Module Name: src
Committed By: mrg
Date: Sat Apr 7 19:38:06 UTC 2018
Modified Files:
src/share/man/man4: options.4
src/sys/arch/amd64/conf: GENERIC Makefile.amd64 files.amd64
src/sys/arch/i386/conf: GENERIC Makefile.i386 files.i386
Log Message:
add an SPECTRE_V2_GCC_MITIGATION option to x86 kernels, that turns
on the GCC spectre v2 mitigation options.
XXX: pullup-8.
XXX: turn on in all kernels.
To generate a diff of this commit:
cvs rdiff -u -r1.484 -r1.485 src/share/man/man4/options.4
cvs rdiff -u -r1.486 -r1.487 src/sys/arch/amd64/conf/GENERIC
cvs rdiff -u -r1.66 -r1.67 src/sys/arch/amd64/conf/Makefile.amd64
cvs rdiff -u -r1.101 -r1.102 src/sys/arch/amd64/conf/files.amd64
cvs rdiff -u -r1.1174 -r1.1175 src/sys/arch/i386/conf/GENERIC
cvs rdiff -u -r1.189 -r1.190 src/sys/arch/i386/conf/Makefile.i386
cvs rdiff -u -r1.391 -r1.392 src/sys/arch/i386/conf/files.i386
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man4/options.4
diff -u src/share/man/man4/options.4:1.484 src/share/man/man4/options.4:1.485
--- src/share/man/man4/options.4:1.484 Sun Apr 1 04:35:02 2018
+++ src/share/man/man4/options.4 Sat Apr 7 19:38:05 2018
@@ -1,4 +1,4 @@
-.\" $NetBSD: options.4,v 1.484 2018/04/01 04:35:02 ryo Exp $
+.\" $NetBSD: options.4,v 1.485 2018/04/07 19:38:05 mrg Exp $
.\"
.\" Copyright (c) 1996
.\" Perry E. Metzger. All rights reserved.
@@ -30,7 +30,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\"
-.Dd February 17, 2018
+.Dd April 5, 2018
.Dt OPTIONS 4
.Os
.Sh NAME
@@ -2469,6 +2469,17 @@ base memory size to prevent programs ove
This is correct behavior, and you should not use the
.Em REALBASEMEM
option to access this memory).
+.It Cd options SPECTRE_V2_GCC_MITIGATION=1
+Enable GCC-specific Spectre variant 2 mitigations.
+For 32-bit kernels this means these options:
+.Bd -literal -offset indent
+-mindirect-branch=thunk -mindirect-branch-register
+.Ed
+.Pp
+For 64-bit kernels this means these options:
+.Bd -literal -offset indent
+-mindirect-branch=thunk-inline -mindirect-branch-register
+.Ed
.It Cd options REALEXTMEM=integer
Overrides the extended memory size passed in from the boot block.
(Value given in kilobytes.
@@ -2702,6 +2713,7 @@ bolded
.\" .Sh EXAMPLES
.Sh SEE ALSO
.Xr config 1 ,
+.Xr gcc 1 ,
.Xr gdb 1 ,
.Xr ktrace 1 ,
.Xr pmc 1 ,
Index: src/sys/arch/amd64/conf/GENERIC
diff -u src/sys/arch/amd64/conf/GENERIC:1.486 src/sys/arch/amd64/conf/GENERIC:1.487
--- src/sys/arch/amd64/conf/GENERIC:1.486 Thu Mar 22 12:26:29 2018
+++ src/sys/arch/amd64/conf/GENERIC Sat Apr 7 19:38:06 2018
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.486 2018/03/22 12:26:29 rin Exp $
+# $NetBSD: GENERIC,v 1.487 2018/04/07 19:38:06 mrg Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/amd64/conf/std.amd64"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.486 $"
+#ident "GENERIC-$Revision: 1.487 $"
maxusers 64 # estimated number of users
@@ -76,6 +76,8 @@ options SYSCTL_INCLUDE_DESCR # Include
# CPU-related options
#options USER_LDT # user-settable LDT; used by WINE
options SVS # Separate Virtual Space
+makeoptions SPECTRE_V2_GCC_MITIGATION=1 # GCC Spectre variant 2
+ # migitation
# CPU features
acpicpu* at cpu? # ACPI CPU (including frequency scaling)
Index: src/sys/arch/amd64/conf/Makefile.amd64
diff -u src/sys/arch/amd64/conf/Makefile.amd64:1.66 src/sys/arch/amd64/conf/Makefile.amd64:1.67
--- src/sys/arch/amd64/conf/Makefile.amd64:1.66 Fri Feb 23 14:16:52 2018
+++ src/sys/arch/amd64/conf/Makefile.amd64 Sat Apr 7 19:38:06 2018
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.amd64,v 1.66 2018/02/23 14:16:52 maxv Exp $
+# $NetBSD: Makefile.amd64,v 1.67 2018/04/07 19:38:06 mrg Exp $
# Makefile for NetBSD
#
@@ -43,6 +43,11 @@ CFLAGS+= -msoft-float
# For gcc we might need this, but other compilers barf
# CFLAGS+= -mno-fp-ret-in-387
+.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${HAVE_GCC:U0} > 0
+CFLAGS+= -mindirect-branch=thunk-inline
+CFLAGS+= -mindirect-branch-register
+.endif
+
##
## (3) libkern and compat
##
Index: src/sys/arch/amd64/conf/files.amd64
diff -u src/sys/arch/amd64/conf/files.amd64:1.101 src/sys/arch/amd64/conf/files.amd64:1.102
--- src/sys/arch/amd64/conf/files.amd64:1.101 Sat Jan 20 14:27:14 2018
+++ src/sys/arch/amd64/conf/files.amd64 Sat Apr 7 19:38:06 2018
@@ -1,4 +1,4 @@
-# $NetBSD: files.amd64,v 1.101 2018/01/20 14:27:14 maxv Exp $
+# $NetBSD: files.amd64,v 1.102 2018/04/07 19:38:06 mrg Exp $
#
# new style config file for amd64 architecture
#
@@ -19,6 +19,9 @@ defparam opt_realmem.h REALBASEMEM REALE
# The PHYSMEM_MAX_{SIZE,ADDR} optionms
defparam opt_physmem.h PHYSMEM_MAX_ADDR PHYSMEM_MAX_SIZE
+# Enable GCC spectre V2 mitigation options
+defflag opt_spectre.h SPECTRE_V2_GCC_MITIGATION
+
#
# XXX these are just here at the moment so that we can share files
# with the i386 (they include the opt_*.h for these)
Index: src/sys/arch/i386/conf/GENERIC
diff -u src/sys/arch/i386/conf/GENERIC:1.1174 src/sys/arch/i386/conf/GENERIC:1.1175
--- src/sys/arch/i386/conf/GENERIC:1.1174 Sun Dec 10 17:19:48 2017
+++ src/sys/arch/i386/conf/GENERIC Sat Apr 7 19:38:06 2018
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.1174 2017/12/10 17:19:48 bouyer Exp $
+# $NetBSD: GENERIC,v 1.1175 2018/04/07 19:38:06 mrg Exp $
#
# GENERIC machine description file
#
@@ -22,13 +22,15 @@ include "arch/i386/conf/std.i386"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.1174 $"
+#ident "GENERIC-$Revision: 1.1175 $"
maxusers 64 # estimated number of users
# CPU-related options.
options USER_LDT # user-settable LDT; used by WINE
#options PAE # PAE mode (36 bits physical addressing)
+makeoptions SPECTRE_V2_GCC_MITIGATION=1 # GCC Spectre variant 2
+ # migitation
# CPU features
acpicpu* at cpu? # ACPI CPU (including frequency scaling)
Index: src/sys/arch/i386/conf/Makefile.i386
diff -u src/sys/arch/i386/conf/Makefile.i386:1.189 src/sys/arch/i386/conf/Makefile.i386:1.190
--- src/sys/arch/i386/conf/Makefile.i386:1.189 Fri Feb 23 14:16:52 2018
+++ src/sys/arch/i386/conf/Makefile.i386 Sat Apr 7 19:38:06 2018
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.i386,v 1.189 2018/02/23 14:16:52 maxv Exp $
+# $NetBSD: Makefile.i386,v 1.190 2018/04/07 19:38:06 mrg Exp $
# Makefile for NetBSD
#
@@ -39,6 +39,11 @@ CFLAGS+= -msoft-float
## no-sse implies no-sse2 but not no-avx
CFLAGS+= -mno-mmx -mno-sse -mno-avx
+.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${HAVE_GCC:U0} > 0
+CFLAGS+= -mindirect-branch=thunk
+CFLAGS+= -mindirect-branch-register
+.endif
+
##
## (3) libkern and compat
##
Index: src/sys/arch/i386/conf/files.i386
diff -u src/sys/arch/i386/conf/files.i386:1.391 src/sys/arch/i386/conf/files.i386:1.392
--- src/sys/arch/i386/conf/files.i386:1.391 Fri Mar 16 12:48:54 2018
+++ src/sys/arch/i386/conf/files.i386 Sat Apr 7 19:38:06 2018
@@ -1,4 +1,4 @@
-# $NetBSD: files.i386,v 1.391 2018/03/16 12:48:54 maxv Exp $
+# $NetBSD: files.i386,v 1.392 2018/04/07 19:38:06 mrg Exp $
#
# new style config file for i386 architecture
#
@@ -41,6 +41,9 @@ defparam opt_pcibios.h PCIBIOS_IRQS_HINT
# splraise()/spllower() debug
defflag opt_spldebug.h SPLDEBUG
+# Enable GCC spectre V2 mitigation options
+defflag opt_spectre.h SPECTRE_V2_GCC_MITIGATION
+
# Beep on halt
defflag opt_beep.h BEEP_ONHALT
defparam opt_beep.h BEEP_ONHALT_COUNT=3
