build: warn user about Meltdown vulnerability
A fix for this issue is in progress, meanwhile warn the user that
they may be susceptible to this problem if they enable user mode on
an x86-based target that is not known to be immune.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
diff --git a/CMakeLists.txt b/CMakeLists.txt
index fd5f347..926d882 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -912,3 +912,12 @@
removed in version ${CONFIG_BOARD_DEPRECATED}"
)
endif()
+
+if(CONFIG_X86 AND CONFIG_USERSPACE AND NOT CONFIG_X86_NO_MELTDOWN)
+ message(WARNING "
+ WARNING: You have enabled CONFIG_USERSPACE on an x86-based target.
+ If your CPU is vulnerable to the Meltdown CPU bug, security of
+ supervisor-only memory pages is not guaranteed. This version of Zephyr
+ does not contain a fix for this issue."
+)
+endif()
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index b3817b2..1963f59 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -83,6 +83,12 @@
needed for PAE tables is more than twice that of 32-Bit paging
because each PAE entry is 64bits wide.
Note: Do not enable in RAM constrained devices.
+
+config X86_NO_MELTDOWN
+ bool
+ help
+ This hidden option should be set on a per-SOC basis to indicate that
+ a particular SOC is not vulnerable to the Meltdown CPU vulnerability.
endmenu
config X86_ENABLE_TSS
diff --git a/arch/x86/soc/intel_quark/quark_se/Kconfig.defconfig.series b/arch/x86/soc/intel_quark/quark_se/Kconfig.defconfig.series
index c2a602b..cb06d0b 100644
--- a/arch/x86/soc/intel_quark/quark_se/Kconfig.defconfig.series
+++ b/arch/x86/soc/intel_quark/quark_se/Kconfig.defconfig.series
@@ -12,6 +12,9 @@
config X86_IAMCU
def_bool y
+config X86_NO_MELTDOWN
+ def_bool y
+
config TOOLCHAIN_VARIANT
default "iamcu" if X86_IAMCU
default "" if !X86_IAMCU