Add Spectre v2 mitigations for GCC (#54)

2025-02-07 05:17:28 +00:00 · 2018-02-16 19:35:32 +04:00 · 2018-02-16 19:35:32 +04:00 · 017e2f07a7
commit 017e2f07a7
parent 3a923b72a4
1 changed files with 5 additions and 0 deletions
--- a/configure.ac
+++ b/configure.ac
@ -110,6 +110,11 @@ if test "$hardenbuild" -eq 1; then
 	    )
 	# FORTIFY_SOURCE
 	DB_TRYADDCFLAGS([-D_FORTIFY_SOURCE=2])
+
+	# Spectre v2 mitigations
+	DB_TRYADDCFLAGS([-mfunction-return=thunk])
+	DB_TRYADDCFLAGS([-mindirect-branch=thunk])
+
 fi

 # large file support is useful for scp