configure: Add spectre variant 2 mitigations

author codarrenvelvindron <codarren@hackers.mu>

Sat, 17 Feb 2018 19:28:48 +0000 (14:28 -0500)

committer Timo Sirainen <timo.sirainen@dovecot.fi>

Mon, 26 Feb 2018 15:17:53 +0000 (17:17 +0200)
author codarrenvelvindron <codarren@hackers.mu>
Sat, 17 Feb 2018 19:28:48 +0000 (14:28 -0500)
committer Timo Sirainen <timo.sirainen@dovecot.fi>
Mon, 26 Feb 2018 15:17:53 +0000 (17:17 +0200)
diff --git a/configure.ac b/configure.ac

index 10543fa929dc1aca4a92873ac42bb87e39bda601..46ea4bcfd7ee560c229c46bdae1de8253680838a 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -321,6 +321,7 @@ CC_CLANG
  AC_CC_PIE
  AC_CC_F_STACK_PROTECTOR
  AC_CC_D_FORTIFY_SOURCE
+AC_CC_RETPOLINE
  AC_LD_RELRO
  AC_LD_WHOLE_ARCHIVE
  
diff --git a/m4/cc_retpoline.m4 b/m4/cc_retpoline.m4

new file mode 100644 (file)

index 0000000..26f567c
--- /dev/null
+++ b/m4/cc_retpoline.m4
@@ -0,0 +1,18 @@
+dnl
+dnl Check for support for Retpoline
+dnl
+
+AC_DEFUN([AC_CC_RETPOLINE],[
+    AC_REQUIRE([gl_UNKNOWN_WARNINGS_ARE_ERRORS])
+    if test $enable_hardening = yes; then
+      case "$host" in
+        *)
+          gl_COMPILER_OPTION_IF([-mfunction-return=thunk -mindirect-branch=thunk], [
+            CFLAGS="$CFLAGS -mfunction-return=thunk -mindirect-branch=thunk"
+            ],
+            [],
+            [AC_LANG_PROGRAM()]
+          )
+      esac
+    fi
+])
author	codarrenvelvindron <codarren@hackers.mu>
	Sat, 17 Feb 2018 19:28:48 +0000 (14:28 -0500)
committer	Timo Sirainen <timo.sirainen@dovecot.fi>
	Mon, 26 Feb 2018 15:17:53 +0000 (17:17 +0200)
configure.ac		patch \| blob \| blame \| history
m4/cc_retpoline.m4	[new file with mode: 0644]	patch \| blob