On Tue, Oct 30, 2018 at 06:39:24PM +0900, Masahiro Yamada wrote: > Hi, > > > > On Tue, Oct 30, 2018 at 3:57 PM Zhenzhong Duan > <[email protected]> wrote: > > > > Since retpoline capable compilers are widely available, make > > CONFIG_RETPOLINE hard depend on it. > > > > Change KBUILD to use CONFIG_RETPOLINE_SUPPORT to avoid conflict with > > CONFIG_RETPOLINE which is used by kernel. > > > > With all that stuff, the check of RETPOLINE is changed to > > CONFIG_RETPOLINE. > > > > This change is based on suggestion in https://lkml.org/lkml/2018/9/18/1016 > > > > Signed-off-by: Zhenzhong Duan <[email protected]> > > Cc: Thomas Gleixner <[email protected]> > > Cc: Peter Zijlstra <[email protected]> > > Cc: Borislav Petkov <[email protected]> > > Cc: Daniel Borkmann <[email protected]> > > Cc: David Woodhouse <[email protected]> > > Cc: H. Peter Anvin <[email protected]> > > Cc: Ingo Molnar <[email protected]> > > Cc: Konrad Rzeszutek Wilk <[email protected]> > > Cc: Andy Lutomirski <[email protected]> > > Cc: Masahiro Yamada <[email protected]> > > Cc: Michal Marek <[email protected]> > > --- > > > Instead of adding another CONFIG option, > does it make sense to add compiler support checks > to 'depends on' syntax ? > > > config RETPOLINE > bool "Avoid speculative indirect branches in kernel" > depends on $(cc-option,-mindirect-branch=thunk-extern > -mindirect-branch-register) || \ > $(cc-option,-mretpoline-external-thunk) > default y > select STACK_VALIDATION if HAVE_STACK_VALIDATION
That seems to be what we did for stackprotector, which is similar in that it used to fail the build. So yes, this seems sane.
