mk: Add a BTI-report linker feature
Add support for specifying how to report the missing Branch Target
Identification (BTI) linker feature on AArch64.
For:
Kernel: bti-report on when the linker supports it
Userspace: bti-report on when the linker supports it and
BTI_REPORT_ERROR is defined
Fixes: 43e8849bc2 ("conf: Enable BTI checking in the arm64 kernel")
Pull Request: https://github.com/freebsd/freebsd-src/pull/1393
This commit is contained in:
committed by
Andrew Turner
parent
9fdb683d92
commit
973bbdab47
+1
-1
@@ -99,7 +99,7 @@ LDFLAGS+= -Wl,-zretpolineplt
|
|||||||
LDFLAGS.bfd+= -Wl,-znoexecstack
|
LDFLAGS.bfd+= -Wl,-znoexecstack
|
||||||
.if ${MK_BRANCH_PROTECTION} != "no"
|
.if ${MK_BRANCH_PROTECTION} != "no"
|
||||||
CFLAGS+= -mbranch-protection=standard
|
CFLAGS+= -mbranch-protection=standard
|
||||||
.if ${MACHINE_ARCH} == "aarch64" && defined(BTI_REPORT_ERROR)
|
.if ${LINKER_FEATURES:Mbti-report} && defined(BTI_REPORT_ERROR)
|
||||||
LDFLAGS+= -Wl,-zbti-report=error
|
LDFLAGS+= -Wl,-zbti-report=error
|
||||||
.endif
|
.endif
|
||||||
.endif
|
.endif
|
||||||
|
|||||||
@@ -11,9 +11,11 @@
|
|||||||
# LINKER_FEATURES may contain one or more of the following, based on
|
# LINKER_FEATURES may contain one or more of the following, based on
|
||||||
# linker support for that feature:
|
# linker support for that feature:
|
||||||
#
|
#
|
||||||
# - build-id: support for generating a Build-ID note
|
# - build-id: support for generating a Build-ID note
|
||||||
# - retpoline: support for generating PLT with retpoline speculative
|
# - retpoline: support for generating PLT with retpoline speculative
|
||||||
# execution vulnerability mitigation
|
# execution vulnerability mitigation
|
||||||
|
# - bti-report: support for specifying how to report the missing
|
||||||
|
# Branch Target Identification (BTI) property (AArch64)
|
||||||
#
|
#
|
||||||
# LINKER_FREEBSD_VERSION is the linker's internal source version.
|
# LINKER_FREEBSD_VERSION is the linker's internal source version.
|
||||||
#
|
#
|
||||||
@@ -112,6 +114,9 @@ ${X_}LINKER_FEATURES+= retpoline
|
|||||||
.if ${${X_}LINKER_TYPE} == "lld" && ${${X_}LINKER_VERSION} >= 90000
|
.if ${${X_}LINKER_TYPE} == "lld" && ${${X_}LINKER_VERSION} >= 90000
|
||||||
${X_}LINKER_FEATURES+= ifunc-noplt
|
${X_}LINKER_FEATURES+= ifunc-noplt
|
||||||
.endif
|
.endif
|
||||||
|
.if ${${X_}LINKER_TYPE} == "lld" && ${${X_}LINKER_VERSION} >= 140000
|
||||||
|
${X_}LINKER_FEATURES+= bti-report
|
||||||
|
.endif
|
||||||
.endif
|
.endif
|
||||||
.else
|
.else
|
||||||
# Use LD's values
|
# Use LD's values
|
||||||
|
|||||||
@@ -71,7 +71,7 @@ LDFLAGS+= -Wl,-zretpolineplt
|
|||||||
LDFLAGS.bfd+= -Wl,-znoexecstack
|
LDFLAGS.bfd+= -Wl,-znoexecstack
|
||||||
.if ${MK_BRANCH_PROTECTION} != "no"
|
.if ${MK_BRANCH_PROTECTION} != "no"
|
||||||
CFLAGS+= -mbranch-protection=standard
|
CFLAGS+= -mbranch-protection=standard
|
||||||
.if ${MACHINE_ARCH} == "aarch64" && defined(BTI_REPORT_ERROR)
|
.if ${LINKER_FEATURES:Mbti-report} && defined(BTI_REPORT_ERROR)
|
||||||
LDFLAGS+= -Wl,-zbti-report=error
|
LDFLAGS+= -Wl,-zbti-report=error
|
||||||
.endif
|
.endif
|
||||||
.endif
|
.endif
|
||||||
|
|||||||
+1
-1
@@ -143,7 +143,7 @@ CFLAGS += -mgeneral-regs-only
|
|||||||
CFLAGS += -ffixed-x18
|
CFLAGS += -ffixed-x18
|
||||||
# Build with BTI+PAC
|
# Build with BTI+PAC
|
||||||
CFLAGS += -mbranch-protection=standard
|
CFLAGS += -mbranch-protection=standard
|
||||||
.if ${LINKER_TYPE} == "lld"
|
.if ${LINKER_FEATURES:Mbti-report}
|
||||||
LDFLAGS += -Wl,-zbti-report=error
|
LDFLAGS += -Wl,-zbti-report=error
|
||||||
.endif
|
.endif
|
||||||
# TODO: support outline atomics
|
# TODO: support outline atomics
|
||||||
|
|||||||
Reference in New Issue
Block a user