golang: Add option to enable Spectre mitigations
authorJeffery To <jeffery.to@gmail.com>
Mon, 24 Aug 2020 17:01:52 +0000 (01:01 +0800)
committerJeffery To <jeffery.to@gmail.com>
Tue, 6 Oct 2020 08:34:41 +0000 (16:34 +0800)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
lang/golang/golang-package.mk
lang/golang/golang-values.mk
lang/golang/golang/Config.in
lang/golang/golang/Makefile

index 8c62e6399a5075f1e40a2850ee352cef0672b1ea..7144a45242f5b5748dc6f14a1fbd2ab0d6ea0cb1 100644 (file)
@@ -155,6 +155,14 @@ ifdef CONFIG_PKG_ASLR_PIE_REGULAR
   endif
 endif
 
+ifdef CONFIG_GOLANG_SPECTRE
+  ifeq ($(GO_TARGET_SPECTRE_SUPPORTED),1)
+    GO_PKG_ENABLE_SPECTRE:=1
+  else
+    $(warning Spectre mitigations are not supported for $(GO_ARCH))
+  endif
+endif
+
 # sstrip causes corrupted section header size
 ifneq ($(CONFIG_USE_SSTRIP),)
   ifneq ($(CONFIG_DEBUG),)
@@ -211,6 +219,12 @@ GO_PKG_VARS= \
        $(GO_PKG_TARGET_VARS) \
        $(GO_PKG_BUILD_VARS)
 
+GO_PKG_DEFAULT_GCFLAGS= \
+       $(if $(GO_PKG_ENABLE_SPECTRE),-spectre all)
+
+GO_PKG_DEFAULT_ASMFLAGS= \
+       $(if $(GO_PKG_ENABLE_SPECTRE),-spectre all)
+
 GO_PKG_DEFAULT_LDFLAGS= \
        -buildid '$(SOURCE_DATE_EPOCH)' \
        -linkmode external \
@@ -224,11 +238,13 @@ GO_PKG_INSTALL_ARGS= \
        -v \
        -trimpath \
        -ldflags "all=$(GO_PKG_DEFAULT_LDFLAGS)" \
+       $(if $(GO_PKG_DEFAULT_GCFLAGS),-gcflags "all=$(GO_PKG_DEFAULT_GCFLAGS)") \
+       $(if $(GO_PKG_DEFAULT_ASMFLAGS),-asmflags "all=$(GO_PKG_DEFAULT_ASMFLAGS)") \
        $(if $(filter $(GO_PKG_ENABLE_PIE),1),-buildmode pie) \
        $(if $(filter $(GO_ARCH),arm),-installsuffix "v$(GO_ARM)") \
        $(if $(filter $(GO_ARCH),mips mipsle),-installsuffix "$(GO_MIPS)") \
        $(if $(filter $(GO_ARCH),mips64 mips64le),-installsuffix "$(GO_MIPS64)") \
-       $(if $(GO_PKG_GCFLAGS),-gcflags "$(GO_PKG_GCFLAGS)") \
+       $(if $(GO_PKG_GCFLAGS),-gcflags "$(GO_PKG_GCFLAGS) $(GO_PKG_DEFAULT_GCFLAGS)") \
        $(if $(GO_PKG_CUSTOM_LDFLAGS),-ldflags "$(GO_PKG_CUSTOM_LDFLAGS) $(GO_PKG_DEFAULT_LDFLAGS)") \
        $(if $(GO_PKG_TAGS),-tags "$(GO_PKG_TAGS)")
 
@@ -271,6 +287,10 @@ endef
 
 
 ifneq ($(strip $(GO_PKG)),)
+  ifeq ($(GO_TARGET_SPECTRE_SUPPORTED),1)
+    PKG_CONFIG_DEPENDS+=CONFIG_GOLANG_SPECTRE
+  endif
+
   Build/Configure=$(call GoPackage/Build/Configure)
   Build/Compile=$(call GoPackage/Build/Compile)
   Hooks/Compile/Post+=Go/CacheCleanup
index 7429ae0de81e6c0ce137105d2a375ef371bb7830..69126a1ed95e0ac340a4a8cfe671a586d735619b 100644 (file)
@@ -221,6 +221,19 @@ ifneq ($(filter $(GO_OS_ARCH),$(GO_PIE_SUPPORTED_OS_ARCH)),)
 endif
 
 
+# Spectre mitigations
+
+GO_SPECTRE_SUPPORTED_ARCH:=amd64
+
+ifneq ($(filter $(GO_HOST_ARCH),$(GO_SPECTRE_SUPPORTED_ARCH)),)
+  GO_HOST_SPECTRE_SUPPORTED:=1
+endif
+
+ifneq ($(filter $(GO_ARCH),$(GO_SPECTRE_SUPPORTED_ARCH)),)
+  GO_TARGET_SPECTRE_SUPPORTED:=1
+endif
+
+
 # General build info
 
 GO_BUILD_CACHE_DIR:=$(or $(call qstrip,$(CONFIG_GOLANG_BUILD_CACHE_DIR)),$(TOPDIR)/.go-build)
index 2e71591734540469b29fb658c1757a2e8e39fc6a..714bf01fd2b55fc4066a3f83368572623f917890 100644 (file)
@@ -23,4 +23,11 @@ config GOLANG_MOD_CACHE_WORLD_READABLE
        bool "Ensure Go module cache is world-readable"
        default n
 
+config GOLANG_SPECTRE
+       bool "Enable Spectre mitigations"
+       default n
+       depends on x86_64
+       help
+         Currently only available for x86-64 (amd64).
+
 endmenu
index a5474753b12067d3848f23ac55ebd6685b6d0b5a..2016dfb8c24b80f4cec180b4973f4d08bdf208c8 100644 (file)
@@ -96,6 +96,10 @@ BOOTSTRAP_UNPACK:=$(HOST_TAR) -C "$(BOOTSTRAP_BUILD_DIR)" --strip-components=1 -
 RSTRIP:=:
 STRIP:=:
 
+ifeq ($(GO_TARGET_SPECTRE_SUPPORTED),1)
+  PKG_CONFIG_DEPENDS+=CONFIG_GOLANG_SPECTRE
+endif
+
 define Package/golang/Default
 $(call GoPackage/GoSubMenu)
   TITLE:=Go programming language
@@ -269,6 +273,12 @@ PKG_GO_VARS= \
        PKG_CONFIG=pkg-config \
        PATH="$(HOST_GO_ROOT)/openwrt:$$$$PATH"
 
+PKG_GO_GCFLAGS= \
+       $(if $(GO_PKG_ENABLE_SPECTRE),-spectre all)
+
+PKG_GO_ASMFLAGS= \
+       $(if $(GO_PKG_ENABLE_SPECTRE),-spectre all)
+
 PKG_GO_LDFLAGS= \
        -buildid '$(SOURCE_DATE_EPOCH)' \
        -linkmode external \
@@ -280,6 +290,8 @@ PKG_GO_LDFLAGS= \
 # static / not dependent on the build environment
 PKG_GO_INSTALL_ARGS= \
        -ldflags "all=$(PKG_GO_LDFLAGS)" \
+       $(if $(PKG_GO_GCFLAGS),-gcflags "all=$(PKG_GO_GCFLAGS)") \
+       $(if $(PKG_GO_ASMFLAGS),-asmflags "all=$(PKG_GO_ASMFLAGS)") \
        $(if $(filter $(GO_PKG_ENABLE_PIE),1),-buildmode pie)
 
 define Build/Compile