build: use `-mbranch-protection=standard` for aarch64-linux (non-guix) (!25919) · Merge requests · bitcoin / bitcoin

Placeholder fanquake requested to merge github/fork/fanquake/mbranch_protection_aarch64_linux_non_guix into master Aug 24, 2022

For this to be enabled, all libs must be compiled with / instrumented with this option. This can be the case for some distros, like Fedora.

-mbranch-protection=x was added to GCC in GCC 9.x (replacing -msign-return-address=x, and added to LLVM clang in 14.0.0.

-z,pac-plt was added to binutils ld in 2.33

Add -z pac-plt for AArch64 to pick PAC enabled PLTs.

LLVMs ld.lld --pac-plt option became -z,pac-plt starting with LLVM 10.

Split from #24123, as these changes shouldn't have to wait for us to fully support using this in our Guix env, before we can make a best-effort to turn these flags on for users who are self-compiling.

build: use `-mbranch-protection=standard` for aarch64-linux (non-guix)

Merge request reports