From f007abd19d882d673575ba22148b49c55ffb5b44 Mon Sep 17 00:00:00 2001 From: fanquake Date: Fri, 13 Oct 2023 10:49:04 +0200 Subject: [PATCH] Merge bitcoin/bitcoin#28459: build: add `-mbranch-protection=bti` (aarch64) to hardening flags 61a6c3b0e9a8dab5c5f845af4becde817539133c build: add `-mbranch-protection=bti` to aarch64 hardening flags (fanquake) Pull request description: This is a simpler (less hardening) version of https://github.com/bitcoin/bitcoin/pull/24123. You can inspect binaries using `readelf -n`, and look for BTI in a `.note.gnu.property`. i.e ```bash readelf -n src/bitcoin-cli Displaying notes found in: .note.gnu.property Owner Data size Description GNU 0x00000010NT_GNU_PROPERTY_TYPE_0 Properties: AArch64 feature: BTI ``` Related to https://github.com/bitcoin/bitcoin/issues/19075. ACKs for top commit: TheCharlatan: utACK 61a6c3b0e9a8dab5c5f845af4becde817539133c Tree-SHA512: 64504de44e91d853165daf4111dca905d8eb9ef3f4bfb0d447c677b02c9100dbd56f13e6fe6539fb06c2343a094229591ac5d1bd9e184b32b512c0ac3f9bac36 --- configure.ac | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configure.ac b/configure.ac index 50441b50fb..f1d37ee5bf 100644 --- a/configure.ac +++ b/configure.ac @@ -981,6 +981,11 @@ if test x$use_hardening != xno; then ;; esac + case $host in + *aarch64*) + AX_CHECK_COMPILE_FLAG([-mbranch-protection=bti], [HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -mbranch-protection=bti"]) + ;; + esac dnl When enable_debug is yes, all optimizations are disabled. dnl However, FORTIFY_SOURCE requires that there is some level of optimization, otherwise it does nothing and just creates a compiler warning.