gcc: enable branch protection by standard

Pass --enable-standard-branch-protection. This is an aarch64-specific option (currently) which does nothing on other targets. On aarch64 this generates code uses BTI/PAC instructions to mitigate Return Orientated Programming attacks. This approach is backwards compatible and the code size/performance impact is typically negliable. More details can be found at https://events.static.linuxfound.org/sites/events/files/slides/slides_23.pdf (From OE-Core rev: 84e6064cde02b463066d7b63fcf8baf392491327) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross@burtonini.com> 2021-05-20 18:15:11 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-06-08 12:25:20 +0100
commit: 5d8d24d5b72628f331e930b32c649c232548b2f7 (patch)
tree: beb0de42fa3518fb097970d2abfd7c30527c7cfa /meta/recipes-devtools/gcc/gcc-configure-common.inc
parent: b6ae985da0674aeca3686a057698f704e7cdc1db (diff)
download: poky-5d8d24d5b72628f331e930b32c649c232548b2f7.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/gcc/gcc-configure-common.inc b/meta/recipes-devtools/gcc/gcc-configure-common.inc
index a64c4caf00..dc7f458b25 100644
--- a/meta/recipes-devtools/gcc/gcc-configure-common.inc
+++ b/meta/recipes-devtools/gcc/gcc-configure-common.inc
@@ -40,6 +40,7 @@ EXTRA_OECONF = "\
    ${@get_gcc_mips_plt_setting(bb, d)} \
    ${@get_gcc_ppc_plt_settings(bb, d)} \
    ${@get_gcc_multiarch_setting(bb, d)} \
+        --enable-standard-branch-protection \
 "
 # glibc version is a minimum controlling whether features are enabled.
author	Ross Burton <ross@burtonini.com>	2021-05-20 18:15:11 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-06-08 12:25:20 +0100
commit	5d8d24d5b72628f331e930b32c649c232548b2f7 (patch)
tree	beb0de42fa3518fb097970d2abfd7c30527c7cfa /meta/recipes-devtools/gcc/gcc-configure-common.inc
parent	b6ae985da0674aeca3686a057698f704e7cdc1db (diff)
download	poky-5d8d24d5b72628f331e930b32c649c232548b2f7.tar.gz

diff --git a/meta/recipes-devtools/gcc/gcc-configure-common.inc b/meta/recipes-devtools/gcc/gcc-configure-common.inc index a64c4caf00..dc7f458b25 100644 --- a/meta/recipes-devtools/gcc/gcc-configure-common.inc +++ b/meta/recipes-devtools/gcc/gcc-configure-common.inc
@@ -40,6 +40,7 @@ EXTRA_OECONF = "\
40	${@get_gcc_mips_plt_setting(bb, d)} \	40	${@get_gcc_mips_plt_setting(bb, d)} \
41	${@get_gcc_ppc_plt_settings(bb, d)} \	41	${@get_gcc_ppc_plt_settings(bb, d)} \
42	${@get_gcc_multiarch_setting(bb, d)} \	42	${@get_gcc_multiarch_setting(bb, d)} \
		43	--enable-standard-branch-protection \
43	"	44	"
44		45
45	# glibc version is a minimum controlling whether features are enabled.	46	# glibc version is a minimum controlling whether features are enabled.