Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

golang: Add option to enable Spectre mitigations

Browse source 
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This commit is contained in:
Jeffery To 2020-08-25 01:01:52 +08:00
parent 3d6df5d7d9
commit d5dc30fe80
No known key found for this signature in database
GPG key ID: C616D9E719E868E4
4 changed files with 53 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
lang/golang/golang-package.mk
View file

@ -155,6 +155,14 @@ ifdef CONFIG_PKG_ASLR_PIE_REGULAR
endif endif
endif endif
ifdef CONFIG_GOLANG_SPECTRE
ifeq ($(GO_TARGET_SPECTRE_SUPPORTED),1)
GO_PKG_ENABLE_SPECTRE:=1
else
$(warning Spectre mitigations are not supported for $(GO_ARCH))
endif
endif
# sstrip causes corrupted section header size # sstrip causes corrupted section header size
ifneq ($(CONFIG_USE_SSTRIP),) ifneq ($(CONFIG_USE_SSTRIP),)
ifneq ($(CONFIG_DEBUG),) ifneq ($(CONFIG_DEBUG),)
@ -211,6 +219,12 @@ GO_PKG_VARS= \
$(GO_PKG_TARGET_VARS) \ $(GO_PKG_TARGET_VARS) \
$(GO_PKG_BUILD_VARS) $(GO_PKG_BUILD_VARS)
GO_PKG_DEFAULT_GCFLAGS= \
$(if $(GO_PKG_ENABLE_SPECTRE),-spectre all)
GO_PKG_DEFAULT_ASMFLAGS= \
$(if $(GO_PKG_ENABLE_SPECTRE),-spectre all)
GO_PKG_DEFAULT_LDFLAGS= \ GO_PKG_DEFAULT_LDFLAGS= \
-buildid '$(SOURCE_DATE_EPOCH)' \ -buildid '$(SOURCE_DATE_EPOCH)' \
-linkmode external \ -linkmode external \
@ -224,11 +238,13 @@ GO_PKG_INSTALL_ARGS= \
-v \ -v \
-trimpath \ -trimpath \
-ldflags "all=$(GO_PKG_DEFAULT_LDFLAGS)" \ -ldflags "all=$(GO_PKG_DEFAULT_LDFLAGS)" \
$(if $(GO_PKG_DEFAULT_GCFLAGS),-gcflags "all=$(GO_PKG_DEFAULT_GCFLAGS)") \
$(if $(GO_PKG_DEFAULT_ASMFLAGS),-asmflags "all=$(GO_PKG_DEFAULT_ASMFLAGS)") \
$(if $(filter $(GO_PKG_ENABLE_PIE),1),-buildmode pie) \ $(if $(filter $(GO_PKG_ENABLE_PIE),1),-buildmode pie) \
$(if $(filter $(GO_ARCH),arm),-installsuffix "v$(GO_ARM)") \ $(if $(filter $(GO_ARCH),arm),-installsuffix "v$(GO_ARM)") \
$(if $(filter $(GO_ARCH),mips mipsle),-installsuffix "$(GO_MIPS)") \ $(if $(filter $(GO_ARCH),mips mipsle),-installsuffix "$(GO_MIPS)") \
$(if $(filter $(GO_ARCH),mips64 mips64le),-installsuffix "$(GO_MIPS64)") \ $(if $(filter $(GO_ARCH),mips64 mips64le),-installsuffix "$(GO_MIPS64)") \
$(if $(GO_PKG_GCFLAGS),-gcflags "$(GO_PKG_GCFLAGS)") \ $(if $(GO_PKG_GCFLAGS),-gcflags "$(GO_PKG_GCFLAGS) $(GO_PKG_DEFAULT_GCFLAGS)") \
$(if $(GO_PKG_CUSTOM_LDFLAGS),-ldflags "$(GO_PKG_CUSTOM_LDFLAGS) $(GO_PKG_DEFAULT_LDFLAGS)") \ $(if $(GO_PKG_CUSTOM_LDFLAGS),-ldflags "$(GO_PKG_CUSTOM_LDFLAGS) $(GO_PKG_DEFAULT_LDFLAGS)") \
$(if $(GO_PKG_TAGS),-tags "$(GO_PKG_TAGS)") $(if $(GO_PKG_TAGS),-tags "$(GO_PKG_TAGS)")
@ -271,6 +287,10 @@ endef
ifneq ($(strip $(GO_PKG)),) ifneq ($(strip $(GO_PKG)),)
ifeq ($(GO_TARGET_SPECTRE_SUPPORTED),1)
PKG_CONFIG_DEPENDS+=CONFIG_GOLANG_SPECTRE
endif
Build/Configure=$(call GoPackage/Build/Configure) Build/Configure=$(call GoPackage/Build/Configure)
Build/Compile=$(call GoPackage/Build/Compile) Build/Compile=$(call GoPackage/Build/Compile)
Hooks/Compile/Post+=Go/CacheCleanup Hooks/Compile/Post+=Go/CacheCleanup

13
lang/golang/golang-values.mk
View file

@ -221,6 +221,19 @@ ifneq ($(filter $(GO_OS_ARCH),$(GO_PIE_SUPPORTED_OS_ARCH)),)
endif endif
# Spectre mitigations
GO_SPECTRE_SUPPORTED_ARCH:=amd64
ifneq ($(filter $(GO_HOST_ARCH),$(GO_SPECTRE_SUPPORTED_ARCH)),)
GO_HOST_SPECTRE_SUPPORTED:=1
endif
ifneq ($(filter $(GO_ARCH),$(GO_SPECTRE_SUPPORTED_ARCH)),)
GO_TARGET_SPECTRE_SUPPORTED:=1
endif
# General build info # General build info
GO_BUILD_CACHE_DIR:=$(or $(call qstrip,$(CONFIG_GOLANG_BUILD_CACHE_DIR)),$(TOPDIR)/.go-build) GO_BUILD_CACHE_DIR:=$(or $(call qstrip,$(CONFIG_GOLANG_BUILD_CACHE_DIR)),$(TOPDIR)/.go-build)

7
lang/golang/golang/Config.in
View file

@ -23,4 +23,11 @@ config GOLANG_MOD_CACHE_WORLD_READABLE
bool "Ensure Go module cache is world-readable" bool "Ensure Go module cache is world-readable"
default n default n
config GOLANG_SPECTRE
bool "Enable Spectre mitigations"
default n
depends on x86_64
help
Currently only available for x86-64 (amd64).
endmenu endmenu

12
lang/golang/golang/Makefile
View file

@ -96,6 +96,10 @@ BOOTSTRAP_UNPACK:=$(HOST_TAR) -C "$(BOOTSTRAP_BUILD_DIR)" --strip-components=1 -
RSTRIP:=: RSTRIP:=:
STRIP:=: STRIP:=:
ifeq ($(GO_TARGET_SPECTRE_SUPPORTED),1)
PKG_CONFIG_DEPENDS+=CONFIG_GOLANG_SPECTRE
endif
define Package/golang/Default define Package/golang/Default
$(call GoPackage/GoSubMenu) $(call GoPackage/GoSubMenu)
TITLE:=Go programming language TITLE:=Go programming language
@ -269,6 +273,12 @@ PKG_GO_VARS= \
PKG_CONFIG=pkg-config \ PKG_CONFIG=pkg-config \
PATH="$(HOST_GO_ROOT)/openwrt:$$$$PATH" PATH="$(HOST_GO_ROOT)/openwrt:$$$$PATH"
PKG_GO_GCFLAGS= \
$(if $(GO_PKG_ENABLE_SPECTRE),-spectre all)
PKG_GO_ASMFLAGS= \
$(if $(GO_PKG_ENABLE_SPECTRE),-spectre all)
PKG_GO_LDFLAGS= \ PKG_GO_LDFLAGS= \
-buildid '$(SOURCE_DATE_EPOCH)' \ -buildid '$(SOURCE_DATE_EPOCH)' \
-linkmode external \ -linkmode external \
@ -280,6 +290,8 @@ PKG_GO_LDFLAGS= \
# static / not dependent on the build environment # static / not dependent on the build environment
PKG_GO_INSTALL_ARGS= \ PKG_GO_INSTALL_ARGS= \
-ldflags "all=$(PKG_GO_LDFLAGS)" \ -ldflags "all=$(PKG_GO_LDFLAGS)" \
$(if $(PKG_GO_GCFLAGS),-gcflags "all=$(PKG_GO_GCFLAGS)") \
$(if $(PKG_GO_ASMFLAGS),-asmflags "all=$(PKG_GO_ASMFLAGS)") \
$(if $(filter $(GO_PKG_ENABLE_PIE),1),-buildmode pie) $(if $(filter $(GO_PKG_ENABLE_PIE),1),-buildmode pie)
define Build/Compile define Build/Compile