From df48e11d98e73c9c6445194a7166a5be2ee50537 Mon Sep 17 00:00:00 2001
From: Andrew Boie <andrew.p.boie@intel.com>
Date: Fri, 12 Jan 2018 09:54:24 -0800
Subject: [PATCH] build: warn user about Meltdown vulnerability

A fix for this issue is in progress, meanwhile warn the user that
they may be susceptible to this problem if they enable user mode on
an x86-based target that is not known to be immune.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
---
 CMakeLists.txt                                           | 9 +++++++++
 arch/x86/Kconfig                                         | 6 ++++++
 .../soc/intel_quark/quark_se/Kconfig.defconfig.series    | 3 +++
 3 files changed, 18 insertions(+)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index fd5f347630b..926d882c00e 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -912,3 +912,12 @@ if(CONFIG_BOARD_DEPRECATED)
       removed in version ${CONFIG_BOARD_DEPRECATED}"
 )
 endif()
+
+if(CONFIG_X86 AND CONFIG_USERSPACE AND NOT CONFIG_X86_NO_MELTDOWN)
+  message(WARNING "
+      WARNING: You have enabled CONFIG_USERSPACE on an x86-based target.
+      If your CPU is vulnerable to the Meltdown CPU bug, security of
+      supervisor-only memory pages is not guaranteed. This version of Zephyr
+      does not contain a fix for this issue."
+)
+endif()
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index b3817b2af2e..1963f59daf9 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -83,6 +83,12 @@ config X86_PAE_MODE
 	  needed for PAE tables is more than twice that of 32-Bit paging
 	  because each PAE entry is 64bits wide.
 	  Note: Do not enable in RAM constrained devices.
+
+config X86_NO_MELTDOWN
+	bool
+	help
+	  This hidden option should be set on a per-SOC basis to indicate that
+	  a particular SOC is not vulnerable to the Meltdown CPU vulnerability.
 endmenu
 
 config X86_ENABLE_TSS
diff --git a/arch/x86/soc/intel_quark/quark_se/Kconfig.defconfig.series b/arch/x86/soc/intel_quark/quark_se/Kconfig.defconfig.series
index c2a602b6757..cb06d0bb0a2 100644
--- a/arch/x86/soc/intel_quark/quark_se/Kconfig.defconfig.series
+++ b/arch/x86/soc/intel_quark/quark_se/Kconfig.defconfig.series
@@ -12,6 +12,9 @@ config SOC_SERIES
 config X86_IAMCU
 	def_bool y
 
+config X86_NO_MELTDOWN
+	def_bool y
+
 config TOOLCHAIN_VARIANT
 	default "iamcu" if X86_IAMCU
 	default "" if !X86_IAMCU