diff options
author | Ed Maste <emaste@FreeBSD.org> | 2018-02-28 14:57:45 +0000 |
---|---|---|
committer | Ed Maste <emaste@FreeBSD.org> | 2018-02-28 14:57:45 +0000 |
commit | e9093b66d54d71026d083389f3c9ca674f849083 (patch) | |
tree | 7386b06015b107d3db2af511a3f832dc847bbf79 /sys/conf/kern.opts.mk | |
parent | 6b8bcdc1e8ef307b44eada406f93cdea665c3b1f (diff) | |
download | src-e9093b66d54d71026d083389f3c9ca674f849083.tar.gz src-e9093b66d54d71026d083389f3c9ca674f849083.zip |
Add kernel retpoline option for amd64
Retpoline is a compiler-based mitigation for CVE-2017-5715, also known
as Spectre V2, that protects against speculative execution branch target
injection attacks.
In this commit it is disabled by default, but will be changed in a
followup commit.
Reviewed by: bdrewery (previous version)
MFC after: 3 days
Security: CVE-2017-5715
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D14242
Notes
Notes:
svn path=/head/; revision=330110
Diffstat (limited to 'sys/conf/kern.opts.mk')
-rw-r--r-- | sys/conf/kern.opts.mk | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/conf/kern.opts.mk b/sys/conf/kern.opts.mk index ba271be28865..4e38c06f13c3 100644 --- a/sys/conf/kern.opts.mk +++ b/sys/conf/kern.opts.mk @@ -47,6 +47,7 @@ __DEFAULT_YES_OPTIONS = \ __DEFAULT_NO_OPTIONS = \ EXTRA_TCP_STACKS \ + KERNEL_RETPOLINE \ NAND \ OFED \ RATELIMIT \ @@ -85,6 +86,11 @@ BROKEN_OPTIONS+= FORMAT_EXTENSIONS BROKEN_OPTIONS+= OFED .endif +# Things that don't work based on toolchain support. +.if ${MACHINE} != "amd64" +BROKEN_OPTIONS+= KERNEL_RETPOLINE +.endif + # expanded inline from bsd.mkopt.mk to avoid share/mk dependency # Those that default to yes |