configure: enable ARMv8.3 Pointer Authentication

If the compiler supports the the dedicated code generation command line flag, use it to provide return/backward control flow integrity (CFI). This provides protection against return-oriented programming attacks on where supported. This has no effects if the processor and/or operating system do not support the extension, except for adding no-ops in the generated machine code. So far the AArch64 assembler code in VLC is only made of leaf functions which do not not store/load the link register value, so there are no needs to use the Pointer Authentication instructions manually (at least not for return-CFI).
2024-10-07 03:56:28 +02:00 · 2019-07-09 22:06:19 +03:00 · 2019-07-09 22:06:19 +03:00 · b33b29cad3
commit b33b29cad3
parent b7b8cc76c1
1 changed files with 12 additions and 0 deletions
--- a/configure.ac
+++ b/configure.ac
@ -1682,6 +1682,18 @@ asm volatile("ptrue p0.s" ::: "p0");
 ])
 AM_CONDITIONAL([HAVE_SVE], [test "${ac_cv_arm_sve}" = "yes"])

+AC_ARG_ENABLE([pointer-auth],
+  AS_HELP_STRING([--disable-pointer-auth],
+    [disable ARMv8.3 Pointer Authentication (default auto)]),, [
+  AS_IF([test "${host_cpu}" = "aarch64"], [enable_ptrauth="yes"] ,[enable_ptrauth="no"])
+])
+AS_IF([test "${enable_ptrauth}" != "no"], [
+  AX_CHECK_COMPILE_FLAG([-msign-return-address=non-leaf], [
+    AX_APPEND_FLAG([-msign-return-address=non-leaf], [CFLAGS])
+    AX_APPEND_FLAG([-msign-return-address=non-leaf], [CXXFLAGS])
+  ])
+])
+

 AC_ARG_ENABLE([altivec],
  AS_HELP_STRING([--disable-altivec],