build: warn user about Meltdown vulnerability

A fix for this issue is in progress, meanwhile warn the user that
they may be susceptible to this problem if they enable user mode on
an x86-based target that is not known to be immune.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
diff --git a/CMakeLists.txt b/CMakeLists.txt
index fd5f347..926d882 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -912,3 +912,12 @@
       removed in version ${CONFIG_BOARD_DEPRECATED}"
 )
 endif()
+
+if(CONFIG_X86 AND CONFIG_USERSPACE AND NOT CONFIG_X86_NO_MELTDOWN)
+  message(WARNING "
+      WARNING: You have enabled CONFIG_USERSPACE on an x86-based target.
+      If your CPU is vulnerable to the Meltdown CPU bug, security of
+      supervisor-only memory pages is not guaranteed. This version of Zephyr
+      does not contain a fix for this issue."
+)
+endif()
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index b3817b2..1963f59 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -83,6 +83,12 @@
 	  needed for PAE tables is more than twice that of 32-Bit paging
 	  because each PAE entry is 64bits wide.
 	  Note: Do not enable in RAM constrained devices.
+
+config X86_NO_MELTDOWN
+	bool
+	help
+	  This hidden option should be set on a per-SOC basis to indicate that
+	  a particular SOC is not vulnerable to the Meltdown CPU vulnerability.
 endmenu
 
 config X86_ENABLE_TSS
diff --git a/arch/x86/soc/intel_quark/quark_se/Kconfig.defconfig.series b/arch/x86/soc/intel_quark/quark_se/Kconfig.defconfig.series
index c2a602b..cb06d0b 100644
--- a/arch/x86/soc/intel_quark/quark_se/Kconfig.defconfig.series
+++ b/arch/x86/soc/intel_quark/quark_se/Kconfig.defconfig.series
@@ -12,6 +12,9 @@
 config X86_IAMCU
 	def_bool y
 
+config X86_NO_MELTDOWN
+	def_bool y
+
 config TOOLCHAIN_VARIANT
 	default "iamcu" if X86_IAMCU
 	default "" if !X86_IAMCU