From deec799746e92ab0487eca489499ade08a2610bf Mon Sep 17 00:00:00 2001 From: Caroline Tice Date: Mon, 8 Jan 2018 10:25:12 -0800 Subject: [GCC] Commit retpoline patch code, for fixing security issues. This applies the Intel GCC code patches, to allow compiling with appropriate flags for mitigating the indirect branch variant of the speculative execution security flaw. Bug: None Test: This is already in place in ChromeOS and has been tested on the ChromeOS kernels. Change-Id: Ideffb433b697f1fe7e4ca2c1eaa968160abfcc8b --- gcc-4.9/gcc/config/i386/i386.opt | 52 ++++++++++++++++++++++++++++++---------- 1 file changed, 40 insertions(+), 12 deletions(-) (limited to 'gcc-4.9/gcc/config/i386/i386.opt') diff --git a/gcc-4.9/gcc/config/i386/i386.opt b/gcc-4.9/gcc/config/i386/i386.opt index f64a9e1eb..3b4a86066 100644 --- a/gcc-4.9/gcc/config/i386/i386.opt +++ b/gcc-4.9/gcc/config/i386/i386.opt @@ -781,18 +781,6 @@ mrtm Target Report Mask(ISA_RTM) Var(ix86_isa_flags) Save Support RTM built-in functions and code generation -mpatch-functions-for-instrumentation -Target RejectNegative Report Var(patch_functions_for_instrumentation) Save -Patch function prologue and epilogue with custom NOPs for dynamic instrumentation. By default, functions with loops (controlled by -mpatch-functions-without-loop) or functions having instructions more than -mpatch-functions-min-instructions are patched. - -mpatch-functions-ignore-loops -Target RejectNegative Report Var(patch_functions_ignore_loops) Save -Ignore loops when deciding whether to patch a function for instrumentation (for use with -mpatch-functions-for-instrumentation). - -mno-patch-functions-main-always -Target Report RejectNegative Var(patch_functions_dont_always_patch_main) Save -Treat 'main' as any other function and only patch it if it meets the criteria for loops and minimum number of instructions (for use with -mpatch-functions-for-instrumentation). - mstack-protector-guard= Target RejectNegative Joined Enum(stack_protector_guard) Var(ix86_stack_protector_guard) Init(SSP_TLS) Use given stack-protector guard @@ -806,3 +794,43 @@ Enum(stack_protector_guard) String(tls) Value(SSP_TLS) EnumValue Enum(stack_protector_guard) String(global) Value(SSP_GLOBAL) + +mindirect-branch= +Target Report RejectNegative Joined Enum(indirect_branch) Var(ix86_indirect_branch) Init(indirect_branch_keep) +Update indirect call and jump. + +mfunction-return= +Target Report RejectNegative Joined Enum(indirect_branch) Var(ix86_function_return) Init(indirect_branch_keep) +Update function return. + +Enum +Name(indirect_branch) Type(enum indirect_branch) +Known indirect branch choices (for use with the -mindirect-branch=/-mfunction-return= options): + +EnumValue +Enum(indirect_branch) String(keep) Value(indirect_branch_keep) + +EnumValue +Enum(indirect_branch) String(thunk) Value(indirect_branch_thunk) + +EnumValue +Enum(indirect_branch) String(thunk-inline) Value(indirect_branch_thunk_inline) + +EnumValue +Enum(indirect_branch) String(thunk-extern) Value(indirect_branch_thunk_extern) + +mindirect-branch-loop= +Target Report RejectNegative Joined Enum(indirect_branch_loop) Var(ix86_indirect_branch_loop) Undocumented Init(indirect_branch_loop_lfence) + +Enum +Name(indirect_branch_loop) Type(enum indirect_branch_loop) +Known loop choices (for use with the -mindirect-branch-loop= option): + +EnumValue +Enum(indirect_branch_loop) String(lfence) Value(indirect_branch_loop_lfence) + +EnumValue +Enum(indirect_branch_loop) String(pause) Value(indirect_branch_loop_pause) + +EnumValue +Enum(indirect_branch_loop) String(nop) Value(indirect_branch_loop_nop) -- cgit v1.2.3 From d64d815b3af9d2653d924ea2e1ebb21ee8b043b7 Mon Sep 17 00:00:00 2001 From: Caroline Tice Date: Mon, 29 Jan 2018 13:36:52 -0800 Subject: [GCC] Update with latest retpoline fixes from Intel. Intel has updated their retpoline patches since we created our original patch. This CL updates our retpoline changes to match the latest from Intel. Bug: None Test: Tested extensively in ChromeOS. Built x86 platform & kernel images in Android. Change-Id: Id1a18cb1f1f4461832a017cb5c5d59e5400d9d08 --- gcc-4.9/gcc/config/i386/i386.opt | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) (limited to 'gcc-4.9/gcc/config/i386/i386.opt') diff --git a/gcc-4.9/gcc/config/i386/i386.opt b/gcc-4.9/gcc/config/i386/i386.opt index 3b4a86066..502037b68 100644 --- a/gcc-4.9/gcc/config/i386/i386.opt +++ b/gcc-4.9/gcc/config/i386/i386.opt @@ -797,11 +797,11 @@ Enum(stack_protector_guard) String(global) Value(SSP_GLOBAL) mindirect-branch= Target Report RejectNegative Joined Enum(indirect_branch) Var(ix86_indirect_branch) Init(indirect_branch_keep) -Update indirect call and jump. +Convert indirect call and jump to call and return thunks. mfunction-return= Target Report RejectNegative Joined Enum(indirect_branch) Var(ix86_function_return) Init(indirect_branch_keep) -Update function return. +Convert function return to call and return thunk. Enum Name(indirect_branch) Type(enum indirect_branch) @@ -819,18 +819,6 @@ Enum(indirect_branch) String(thunk-inline) Value(indirect_branch_thunk_inline) EnumValue Enum(indirect_branch) String(thunk-extern) Value(indirect_branch_thunk_extern) -mindirect-branch-loop= -Target Report RejectNegative Joined Enum(indirect_branch_loop) Var(ix86_indirect_branch_loop) Undocumented Init(indirect_branch_loop_lfence) - -Enum -Name(indirect_branch_loop) Type(enum indirect_branch_loop) -Known loop choices (for use with the -mindirect-branch-loop= option): - -EnumValue -Enum(indirect_branch_loop) String(lfence) Value(indirect_branch_loop_lfence) - -EnumValue -Enum(indirect_branch_loop) String(pause) Value(indirect_branch_loop_pause) - -EnumValue -Enum(indirect_branch_loop) String(nop) Value(indirect_branch_loop_nop) +mindirect-branch-register +Target Report Var(ix86_indirect_branch_register) Init(0) +Force indirect call and jump via register. -- cgit v1.2.3