From a01c5f8fd80208608b091bc8e854e38309f5159e Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 4 Jan 2019 12:43:47 +0100 Subject: [PATCH] Add a conditional to enable retpoline support Using retpoline in userland code that doesn't run arbitrary code is questionable to start with. Linux is also getting SPECTRE v2 userspace-to-userspace protection. In addition, some platforms have a gcc version that advertises support for retpolines, but the resulting binaries simply don't work or cannot be linked. So, do not enable this by default. Let builders choose if they really want to enable this in their builds. --- ChangeLog | 1 - configure.ac | 18 +++++++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index d50df121..663e711c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,7 +10,6 @@ module; fall back to Javascript on these. counterpart. - Added a workaround for Visual Studio 2010 bug causing CPU features not to be detected. - - The library now enables compilation with retpoline by default. - Portability improvements. - Test vectors from Project Wycheproof have been added. - New low-level APIs for arithmetic mod the order of the prime order group: diff --git a/configure.ac b/configure.ac index d4078d71..addf47bf 100644 --- a/configure.ac +++ b/configure.ac @@ -149,6 +149,17 @@ AC_ARG_WITH(ctgrind, ]) ]) +AC_ARG_ENABLE(retpoline, +[AS_HELP_STRING(--enable-retpoline,Use return trampolines for indirect calls)], +[AS_IF([test "x$enableval" = "xyes"], [ + AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk-inline], + [CFLAGS="$CFLAGS -mindirect-branch=thunk-inline"], + [AX_CHECK_COMPILE_FLAG([-mretpoline], [CFLAGS="$CFLAGS -mretpoline"])] + ) + AX_CHECK_COMPILE_FLAG([-mindirect-branch-register]) + ]) +]) + ENABLE_CWFLAGS=no AC_ARG_ENABLE(debug, [AS_HELP_STRING(--enable-debug,For maintainers only - please do not use)], @@ -197,13 +208,6 @@ AC_CHECK_DEFINE([_FORTIFY_SOURCE], [], [ [CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"]) ]) -AS_IF([test "x$EMSCRIPTEN" = "x" -a "$host_os" != "pnacl"], [ - AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk], - [CFLAGS="$CFLAGS -mindirect-branch=thunk"], - [AX_CHECK_COMPILE_FLAG([-mretpoline], [CFLAGS="$CFLAGS -mretpoline"])] - ) -]) - AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [CFLAGS="$CFLAGS -fvisibility=hidden"])