From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.9007.1675426280399303353 for ; Fri, 03 Feb 2023 04:11:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RWNRT8n/; spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 00D8F61F0E; Fri, 3 Feb 2023 12:11:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 15DD3C4339C; Fri, 3 Feb 2023 12:11:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1675426279; bh=sFm0PIs+XFUp+7PBT06tQ1aFRznYMwKTVl0WIFOyC+4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RWNRT8n/w33bgtDTFwAxDNqMdACc6aZ5vAsTezPs3RBd+4bhxTIggGB12LOfr2j7T qk4JQsYYb2A9kG4ZJGQm4YqKt2H0ZW2SazXCyiEw8E7MKP1DSoqpdmoFPcNZreX6Py glWjKYwki+g+JXhggFQMnvIM/kJmrdY3mM0iWOuQJyagBusUzxNu0hvFhm1LnkCheP gza429k5MweiDmE5cKa3h40b7mIdzDxpbTURX8Gt+Pq38mPkPkfioK9E3YXVGRCXea R1nv4/78rCAL5Z7ndv/+CkBRRCQVO4Nv8lv75/08iilwgvMlqF8XOoZ+eWwlP5BuLW LvymheJUbCO3Q== From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= Subject: [RFC PATCH v2 7/7] ArmVirtPkg: Implement BTI for runtime regions Date: Fri, 3 Feb 2023 13:10:29 +0100 Message-Id: <20230203121029.2451394-8-ardb@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org> References: <20230203121029.2451394-1-ardb@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Add a build option RUNTIME_BTI_ENABLE, and wire it up to the command line options passed to the compiler to get it to emit BTI landing pads into all modules. Note that runtime DXE modules may incorporate libraries of type BASE, UEFI_DRIVER or DXE_DRIVER, so the only safe option here is to apply the command line option to all types. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirt.dsc.inc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 74d98e6314c4..9cb37f3d46a3 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -10,6 +10,7 @@ =0D [Defines]=0D DEFINE DEBUG_PRINT_ERROR_LEVEL =3D 0x8000004F=0D + DEFINE RUNTIME_BTI_ENABLE =3D FALSE=0D =0D !if $(TARGET) !=3D NOOPT=0D DEFINE FD_SIZE_IN_MB =3D 2=0D @@ -33,6 +34,11 @@ [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_ARM_DLINK_FLAGS =3D -z common-page-size=3D0x1000=0D GCC:*_*_AARCH64_DLINK_FLAGS =3D -z common-page-size=3D0x10000=0D =0D +[BuildOptions]=0D +!if $(RUNTIME_BTI_ENABLE) =3D=3D TRUE=0D + GCC:*_*_AARCH64_CC_FLAGS =3D -mbranch-protection=3Dbti=0D +!endif=0D +=0D [LibraryClasses.common]=0D !if $(TARGET) =3D=3D RELEASE=0D DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf=0D --=20 2.39.1