build: add -mbranch-protection=bti to aarch64 hardening flags

This is a simpler (less hardening) version of #24123. Scoped to aarch64 to avoid unused command line option warnings when building on x86_64. Related to #19075.
2025-01-19 05:45:05 +01:00 · 2021-11-18 14:12:47 +08:00 · 2021-11-18 14:12:47 +08:00 · 61a6c3b0e9
commit 61a6c3b0e9
parent 04265ba937
1 changed files with 5 additions and 0 deletions
--- a/configure.ac
+++ b/configure.ac
@ -964,6 +964,11 @@ if test "$use_hardening" != "no"; then
      ;;
  esac

+  case $host in
+    *aarch64*)
+      AX_CHECK_COMPILE_FLAG([-mbranch-protection=bti], [HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -mbranch-protection=bti"])
+    ;;
+  esac

  dnl When enable_debug is yes, all optimizations are disabled.
  dnl However, FORTIFY_SOURCE requires that there is some level of optimization, otherwise it does nothing and just creates a compiler warning.