diff options
author | Mark Brown <broonie@kernel.org> | 2020-05-06 20:51:29 +0100 |
---|---|---|
committer | Will Deacon <will@kernel.org> | 2020-05-07 17:53:20 +0100 |
commit | 92e2294d870bc9e77592c2454f565c3bd6bb79ad (patch) | |
tree | 3ef4d209209f33a0f736b2fd6f1913762a029ef9 /arch | |
parent | 717b938e22f8dbf0c02d51cb8e74634fac9b57ef (diff) | |
download | lwn-92e2294d870bc9e77592c2454f565c3bd6bb79ad.tar.gz lwn-92e2294d870bc9e77592c2454f565c3bd6bb79ad.zip |
arm64: bti: Support building kernel C code using BTI
When running with BTI enabled we need to ask the compiler to enable
generation of BTI landing pads beyond those generated as a result of
pointer authentication instructions being landing pads. Since the two
features are practically speaking unlikely to be used separately we
will make kernel mode BTI depend on pointer authentication in order
to simplify the Makefile.
Signed-off-by: Mark Brown <broonie@kernel.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Link: https://lore.kernel.org/r/20200506195138.22086-3-broonie@kernel.org
Signed-off-by: Will Deacon <will@kernel.org>
Diffstat (limited to 'arch')
-rw-r--r-- | arch/arm64/Makefile | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 921c8ee8552b..4780c86b86af 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -74,7 +74,11 @@ branch-prot-flags-$(CONFIG_CC_HAS_SIGN_RETURN_ADDRESS) := -msign-return-address= # We enable additional protection for leaf functions as there is some # narrow potential for ROP protection benefits and no substantial # performance impact has been observed. +ifeq ($(CONFIG_ARM64_BTI_KERNEL),y) +branch-prot-flags-$(CONFIG_CC_HAS_BRANCH_PROT_PAC_RET_BTI) := -mbranch-protection=pac-ret+leaf+bti +else branch-prot-flags-$(CONFIG_CC_HAS_BRANCH_PROT_PAC_RET) := -mbranch-protection=pac-ret+leaf +endif # -march=armv8.3-a enables the non-nops instructions for PAC, to avoid the # compiler to generate them and consequently to break the single image contract # we pass it only to the assembler. This option is utilized only in case of non |