]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 0478d9b)
gcc: enable branch protection by standard
authorRoss Burton <ross@burtonini.com>
Thu, 20 May 2021 17:15:11 +0000 (18:15 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 8 Jun 2021 11:12:41 +0000 (12:12 +0100)
Pass --enable-standard-branch-protection.  This is an aarch64-specific
option (currently) which does nothing on other targets.  On aarch64 this
generates code uses BTI/PAC instructions to mitigate Return Orientated
Programming attacks.  This approach is backwards compatible and the code
size/performance impact is typically negliable.

More details can be found at
https://events.static.linuxfound.org/sites/events/files/slides/slides_23.pdf

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/gcc/gcc-configure-common.inc patch | blob | history

diff --git a/meta/recipes-devtools/gcc/gcc-configure-common.inc b/meta/recipes-devtools/gcc/gcc-configure-common.inc
index a64c4caf0010349eb062fb52e8443b02fc670974..dc7f458b255f3c2d9d727e657cd6ba362ece2e4c 100644 (file)
--- a/meta/recipes-devtools/gcc/gcc-configure-common.inc
+++ b/meta/recipes-devtools/gcc/gcc-configure-common.inc
@@ -40,6 +40,7 @@ EXTRA_OECONF = "\
     ${@get_gcc_mips_plt_setting(bb, d)} \
     ${@get_gcc_ppc_plt_settings(bb, d)} \
     ${@get_gcc_multiarch_setting(bb, d)} \
+       --enable-standard-branch-protection \
 "
 
 # glibc version is a minimum controlling whether features are enabled. 
Mirror of the official openembedded-core repository