VirtualBox

Changeset 100341 in vbox for trunk/Config.kmk


Ignore:
Timestamp:
Jul 2, 2023 10:54:41 PM (20 months ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
158059
Message:

/Config.kmk: Enable cf-protection for branches in the ring-0 modules (.r0) on linux so we can work with kernels that enables IBT. bugref:10406 ticketref:21435

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Config.kmk

    r100276 r100341  
    540540if1of ($(KBUILD_TARGET).$(KBUILD_TARGET_ARCH), darwin.arm64)
    541541 VBOX_WITH_VIRT_ARMV8 = 1
     542endif
     543if1of ($(KBUILD_TARGET).$(KBUILD_TARGET_ARCH), linux.amd64)
     544 ifdef VBOX_WITH_R0_MODULES
     545  # Enable IBT branch protection for the R0 modules.
     546  # (A make warning will be shown if gcc is too old.)
     547  VBOX_WITH_R0_MOD_IBT_BRANCH_PROTECTION = 1
     548 endif
    542549endif
    543550## @}
     
    34333440 # Clang 13.
    34343441        $(QUIET)$(APPEND) '$@' 'VBOX_GCC_Wno-deprecated-copy ?= $(call VBOX_GCC_CHECK_CC,-Wno-deprecated-copy,)'
     3442 ifdef VBOX_WITH_R0_MOD_IBT_BRANCH_PROTECTION
     3443        $(QUIET)$(APPEND) '$@' 'VBOX_GCC_fcf-protection_branch ?= $(call VBOX_GCC_CHECK_CXX,-fcf-protection=branch,)'
     3444        $(QUIET)$(APPEND) '$@' 'VBOX_GCC_fcf-protection_check  ?= $(call VBOX_GCC_CHECK_CXX,-fcf-protection=check)'
     3445 endif
    34353446 ifeq ($(KBUILD_TARGET),solaris)
    34363447        $(QUIET)$(APPEND) '$@' 'VBOX_GCC_msave-args            ?= $(call VBOX_GCC_CHECK_CXX,-msave-args,)'
     
    54155426 TEMPLATE_VBoxR0_DTRACETOOL         = VBoxTpG-Disabled
    54165427endif
     5428ifdef VBOX_WITH_R0_MOD_IBT_BRANCH_PROTECTION
     5429 TEMPLATE_VBoxR0_DEFS              += RT_WITH_IBT_BRANCH_PROTECTION RT_WITH_IBT_BRANCH_PROTECTION_WITHOUT_NOTRACK
     5430endif
    54175431
    54185432ifeq ($(VBOX_LDR_FMT),pe)
     
    55155529  TEMPLATE_VBoxR0_CFLAGS.linux     += -g1
    55165530  TEMPLATE_VBoxR0_CXXFLAGS.linux   += -g1
     5531 endif
     5532 ifdef VBOX_WITH_R0_MOD_IBT_BRANCH_PROTECTION
     5533  TEMPLATE_VBoxR0_CFLAGS          += $(VBOX_GCC_fcf-protection_branch) -fno-jump-tables
     5534  TEMPLATE_VBoxR0_CXXFLAGS        += $(VBOX_GCC_fcf-protection_branch) -fno-jump-tables
     5535  TEMPLATE_VBoxR0_LDFLAGS         += $(VBOX_GCC_fcf-protection_branch) $(VBOX_GCC_fcf-protection_check)
     5536  ifeq ($(VBOX_GCC_fcf-protection_branch),)
     5537   $(warning VBox: VBOX_WITH_R0_MOD_IBT_BRANCH_PROTECTION is set but gcc doesn't support branch protection)
     5538  endif
    55175539 endif
    55185540 ifn1of ($(KBUILD_TARGET), solaris freebsd)
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette