aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross@burtonini.com>2021-05-20 18:15:11 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-06-08 12:12:41 +0100
commit84e6064cde02b463066d7b63fcf8baf392491327 (patch)
treed6a436a6aef4fd3bf272aacac180ad9fc610223d
parent0478d9b04d6a6d10e439116b23b641a1e2553e26 (diff)
downloadopenembedded-core-84e6064cde02b463066d7b63fcf8baf392491327.tar.gz
openembedded-core-84e6064cde02b463066d7b63fcf8baf392491327.tar.bz2
openembedded-core-84e6064cde02b463066d7b63fcf8baf392491327.zip
gcc: enable branch protection by standard
Pass --enable-standard-branch-protection. This is an aarch64-specific option (currently) which does nothing on other targets. On aarch64 this generates code uses BTI/PAC instructions to mitigate Return Orientated Programming attacks. This approach is backwards compatible and the code size/performance impact is typically negliable. More details can be found at https://events.static.linuxfound.org/sites/events/files/slides/slides_23.pdf Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/gcc/gcc-configure-common.inc1
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/gcc/gcc-configure-common.inc b/meta/recipes-devtools/gcc/gcc-configure-common.inc
index a64c4caf00..dc7f458b25 100644
--- a/meta/recipes-devtools/gcc/gcc-configure-common.inc
+++ b/meta/recipes-devtools/gcc/gcc-configure-common.inc
@@ -40,6 +40,7 @@ EXTRA_OECONF = "\
${@get_gcc_mips_plt_setting(bb, d)} \
${@get_gcc_ppc_plt_settings(bb, d)} \
${@get_gcc_multiarch_setting(bb, d)} \
+ --enable-standard-branch-protection \
"
# glibc version is a minimum controlling whether features are enabled.