diff --git a/share/mk/bsd.lib.mk b/share/mk/bsd.lib.mk index 575b521bea5..6e288b9cd4c 100644 --- a/share/mk/bsd.lib.mk +++ b/share/mk/bsd.lib.mk @@ -99,7 +99,7 @@ LDFLAGS+= -Wl,-zretpolineplt LDFLAGS.bfd+= -Wl,-znoexecstack .if ${MK_BRANCH_PROTECTION} != "no" CFLAGS+= -mbranch-protection=standard -.if ${MACHINE_ARCH} == "aarch64" && defined(BTI_REPORT_ERROR) +.if ${LINKER_FEATURES:Mbti-report} && defined(BTI_REPORT_ERROR) LDFLAGS+= -Wl,-zbti-report=error .endif .endif diff --git a/share/mk/bsd.linker.mk b/share/mk/bsd.linker.mk index 0e9477284ea..cceeadd05b9 100644 --- a/share/mk/bsd.linker.mk +++ b/share/mk/bsd.linker.mk @@ -11,9 +11,11 @@ # LINKER_FEATURES may contain one or more of the following, based on # linker support for that feature: # -# - build-id: support for generating a Build-ID note -# - retpoline: support for generating PLT with retpoline speculative -# execution vulnerability mitigation +# - build-id: support for generating a Build-ID note +# - retpoline: support for generating PLT with retpoline speculative +# execution vulnerability mitigation +# - bti-report: support for specifying how to report the missing +# Branch Target Identification (BTI) property (AArch64) # # LINKER_FREEBSD_VERSION is the linker's internal source version. # @@ -112,6 +114,9 @@ ${X_}LINKER_FEATURES+= retpoline .if ${${X_}LINKER_TYPE} == "lld" && ${${X_}LINKER_VERSION} >= 90000 ${X_}LINKER_FEATURES+= ifunc-noplt .endif +.if ${${X_}LINKER_TYPE} == "lld" && ${${X_}LINKER_VERSION} >= 140000 +${X_}LINKER_FEATURES+= bti-report +.endif .endif .else # Use LD's values diff --git a/share/mk/bsd.prog.mk b/share/mk/bsd.prog.mk index 74a653057bd..89534b21d0e 100644 --- a/share/mk/bsd.prog.mk +++ b/share/mk/bsd.prog.mk @@ -71,7 +71,7 @@ LDFLAGS+= -Wl,-zretpolineplt LDFLAGS.bfd+= -Wl,-znoexecstack .if ${MK_BRANCH_PROTECTION} != "no" CFLAGS+= -mbranch-protection=standard -.if ${MACHINE_ARCH} == "aarch64" && defined(BTI_REPORT_ERROR) +.if ${LINKER_FEATURES:Mbti-report} && defined(BTI_REPORT_ERROR) LDFLAGS+= -Wl,-zbti-report=error .endif .endif diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk index 079bd1173fa..00492584921 100644 --- a/sys/conf/kern.mk +++ b/sys/conf/kern.mk @@ -143,7 +143,7 @@ CFLAGS += -mgeneral-regs-only CFLAGS += -ffixed-x18 # Build with BTI+PAC CFLAGS += -mbranch-protection=standard -.if ${LINKER_TYPE} == "lld" +.if ${LINKER_FEATURES:Mbti-report} LDFLAGS += -Wl,-zbti-report=error .endif # TODO: support outline atomics