From d5dc30fe8039e2c969443fc4024f4871b7a9c2f3 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Tue, 25 Aug 2020 01:01:52 +0800 Subject: [PATCH] golang: Add option to enable Spectre mitigations Signed-off-by: Jeffery To --- lang/golang/golang-package.mk | 22 +++++++++++++++++++++- lang/golang/golang-values.mk | 13 +++++++++++++ lang/golang/golang/Config.in | 7 +++++++ lang/golang/golang/Makefile | 12 ++++++++++++ 4 files changed, 53 insertions(+), 1 deletion(-) diff --git a/lang/golang/golang-package.mk b/lang/golang/golang-package.mk index 8c62e6399a..7144a45242 100644 --- a/lang/golang/golang-package.mk +++ b/lang/golang/golang-package.mk @@ -155,6 +155,14 @@ ifdef CONFIG_PKG_ASLR_PIE_REGULAR endif endif +ifdef CONFIG_GOLANG_SPECTRE + ifeq ($(GO_TARGET_SPECTRE_SUPPORTED),1) + GO_PKG_ENABLE_SPECTRE:=1 + else + $(warning Spectre mitigations are not supported for $(GO_ARCH)) + endif +endif + # sstrip causes corrupted section header size ifneq ($(CONFIG_USE_SSTRIP),) ifneq ($(CONFIG_DEBUG),) @@ -211,6 +219,12 @@ GO_PKG_VARS= \ $(GO_PKG_TARGET_VARS) \ $(GO_PKG_BUILD_VARS) +GO_PKG_DEFAULT_GCFLAGS= \ + $(if $(GO_PKG_ENABLE_SPECTRE),-spectre all) + +GO_PKG_DEFAULT_ASMFLAGS= \ + $(if $(GO_PKG_ENABLE_SPECTRE),-spectre all) + GO_PKG_DEFAULT_LDFLAGS= \ -buildid '$(SOURCE_DATE_EPOCH)' \ -linkmode external \ @@ -224,11 +238,13 @@ GO_PKG_INSTALL_ARGS= \ -v \ -trimpath \ -ldflags "all=$(GO_PKG_DEFAULT_LDFLAGS)" \ + $(if $(GO_PKG_DEFAULT_GCFLAGS),-gcflags "all=$(GO_PKG_DEFAULT_GCFLAGS)") \ + $(if $(GO_PKG_DEFAULT_ASMFLAGS),-asmflags "all=$(GO_PKG_DEFAULT_ASMFLAGS)") \ $(if $(filter $(GO_PKG_ENABLE_PIE),1),-buildmode pie) \ $(if $(filter $(GO_ARCH),arm),-installsuffix "v$(GO_ARM)") \ $(if $(filter $(GO_ARCH),mips mipsle),-installsuffix "$(GO_MIPS)") \ $(if $(filter $(GO_ARCH),mips64 mips64le),-installsuffix "$(GO_MIPS64)") \ - $(if $(GO_PKG_GCFLAGS),-gcflags "$(GO_PKG_GCFLAGS)") \ + $(if $(GO_PKG_GCFLAGS),-gcflags "$(GO_PKG_GCFLAGS) $(GO_PKG_DEFAULT_GCFLAGS)") \ $(if $(GO_PKG_CUSTOM_LDFLAGS),-ldflags "$(GO_PKG_CUSTOM_LDFLAGS) $(GO_PKG_DEFAULT_LDFLAGS)") \ $(if $(GO_PKG_TAGS),-tags "$(GO_PKG_TAGS)") @@ -271,6 +287,10 @@ endef ifneq ($(strip $(GO_PKG)),) + ifeq ($(GO_TARGET_SPECTRE_SUPPORTED),1) + PKG_CONFIG_DEPENDS+=CONFIG_GOLANG_SPECTRE + endif + Build/Configure=$(call GoPackage/Build/Configure) Build/Compile=$(call GoPackage/Build/Compile) Hooks/Compile/Post+=Go/CacheCleanup diff --git a/lang/golang/golang-values.mk b/lang/golang/golang-values.mk index 7429ae0de8..69126a1ed9 100644 --- a/lang/golang/golang-values.mk +++ b/lang/golang/golang-values.mk @@ -221,6 +221,19 @@ ifneq ($(filter $(GO_OS_ARCH),$(GO_PIE_SUPPORTED_OS_ARCH)),) endif +# Spectre mitigations + +GO_SPECTRE_SUPPORTED_ARCH:=amd64 + +ifneq ($(filter $(GO_HOST_ARCH),$(GO_SPECTRE_SUPPORTED_ARCH)),) + GO_HOST_SPECTRE_SUPPORTED:=1 +endif + +ifneq ($(filter $(GO_ARCH),$(GO_SPECTRE_SUPPORTED_ARCH)),) + GO_TARGET_SPECTRE_SUPPORTED:=1 +endif + + # General build info GO_BUILD_CACHE_DIR:=$(or $(call qstrip,$(CONFIG_GOLANG_BUILD_CACHE_DIR)),$(TOPDIR)/.go-build) diff --git a/lang/golang/golang/Config.in b/lang/golang/golang/Config.in index 2e71591734..714bf01fd2 100644 --- a/lang/golang/golang/Config.in +++ b/lang/golang/golang/Config.in @@ -23,4 +23,11 @@ config GOLANG_MOD_CACHE_WORLD_READABLE bool "Ensure Go module cache is world-readable" default n +config GOLANG_SPECTRE + bool "Enable Spectre mitigations" + default n + depends on x86_64 + help + Currently only available for x86-64 (amd64). + endmenu diff --git a/lang/golang/golang/Makefile b/lang/golang/golang/Makefile index a5474753b1..2016dfb8c2 100644 --- a/lang/golang/golang/Makefile +++ b/lang/golang/golang/Makefile @@ -96,6 +96,10 @@ BOOTSTRAP_UNPACK:=$(HOST_TAR) -C "$(BOOTSTRAP_BUILD_DIR)" --strip-components=1 - RSTRIP:=: STRIP:=: +ifeq ($(GO_TARGET_SPECTRE_SUPPORTED),1) + PKG_CONFIG_DEPENDS+=CONFIG_GOLANG_SPECTRE +endif + define Package/golang/Default $(call GoPackage/GoSubMenu) TITLE:=Go programming language @@ -269,6 +273,12 @@ PKG_GO_VARS= \ PKG_CONFIG=pkg-config \ PATH="$(HOST_GO_ROOT)/openwrt:$$$$PATH" +PKG_GO_GCFLAGS= \ + $(if $(GO_PKG_ENABLE_SPECTRE),-spectre all) + +PKG_GO_ASMFLAGS= \ + $(if $(GO_PKG_ENABLE_SPECTRE),-spectre all) + PKG_GO_LDFLAGS= \ -buildid '$(SOURCE_DATE_EPOCH)' \ -linkmode external \ @@ -280,6 +290,8 @@ PKG_GO_LDFLAGS= \ # static / not dependent on the build environment PKG_GO_INSTALL_ARGS= \ -ldflags "all=$(PKG_GO_LDFLAGS)" \ + $(if $(PKG_GO_GCFLAGS),-gcflags "all=$(PKG_GO_GCFLAGS)") \ + $(if $(PKG_GO_ASMFLAGS),-asmflags "all=$(PKG_GO_ASMFLAGS)") \ $(if $(filter $(GO_PKG_ENABLE_PIE),1),-buildmode pie) define Build/Compile -- 2.30.2