From a7621e9945f9c94f25f27e8e6d11640846ae1e07 Mon Sep 17 00:00:00 2001 From: deraadt Date: Sun, 16 Apr 2023 19:57:01 +0000 Subject: [PATCH] if (actually... when) the compiler is flipped to do BTI/ENDBR by default, the install media would grow too much, so use the same strategy as we for stack protector and other things: disable them, just on the install media ok kettenis --- distrib/special/Makefile.inc | 8 ++++++++ usr.sbin/crunchgen/crunchgen.c | 8 +++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/distrib/special/Makefile.inc b/distrib/special/Makefile.inc index bc3c3ab6a96..99547e82a67 100644 --- a/distrib/special/Makefile.inc +++ b/distrib/special/Makefile.inc @@ -2,6 +2,14 @@ COPTS+=-Oz -fno-stack-protector COPTS+=-fno-unwind-tables -fno-asynchronous-unwind-tables + +.if ${MACHINE} == "amd64" +COPTS+=-fcf-protection=none +.endif +.if ${MACHINE} == "arm64" +COPTS+=-mbranch-protection=none +.endif + MAN= LDSTATIC=-static NOPIE= diff --git a/usr.sbin/crunchgen/crunchgen.c b/usr.sbin/crunchgen/crunchgen.c index 4526290197e..1bb6c30f227 100644 --- a/usr.sbin/crunchgen/crunchgen.c +++ b/usr.sbin/crunchgen/crunchgen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crunchgen.c,v 1.25 2021/11/15 15:14:24 millert Exp $ */ +/* $OpenBSD: crunchgen.c,v 1.26 2023/04/16 19:57:01 deraadt Exp $ */ /* * Copyright (c) 1994 University of Maryland @@ -895,6 +895,12 @@ top_makefile_rules(FILE * outmk) fprintf(outmk, "CFLAGS+=-Oz\n"); fprintf(outmk, "CFLAGS+=-fno-stack-protector\n"); fprintf(outmk, "CFLAGS+=-fno-unwind-tables\n"); + fprintf(outmk, ".if ${MACHINE} == \"amd64\"\n"); + fprintf(outmk, "CFLAGS+=-fcf-protection=none\n"); + fprintf(outmk, ".endif\n"); + fprintf(outmk, ".if ${MACHINE} == \"arm64\"\n"); + fprintf(outmk, "CFLAGS+=-mbranch-protection=none\n"); + fprintf(outmk, ".endif\n"); fprintf(outmk, "CFLAGS+=-fno-asynchronous-unwind-tables\n"); fprintf(outmk, "LDFLAGS+=$(NOPIE_LDFLAGS)\n"); fprintf(outmk, "STRIP?=strip\n"); -- 2.20.1