mk: Add a BTI-report linker feature

Add support for specifying how to report the missing Branch Target
Identification (BTI) linker feature on AArch64.

For:

Kernel:    bti-report on when the linker supports it
Userspace: bti-report on when the linker supports it and
           BTI_REPORT_ERROR is defined

Fixes:	43e8849bc2 ("conf: Enable BTI checking in the arm64 kernel")
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1393
This commit is contained in:
Jose Luis Duran
2024-08-22 03:23:59 +00:00
committed by Andrew Turner
parent 9fdb683d92
commit 973bbdab47
4 changed files with 11 additions and 6 deletions
+1 -1
View File
@@ -99,7 +99,7 @@ LDFLAGS+= -Wl,-zretpolineplt
LDFLAGS.bfd+= -Wl,-znoexecstack LDFLAGS.bfd+= -Wl,-znoexecstack
.if ${MK_BRANCH_PROTECTION} != "no" .if ${MK_BRANCH_PROTECTION} != "no"
CFLAGS+= -mbranch-protection=standard CFLAGS+= -mbranch-protection=standard
.if ${MACHINE_ARCH} == "aarch64" && defined(BTI_REPORT_ERROR) .if ${LINKER_FEATURES:Mbti-report} && defined(BTI_REPORT_ERROR)
LDFLAGS+= -Wl,-zbti-report=error LDFLAGS+= -Wl,-zbti-report=error
.endif .endif
.endif .endif
+8 -3
View File
@@ -11,9 +11,11 @@
# LINKER_FEATURES may contain one or more of the following, based on # LINKER_FEATURES may contain one or more of the following, based on
# linker support for that feature: # linker support for that feature:
# #
# - build-id: support for generating a Build-ID note # - build-id: support for generating a Build-ID note
# - retpoline: support for generating PLT with retpoline speculative # - retpoline: support for generating PLT with retpoline speculative
# execution vulnerability mitigation # execution vulnerability mitigation
# - bti-report: support for specifying how to report the missing
# Branch Target Identification (BTI) property (AArch64)
# #
# LINKER_FREEBSD_VERSION is the linker's internal source version. # LINKER_FREEBSD_VERSION is the linker's internal source version.
# #
@@ -112,6 +114,9 @@ ${X_}LINKER_FEATURES+= retpoline
.if ${${X_}LINKER_TYPE} == "lld" && ${${X_}LINKER_VERSION} >= 90000 .if ${${X_}LINKER_TYPE} == "lld" && ${${X_}LINKER_VERSION} >= 90000
${X_}LINKER_FEATURES+= ifunc-noplt ${X_}LINKER_FEATURES+= ifunc-noplt
.endif .endif
.if ${${X_}LINKER_TYPE} == "lld" && ${${X_}LINKER_VERSION} >= 140000
${X_}LINKER_FEATURES+= bti-report
.endif
.endif .endif
.else .else
# Use LD's values # Use LD's values
+1 -1
View File
@@ -71,7 +71,7 @@ LDFLAGS+= -Wl,-zretpolineplt
LDFLAGS.bfd+= -Wl,-znoexecstack LDFLAGS.bfd+= -Wl,-znoexecstack
.if ${MK_BRANCH_PROTECTION} != "no" .if ${MK_BRANCH_PROTECTION} != "no"
CFLAGS+= -mbranch-protection=standard CFLAGS+= -mbranch-protection=standard
.if ${MACHINE_ARCH} == "aarch64" && defined(BTI_REPORT_ERROR) .if ${LINKER_FEATURES:Mbti-report} && defined(BTI_REPORT_ERROR)
LDFLAGS+= -Wl,-zbti-report=error LDFLAGS+= -Wl,-zbti-report=error
.endif .endif
.endif .endif
+1 -1
View File
@@ -143,7 +143,7 @@ CFLAGS += -mgeneral-regs-only
CFLAGS += -ffixed-x18 CFLAGS += -ffixed-x18
# Build with BTI+PAC # Build with BTI+PAC
CFLAGS += -mbranch-protection=standard CFLAGS += -mbranch-protection=standard
.if ${LINKER_TYPE} == "lld" .if ${LINKER_FEATURES:Mbti-report}
LDFLAGS += -Wl,-zbti-report=error LDFLAGS += -Wl,-zbti-report=error
.endif .endif
# TODO: support outline atomics # TODO: support outline atomics