kernel - Implement retpoline for kernel
authorMatthew Dillon <dillon@apollo.backplane.com>
Thu, 16 May 2019 18:11:35 +0000 (11:11 -0700)
committerMatthew Dillon <dillon@apollo.backplane.com>
Thu, 16 May 2019 18:11:35 +0000 (11:11 -0700)
* Now that we have gcc-8 operational, we can turn on retpoline (software
  spectre protection against the return stack buffer).  Turn it on via
  -mindirect-branch=thunk-inline

* No discernable performance loss with a generic buildkernel test:

Xeon e5-2620v4 x 2
                        time make -j 32 nativekernel (all tmpfs)
BEFORE 1717.427u 323.662s 2:28.49 1374.5%      9582+721k 200842+0io 4870pf+0w
BEFORE 1720.130u 338.635s 2:30.21 1370.5%      9555+720k 199720+0io 4804pf+0w
BEFORE 1722.395u 341.508s 2:30.71 1369.4%      9559+720k 199720+0io 4804pf+0w

AFTER  1720.271u 329.492s 2:28.27 1382.4%      9578+721k 200842+0io 4870pf+0w
AFTER  1736.268u 344.874s 2:30.90 1379.1%      9555+720k 199720+0io 4804pf+0w
AFTER  1726.056u 348.324s 2:31.14 1372.4%      9543+719k 199720+0io 4804pf+0w

sys/platform/pc64/conf/kern.mk
sys/platform/vkernel64/conf/kern.mk

index ef31e10..5050c1c 100644 (file)
@@ -27,6 +27,10 @@ CFLAGS+=     -mno-fma -mno-fma4
 CFLAGS+=       -mno-bmi -mno-bmi2
 CFLAGS+=       -mno-xop -mno-lwp -mno-lzcnt -mno-tbm
 .endif
+
+.if ${CCVER:Mgcc8*}
+CFLAGS+=       -mindirect-branch=thunk-inline
+.endif
 .endif
 
 CFLAGS+=       -msoft-float
index df3fe50..d569f40 100644 (file)
@@ -5,7 +5,15 @@
 #
 .if ${CCVER:Mgcc*}
 CFLAGS+=       -mpreferred-stack-boundary=4
+
+# Retpoline spectre protection
+#
+.if ${CCVER:Mgcc8*}
+CFLAGS+=       -mindirect-branch=thunk-inline
 .endif
+
+.endif
+
 CFLAGS+=       -fno-stack-protector -fno-strict-aliasing
 CFLAGS+=       -fno-strict-overflow
 CFLAGS+=       -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -mno-sse3