From 84e6064cde02b463066d7b63fcf8baf392491327 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross@burtonini.com>
Date: Thu, 20 May 2021 18:15:11 +0100
Subject: gcc: enable branch protection by standard

Pass --enable-standard-branch-protection.  This is an aarch64-specific
option (currently) which does nothing on other targets.  On aarch64 this
generates code uses BTI/PAC instructions to mitigate Return Orientated
Programming attacks.  This approach is backwards compatible and the code
size/performance impact is typically negliable.

More details can be found at
https://events.static.linuxfound.org/sites/events/files/slides/slides_23.pdf

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-devtools/gcc/gcc-configure-common.inc | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta')

diff --git a/meta/recipes-devtools/gcc/gcc-configure-common.inc b/meta/recipes-devtools/gcc/gcc-configure-common.inc
index a64c4caf00..dc7f458b25 100644
--- a/meta/recipes-devtools/gcc/gcc-configure-common.inc
+++ b/meta/recipes-devtools/gcc/gcc-configure-common.inc
@@ -40,6 +40,7 @@ EXTRA_OECONF = "\
     ${@get_gcc_mips_plt_setting(bb, d)} \
     ${@get_gcc_ppc_plt_settings(bb, d)} \
     ${@get_gcc_multiarch_setting(bb, d)} \
+	--enable-standard-branch-protection \
 "
 
 # glibc version is a minimum controlling whether features are enabled. 
-- 
cgit 1.2.3-korg