Merge bitcoin/bitcoin#28459: build: add -mbranch-protection=bti (aarch64) to hardening flags

61a6c3b0e9a8dab5c5f845af4becde817539133c build: add `-mbranch-protection=bti` to aarch64 hardening flags (fanquake)

Pull request description:

  This is a simpler (less hardening) version of https://github.com/bitcoin/bitcoin/pull/24123.

  You can inspect binaries using `readelf -n`, and look for BTI in a `.note.gnu.property`. i.e
  ```bash
  readelf -n src/bitcoin-cli

  Displaying notes found in: .note.gnu.property
    Owner                Data size Description
    GNU                  0x00000010NT_GNU_PROPERTY_TYPE_0
        Properties: AArch64 feature: BTI
  ```

  Related to https://github.com/bitcoin/bitcoin/issues/19075.

ACKs for top commit:
  TheCharlatan:
    utACK 61a6c3b0e9a8dab5c5f845af4becde817539133c

Tree-SHA512: 64504de44e91d853165daf4111dca905d8eb9ef3f4bfb0d447c677b02c9100dbd56f13e6fe6539fb06c2343a094229591ac5d1bd9e184b32b512c0ac3f9bac36
This commit is contained in:
fanquake 2023-10-13 10:49:04 +02:00 committed by pasta
parent af8d12445a
commit f007abd19d
No known key found for this signature in database
GPG Key ID: E2F3D7916E722D38

View File

@ -981,6 +981,11 @@ if test x$use_hardening != xno; then
;;
esac
case $host in
*aarch64*)
AX_CHECK_COMPILE_FLAG([-mbranch-protection=bti], [HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -mbranch-protection=bti"])
;;
esac
dnl When enable_debug is yes, all optimizations are disabled.
dnl However, FORTIFY_SOURCE requires that there is some level of optimization, otherwise it does nothing and just creates a compiler warning.