aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--erts/configure.in50
-rw-r--r--erts/emulator/beam/beam_emu.c1
2 files changed, 51 insertions, 0 deletions
diff --git a/erts/configure.in b/erts/configure.in
index ad9a66126f..4d1464d744 100644
--- a/erts/configure.in
+++ b/erts/configure.in
@@ -416,6 +416,56 @@ if test X"$with_ets_write_concurrency_locks" != X""; then
[Define to override the default number of write_concurrency locks])
fi
+AC_ARG_WITH(spectre-mitigation,
+ AS_HELP_STRING([--with-spectre-mitigation={yes|incomplete}],
+ [enable spectre mitigation, either fully or with mitigations
+ disabled in a handful places like the interpreter])
+ AS_HELP_STRING([--without-spectre-mitigation],
+ [build without spectre mitigation]),
+ [],[with_spectre_mitigation=no])
+
+case "$with_spectre_mitigation" in
+ no) ;;
+ yes) ;;
+ incomplete) ;;
+ *) AC_MSG_ERROR([Invalid spectre mitigation setting]) ;;
+esac
+
+i_noretpoline_attr=""
+
+if test X"$with_spectre_mitigation" != X"no"; then
+ CFLAGS="$CFLAGS -mindirect-branch=thunk"
+
+ AC_MSG_CHECKING([for spectre mitigation])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([],[return 0;])],
+ [AC_MSG_RESULT([yes])],
+ [AC_MSG_ERROR([no])])
+
+ if test X"$with_spectre_mitigation" = X"incomplete"; then
+ # gcc and clang support this attribute if they're recent enough. Note
+ # that we must compile with -Werror to check for actual support as they
+ # warn rather than error out on unsupported attributes.
+
+ i_noretpoline_attr='__attribute__((__indirect_branch__("keep")))'
+ i_preserve_cflags="$CFLAGS"
+ CFLAGS="$CFLAGS -Werror"
+
+ AC_MSG_CHECKING([whether spectre mitigation can be disabled on a per-function basis])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([$i_noretpoline_attr],[return 0;])],
+ [AC_MSG_RESULT([yes])],
+ [AC_MSG_ERROR([no])])
+
+ CFLAGS="$i_preserve_cflags"
+ fi
+fi
+
+AC_DEFINE_UNQUOTED(ERTS_NO_RETPOLINE, $i_noretpoline_attr,
+ [Per-function attribute for disabling retpoline. This is
+ *only* defined when --with-spectre-mitigation=incomplete
+ and has no effects otherwise])
+
dnl ----------------------------------------------------------------------
dnl Checks for programs.
dnl ----------------------------------------------------------------------
diff --git a/erts/emulator/beam/beam_emu.c b/erts/emulator/beam/beam_emu.c
index 1ad13c32e3..0f6e6533fc 100644
--- a/erts/emulator/beam/beam_emu.c
+++ b/erts/emulator/beam/beam_emu.c
@@ -1227,6 +1227,7 @@ init_emulator(void)
* the instructions' C labels to the loader.
* The second call starts execution of BEAM code. This call never returns.
*/
+ERTS_NO_RETPOLINE
void process_main(void)
{
static int init_done = 0;