@@ -35304,6 +35304,169 @@ esac
3530435304fi
3530535305
3530635306
35307+ else case e in #(
35308+ e) : ;;
35309+ esac
35310+ fi
35311+
35312+ fi
35313+
35314+ #
35315+ # Check for branch protection against ROP and JOP attacks on
35316+ # AArch64 by using PAC and BTI.
35317+ #
35318+ if test "$host_cpu" = "aarch64"; then
35319+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler accepts -mbranch-protection=standard" >&5
35320+ printf %s "checking whether the C compiler accepts -mbranch-protection=standard... " >&6; }
35321+ if test ${ax_cv_check_cflags___mbranch_protection_standard+y}
35322+ then :
35323+ printf %s "(cached) " >&6
35324+ else case e in #(
35325+ e)
35326+ ax_check_save_flags=$CFLAGS
35327+ if test x"$GCC" = xyes ; then
35328+ add_gnu_werror="-Werror"
35329+ fi
35330+ CFLAGS="$CFLAGS -mbranch-protection=standard $add_gnu_werror"
35331+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
35332+ /* end confdefs.h. */
35333+
35334+ int
35335+ main (void)
35336+ {
35337+
35338+ ;
35339+ return 0;
35340+ }
35341+ _ACEOF
35342+ if ac_fn_c_try_compile "$LINENO"
35343+ then :
35344+ ax_cv_check_cflags___mbranch_protection_standard=yes
35345+ else case e in #(
35346+ e) ax_cv_check_cflags___mbranch_protection_standard=no ;;
35347+ esac
35348+ fi
35349+ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
35350+ CFLAGS=$ax_check_save_flags ;;
35351+ esac
35352+ fi
35353+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mbranch_protection_standard" >&5
35354+ printf "%s\n" "$ax_cv_check_cflags___mbranch_protection_standard" >&6; }
35355+ if test "x$ax_cv_check_cflags___mbranch_protection_standard" = xyes
35356+ then :
35357+
35358+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -mbranch-protection=standard" >&5
35359+ printf %s "checking whether the linker accepts -mbranch-protection=standard... " >&6; }
35360+ if test ${ax_cv_check_ldflags___mbranch_protection_standard+y}
35361+ then :
35362+ printf %s "(cached) " >&6
35363+ else case e in #(
35364+ e)
35365+ ax_check_save_flags=$LDFLAGS
35366+ LDFLAGS="$LDFLAGS -mbranch-protection=standard"
35367+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
35368+ /* end confdefs.h. */
35369+
35370+ int
35371+ main (void)
35372+ {
35373+
35374+ ;
35375+ return 0;
35376+ }
35377+ _ACEOF
35378+ if ac_fn_c_try_link "$LINENO"
35379+ then :
35380+ ax_cv_check_ldflags___mbranch_protection_standard=yes
35381+ else case e in #(
35382+ e) ax_cv_check_ldflags___mbranch_protection_standard=no ;;
35383+ esac
35384+ fi
35385+ rm -f core conftest.err conftest.$ac_objext conftest.beam \
35386+ conftest$ac_exeext conftest.$ac_ext
35387+ LDFLAGS=$ax_check_save_flags ;;
35388+ esac
35389+ fi
35390+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___mbranch_protection_standard" >&5
35391+ printf "%s\n" "$ax_cv_check_ldflags___mbranch_protection_standard" >&6; }
35392+ if test "x$ax_cv_check_ldflags___mbranch_protection_standard" = xyes
35393+ then :
35394+
35395+
35396+ if test ${HARDENING_CFLAGS+y}
35397+ then :
35398+
35399+ case " $HARDENING_CFLAGS " in #(
35400+ *" -mbranch-protection=standard "*) :
35401+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : HARDENING_CFLAGS already contains -mbranch-protection=standard"; } >&5
35402+ (: HARDENING_CFLAGS already contains -mbranch-protection=standard) 2>&5
35403+ ac_status=$?
35404+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
35405+ test $ac_status = 0; } ;; #(
35406+ *) :
35407+
35408+ as_fn_append HARDENING_CFLAGS " -mbranch-protection=standard"
35409+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : HARDENING_CFLAGS=\"\$HARDENING_CFLAGS\""; } >&5
35410+ (: HARDENING_CFLAGS="$HARDENING_CFLAGS") 2>&5
35411+ ac_status=$?
35412+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
35413+ test $ac_status = 0; }
35414+ ;;
35415+ esac
35416+
35417+ else case e in #(
35418+ e)
35419+ HARDENING_CFLAGS=-mbranch-protection=standard
35420+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : HARDENING_CFLAGS=\"\$HARDENING_CFLAGS\""; } >&5
35421+ (: HARDENING_CFLAGS="$HARDENING_CFLAGS") 2>&5
35422+ ac_status=$?
35423+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
35424+ test $ac_status = 0; }
35425+ ;;
35426+ esac
35427+ fi
35428+
35429+
35430+ if test ${HARDENING_LDFLAGS+y}
35431+ then :
35432+
35433+ case " $HARDENING_LDFLAGS " in #(
35434+ *" -Wc,-mbranch-protection=standard "*) :
35435+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : HARDENING_LDFLAGS already contains -Wc,-mbranch-protection=standard"; } >&5
35436+ (: HARDENING_LDFLAGS already contains -Wc,-mbranch-protection=standard) 2>&5
35437+ ac_status=$?
35438+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
35439+ test $ac_status = 0; } ;; #(
35440+ *) :
35441+
35442+ as_fn_append HARDENING_LDFLAGS " -Wc,-mbranch-protection=standard"
35443+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : HARDENING_LDFLAGS=\"\$HARDENING_LDFLAGS\""; } >&5
35444+ (: HARDENING_LDFLAGS="$HARDENING_LDFLAGS") 2>&5
35445+ ac_status=$?
35446+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
35447+ test $ac_status = 0; }
35448+ ;;
35449+ esac
35450+
35451+ else case e in #(
35452+ e)
35453+ HARDENING_LDFLAGS=-Wc,-mbranch-protection=standard
35454+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : HARDENING_LDFLAGS=\"\$HARDENING_LDFLAGS\""; } >&5
35455+ (: HARDENING_LDFLAGS="$HARDENING_LDFLAGS") 2>&5
35456+ ac_status=$?
35457+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
35458+ test $ac_status = 0; }
35459+ ;;
35460+ esac
35461+ fi
35462+
35463+
35464+ else case e in #(
35465+ e) : ;;
35466+ esac
35467+ fi
35468+
35469+
3530735470else case e in #(
3530835471 e) : ;;
3530935472esac
0 commit comments