From 973bbdab47035ebd16200c63d095904924dc44d9 Mon Sep 17 00:00:00 2001 From: Jose Luis Duran Date: Thu, 22 Aug 2024 03:23:59 +0000 Subject: [PATCH] mk: Add a BTI-report linker feature Add support for specifying how to report the missing Branch Target Identification (BTI) linker feature on AArch64. For: Kernel: bti-report on when the linker supports it Userspace: bti-report on when the linker supports it and BTI_REPORT_ERROR is defined Fixes: 43e8849bc294 ("conf: Enable BTI checking in the arm64 kernel") Pull Request: https://github.com/freebsd/freebsd-src/pull/1393 --- share/mk/bsd.lib.mk | 2 +- share/mk/bsd.linker.mk | 11 ++++++++--- share/mk/bsd.prog.mk | 2 +- sys/conf/kern.mk | 2 +- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/share/mk/bsd.lib.mk b/share/mk/bsd.lib.mk index 575b521bea55..6e288b9cd4ce 100644 --- a/share/mk/bsd.lib.mk +++ b/share/mk/bsd.lib.mk @@ -99,7 +99,7 @@ LDFLAGS+= -Wl,-zretpolineplt LDFLAGS.bfd+= -Wl,-znoexecstack .if ${MK_BRANCH_PROTECTION} != "no" CFLAGS+= -mbranch-protection=standard -.if ${MACHINE_ARCH} == "aarch64" && defined(BTI_REPORT_ERROR) +.if ${LINKER_FEATURES:Mbti-report} && defined(BTI_REPORT_ERROR) LDFLAGS+= -Wl,-zbti-report=error .endif .endif diff --git a/share/mk/bsd.linker.mk b/share/mk/bsd.linker.mk index 0e9477284ea3..cceeadd05b94 100644 --- a/share/mk/bsd.linker.mk +++ b/share/mk/bsd.linker.mk @@ -11,9 +11,11 @@ # LINKER_FEATURES may contain one or more of the following, based on # linker support for that feature: # -# - build-id: support for generating a Build-ID note -# - retpoline: support for generating PLT with retpoline speculative -# execution vulnerability mitigation +# - build-id: support for generating a Build-ID note +# - retpoline: support for generating PLT with retpoline speculative +# execution vulnerability mitigation +# - bti-report: support for specifying how to report the missing +# Branch Target Identification (BTI) property (AArch64) # # LINKER_FREEBSD_VERSION is the linker's internal source version. # @@ -112,6 +114,9 @@ ${X_}LINKER_FEATURES+= retpoline .if ${${X_}LINKER_TYPE} == "lld" && ${${X_}LINKER_VERSION} >= 90000 ${X_}LINKER_FEATURES+= ifunc-noplt .endif +.if ${${X_}LINKER_TYPE} == "lld" && ${${X_}LINKER_VERSION} >= 140000 +${X_}LINKER_FEATURES+= bti-report +.endif .endif .else # Use LD's values diff --git a/share/mk/bsd.prog.mk b/share/mk/bsd.prog.mk index 74a653057bda..89534b21d0e7 100644 --- a/share/mk/bsd.prog.mk +++ b/share/mk/bsd.prog.mk @@ -71,7 +71,7 @@ LDFLAGS+= -Wl,-zretpolineplt LDFLAGS.bfd+= -Wl,-znoexecstack .if ${MK_BRANCH_PROTECTION} != "no" CFLAGS+= -mbranch-protection=standard -.if ${MACHINE_ARCH} == "aarch64" && defined(BTI_REPORT_ERROR) +.if ${LINKER_FEATURES:Mbti-report} && defined(BTI_REPORT_ERROR) LDFLAGS+= -Wl,-zbti-report=error .endif .endif diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk index 079bd1173fad..00492584921b 100644 --- a/sys/conf/kern.mk +++ b/sys/conf/kern.mk @@ -143,7 +143,7 @@ CFLAGS += -mgeneral-regs-only CFLAGS += -ffixed-x18 # Build with BTI+PAC CFLAGS += -mbranch-protection=standard -.if ${LINKER_TYPE} == "lld" +.if ${LINKER_FEATURES:Mbti-report} LDFLAGS += -Wl,-zbti-report=error .endif # TODO: support outline atomics