Date: Sat, 20 Oct 2018 20:31:14 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Ed Maste <emaste@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r339511 - in head: . share/mk tools/build/options Message-ID: <20181021003114.dtvjaklkcymksnj5@mutt-hbsd> In-Reply-To: <201810210027.w9L0Rxea029138@repo.freebsd.org> References: <201810210027.w9L0Rxea029138@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--y7omgbbolddkzumk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Oct 21, 2018 at 12:27:59AM +0000, Ed Maste wrote: > Author: emaste > Date: Sun Oct 21 00:27:59 2018 > New Revision: 339511 > URL: https://svnweb.freebsd.org/changeset/base/339511 >=20 > Log: > Introduce src.conf knob to build userland with retpoline > =20 > WITH_RETPOLINE enables -mretpoline vulnerability mitigation in userland > for CVE-2017-5715. > =20 > Reported by: Peter Malcom > Reviewed by: markj > MFC after: 1 week > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D17421 >=20 > Added: > head/tools/build/options/WITH_RETPOLINE (contents, props changed) > Modified: > head/Makefile.inc1 > head/share/mk/bsd.lib.mk > head/share/mk/bsd.opts.mk > head/share/mk/bsd.prog.mk >=20 > Modified: head/Makefile.inc1 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/Makefile.inc1 Sun Oct 21 00:20:40 2018 (r339510) > +++ head/Makefile.inc1 Sun Oct 21 00:27:59 2018 (r339511) > @@ -659,7 +659,7 @@ BSARGS=3D DESTDIR=3D \ > -DNO_PIC MK_PROFILE=3Dno -DNO_SHARED \ > -DNO_CPU_CFLAGS MK_WARNS=3Dno MK_CTF=3Dno \ > MK_CLANG_EXTRAS=3Dno MK_CLANG_FULL=3Dno \ > - MK_LLDB=3Dno MK_TESTS=3Dno \ > + MK_LLDB=3Dno MK_RETPOLINE=3Dno MK_TESTS=3Dno \ > MK_INCLUDES=3Dyes > =20 > BMAKE=3D \ > @@ -680,7 +680,7 @@ TMAKE=3D \ > -DNO_LINT \ > -DNO_CPU_CFLAGS MK_WARNS=3Dno MK_CTF=3Dno \ > MK_CLANG_EXTRAS=3Dno MK_CLANG_FULL=3Dno \ > - MK_LLDB=3Dno MK_TESTS=3Dno > + MK_LLDB=3Dno MK_RETPOLINE=3Dno MK_TESTS=3Dno > =20 > # cross-tools stage > # TOOLS_PREFIX set in BMAKE > @@ -703,7 +703,7 @@ KTMAKE=3D \ > SSP_CFLAGS=3D \ > MK_HTML=3Dno -DNO_LINT MK_MAN=3Dno \ > -DNO_PIC MK_PROFILE=3Dno -DNO_SHARED \ > - -DNO_CPU_CFLAGS MK_WARNS=3Dno MK_CTF=3Dno > + -DNO_CPU_CFLAGS MK_RETPOLINE=3Dno MK_WARNS=3Dno MK_CTF=3Dno > =20 > # world stage > WMAKEENV=3D ${CROSSENV} \ > @@ -2383,6 +2383,7 @@ NXBMAKEARGS+=3D \ > MK_OFED=3Dno \ > MK_OPENSSH=3Dno \ > MK_PROFILE=3Dno \ > + MK_RETPOLINE=3Dno \ > MK_SENDMAIL=3Dno \ > MK_SVNLITE=3Dno \ > MK_TESTS=3Dno \ >=20 > Modified: head/share/mk/bsd.lib.mk > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/share/mk/bsd.lib.mk Sun Oct 21 00:20:40 2018 (r339510) > +++ head/share/mk/bsd.lib.mk Sun Oct 21 00:27:59 2018 (r339511) > @@ -69,6 +69,12 @@ TAGS+=3D package=3D${PACKAGE:Uruntime} > TAG_ARGS=3D -T ${TAGS:[*]:S/ /,/g} > .endif > =20 > +.if ${MK_RETPOLINE} !=3D "no" > +CFLAGS+=3D -mretpoline > +CXXFLAGS+=3D -mretpoline > +LDFLAGS+=3D -Wl,-zretpolineplt > +.endif > + > .if ${MK_DEBUG_FILES} !=3D "no" && empty(DEBUG_FLAGS:M-g) && \ > empty(DEBUG_FLAGS:M-gdwarf*) > CFLAGS+=3D ${DEBUG_FILES_CFLAGS} >=20 > Modified: head/share/mk/bsd.opts.mk > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/share/mk/bsd.opts.mk Sun Oct 21 00:20:40 2018 (r339510) > +++ head/share/mk/bsd.opts.mk Sun Oct 21 00:27:59 2018 (r339511) > @@ -72,6 +72,7 @@ __DEFAULT_NO_OPTIONS =3D \ > CCACHE_BUILD \ > CTF \ > INSTALL_AS_USER \ > + RETPOLINE \ > STALE_STAGED [snip] We at HardenedBSD have had Retpoline enabled in 12 userland and kernel for a few months now. I've found it to be safe to enable by default. Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --y7omgbbolddkzumk Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlvLyM0ACgkQaoRlj1JF bu4h6w/+N8vmrsqCh8XiXAtk6yUvtLfNYgzHOmqzX1RBHW39w6hZIydt0qsIq/8E F42sA2LVrjr7lME4ETYd+vWi5LateM6K77ebUU7+c+BAT3SM0PRJNgsi0UFLNzTz HNGxo9VOVRKml347mGeg7EwA+zVxN82y5+XhByJCcyuKlAXN0XcFFz9Qyosay8V0 PmT1+DcL/NpgdcCBf+C82xdnz3qBwC7BVOfz01UNFxkYNqgRlOj9MDj6ZBSm9qjL 9GiKO3hJ2g6A/nUDPGkjrglZPMH9puivlaJIStyzx1j8QSQOMRsCUImfl8g/E7QR OzTdRV31vDWvNgGzjzpgfI6fFtIAi4Cf7kGUml/HJvymqyHYTCTJrmkrNJbb2SEZ hw2hXIVjWnw9oMl0fatQfuirfp8OepWmFxzd2QSVhm3Tgpjrcg6OTT++PIdHak93 ntXHR+QxofCF0UVB0v8E4bHF1Tz1MU/SVMLSR1N5PiDPPm2hk9Dgha0y7j9zGBso G6XaF5uakZ9uEBHFUBzylYnawBO442H1ILtuEQcVZX4XJmrL6TqObL09OYS07yVq DZlN660SpDlDdeWNGs2otsrfDDY2JcPZVOA/v+z1ngHXw6diI5vwjvvOkgDJt2IF v7FtHmHnmG6RUjysHvEqwOedCkriDozaFSELgi6rW1pXUOK4dWI= =qKBY -----END PGP SIGNATURE----- --y7omgbbolddkzumk--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181021003114.dtvjaklkcymksnj5>