Add kernel retpoline option for amd64

Retpoline is a compiler-based mitigation for CVE-2017-5715, also known
as Spectre V2, that protects against speculative execution branch target
injection attacks.

In this commit it is disabled by default, but will be changed in a
followup commit.

Reviewed by:	bdrewery (previous version)
MFC after:	3 days
Security:	CVE-2017-5715
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14242

sys/conf/kern.mk

@@ -203,7 +203,7 @@ CFLAGS+=	-ffreestanding
 # gcc and clang opimizers take advantage of this.  The kernel makes
 # use of signed integer wraparound mechanics so we need the compiler
 # to treat it as a wraparound and not take shortcuts.
-# 
+#
 CFLAGS+=	-fwrapv
 
 #
@@ -214,6 +214,14 @@ CFLAGS+=	-fwrapv
 CFLAGS+=	-fstack-protector
 .endif
 
+#
+# Retpoline speculative execution vulnerability mitigation (CVE-2017-5715)
+#
+.if defined(COMPILER_FEATURES) && ${COMPILER_FEATURES:Mretpoline} != "" && \
+    ${MK_KERNEL_RETPOLINE} != "no"
+CFLAGS+=	-mretpoline
+.endif
+
 #
 # Add -gdwarf-2 when compiling -g. The default starting in clang v3.4
 # and gcc 4.8 is to generate DWARF version 4. However, our tools don't

sys/conf/kern.opts.mk

@@ -47,6 +47,7 @@ __DEFAULT_YES_OPTIONS = \
 
 __DEFAULT_NO_OPTIONS = \
     EXTRA_TCP_STACKS \
+    KERNEL_RETPOLINE \
     NAND \
     OFED \
     RATELIMIT \
@@ -85,6 +86,11 @@ BROKEN_OPTIONS+= FORMAT_EXTENSIONS
 BROKEN_OPTIONS+= OFED
 .endif
 
+# Things that don't work based on toolchain support.
+.if ${MACHINE} != "amd64"
+BROKEN_OPTIONS+= KERNEL_RETPOLINE
+.endif
+
 # expanded inline from bsd.mkopt.mk to avoid share/mk dependency
 
 # Those that default to yes

tools/build/options/WITHOUT_KERNEL_RETPOLINE

@@ -0,0 +1,3 @@
+.\" $FreeBSD$
+Set to disable the "retpoline" mitigation for CVE-2017-5715 in the kernel
+build.

tools/build/options/WITH_KERNEL_RETPOLINE

@@ -0,0 +1,3 @@
+.\" $FreeBSD$
+Set to enable the "retpoline" mitigation for CVE-2017-5715 in the kernel
+build.