--- old/make/autoconf/jdk-options.m4	2018-06-08 14:40:37.027835740 -0700
+++ new/make/autoconf/jdk-options.m4	2018-06-08 14:40:36.811835747 -0700
@@ -582,3 +582,69 @@
 
   AC_SUBST(ENABLE_GENERATE_CLASSLIST)
 ])
+
+AC_DEFUN([JDKOPT_SETUP_HARDENED_FLAGS],
+[
+  AC_ARG_ENABLE([hardened-jdk], [AS_HELP_STRING([--enable-hardened-jdk],
+      [enable hardening compiler flags for all jdk libraries (except the JVM),
+      typically disabling speculative cti. @<:@disabled@:>@])])
+
+  HARDENED_JDK="false"
+  AC_MSG_CHECKING([if hardened flags should be used for jdk libraries])
+  if test "x$enable_hardened_jdk" = "xyes"; then
+    AC_MSG_RESULT([yes])
+    HARDENED_JDK="true"
+  elif test "x$enable_hardened_jdk" = "xno"; then
+    AC_MSG_RESULT([no])
+    HARDENED_JDK="false"
+  elif test "x$enable_hardened_jdk" = "x"; then
+    AC_MSG_RESULT([no, default])
+  else
+    AC_MSG_RESULT([no])
+    AC_MSG_ERROR([--enable-hardened-jdk does not take a value])
+  fi
+
+  if test "x$HARDENED_JDK" = "xtrue"; then
+    if test -z "$NO_SPECULATIVE_CTI_CFLAGS"; then
+      AC_MSG_ERROR([Speculative cti mitigations not available, cannot enable hardened jdk])
+    fi
+    CFLAGS_JDKEXE="$CFLAGS_JDKEXE $NO_SPECULATIVE_CTI_CFLAGS"
+    CXXFLAGS_JDKEXE="$CXXFLAGS_JDKEXE $NO_SPECULATIVE_CTI_CFLAGS"
+    CFLAGS_JDKLIB="$CFLAGS_JDKLIB $NO_SPECULATIVE_CTI_CFLAGS"
+    CXXFLAGS_JDKLIB="$CXXFLAGS_JDKLIB $NO_SPECULATIVE_CTI_CFLAGS"
+  fi
+
+  AC_ARG_ENABLE([hardened-hotspot], [AS_HELP_STRING([--enable-hardened-hotspot],
+      [enable hardening compiler flags for hotspot (all jvm variants),
+      typically disabling speculative cti. To make hardening of hotspot a runtime
+      choice, consider the "hardened" jvm variant instead of this option.
+      @<:@disabled@:>@])])
+
+  HARDENED_HOTSPOT="false"
+  AC_MSG_CHECKING([if hardened flags should be used for hotspot])
+  if test "x$enable_hardened_hotspot" = "xyes"; then
+    AC_MSG_RESULT([yes])
+    HARDENED_HOTSPOT="true"
+  elif test "x$enable_hardened_hotspot" = "xno"; then
+    AC_MSG_RESULT([no])
+    HARDENED_HOTSPOT="false"
+  elif test "x$enable_hardened_hotspot" = "x"; then
+    AC_MSG_RESULT([no, default])
+  else
+    AC_MSG_RESULT([no])
+    AC_MSG_ERROR([--enable-hardened-hotspot does not take a value])
+  fi
+
+  if test "x$HARDENED_HOTSPOT" = "xtrue" && HOTSPOT_CHECK_JVM_VARIANT([hardened]); then
+    AC_MSG_ERROR([Cannot enable both hardened hotspot as well as hardened jvm variant])
+  fi
+
+  if test "x$HARDENED_HOTSPOT" = "xtrue" || HOTSPOT_CHECK_JVM_VARIANT([hardened]); then
+    if test -z "$NO_SPECULATIVE_CTI_CFLAGS"; then
+      AC_MSG_ERROR([Speculative cti mitigations not available, cannot enable hardened hotspot])
+    fi
+  fi
+
+  AC_SUBST(HARDENED_JDK)
+  AC_SUBST(HARDENED_HOTSPOT)
+])