 20 20:16:03 2018 (r340697) @@ -69,6 +69,12 @@ TAGS+= package=${PACKAGE:Uruntime} TAG_ARGS= -T ${TAGS:[*]:S/ /,/g} .endif +.if ${MK_RETPOLINE} != "no" +CFLAGS+= -mretpoline +CXXFLAGS+= -mretpoline +LDFLAGS+= -Wl,-zretpolineplt +.endif + .if ${MK_DEBUG_FILES} != "no" && empty(DEBUG_FLAGS:M-g) && \ empty(DEBUG_FLAGS:M-gdwarf*) CFLAGS+= ${DEBUG_FILES_CFLAGS} Modified: stable/12/share/mk/bsd.opts.mk ============================================================================== --- stable/12/share/mk/bsd.opts.mk Tue Nov 20 20:08:51 2018 (r340696) +++ stable/12/share/mk/bsd.opts.mk Tue Nov 20 20:16:03 2018 (r340697) @@ -72,6 +72,7 @@ __DEFAULT_NO_OPTIONS = \ CCACHE_BUILD \ CTF \ INSTALL_AS_USER \ + RETPOLINE \ STALE_STAGED __DEFAULT_DEPENDENT_OPTIONS = \ Modified: stable/12/share/mk/bsd.prog.mk ============================================================================== --- stable/12/share/mk/bsd.prog.mk Tue Nov 20 20:08:51 2018 (r340696) +++ stable/12/share/mk/bsd.prog.mk Tue Nov 20 20:16:03 2018 (r340697) @@ -34,6 +34,15 @@ PROG= ${PROG_CXX} MK_DEBUG_FILES= no .endif +.if ${MK_RETPOLINE} != "no" +CFLAGS+= -mretpoline +CXXFLAGS+= -mretpoline +# retpolineplt is broken with static linking (PR 233336) +.if !defined(NO_SHARED) || ${NO_SHARED} == "no" || ${NO_SHARED} == "NO" +LDFLAGS+= -Wl,-zretpolineplt +.endif +.endif + .if defined(CRUNCH_CFLAGS) CFLAGS+=${CRUNCH_CFLAGS} .else Copied: stable/12/tools/build/options/WITH_RETPOLINE (from r339511, head/tools/build/options/WITH_RETPOLINE) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/12/tools/build/options/WITH_RETPOLINE Tue Nov 20 20:16:03 2018 (r340697, copy of r339511, head/tools/build/options/WITH_RETPOLINE) @@ -0,0 +1,3 @@ +.\" $FreeBSD$ +Set to build the base system with the retpoline speculative execution +vulnerability mitigation for CVE-2017-5715.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811202016.wAKKG30c003916>