[vlc-commits] configure: enable ARMv8.3 Pointer Authentication

[Rémi Denis-Courmont]

vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Tue Jul  9 22:06:19 2019 +0300| [b33b29cad3467f023a09c26af0e56bf046064b56] | committer: Rémi Denis-Courmont

configure: enable ARMv8.3 Pointer Authentication

If the compiler supports the the dedicated code generation command line
flag, use it to provide return/backward control flow integrity (CFI).

This provides protection against return-oriented programming attacks on
where supported. This has no effects if the processor and/or operating
system do not support the extension, except for adding no-ops in the
generated machine code.

So far the AArch64 assembler code in VLC is only made of leaf functions
which do not not store/load the link register value, so there are no
needs to use the Pointer Authentication instructions manually (at least
not for return-CFI).

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=b33b29cad3467f023a09c26af0e56bf046064b56
---

 configure.ac | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/configure.ac b/configure.ac
index d2459d230a..098d37cb42 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1682,6 +1682,18 @@ asm volatile("ptrue p0.s" ::: "p0");
 ])
 AM_CONDITIONAL([HAVE_SVE], [test "${ac_cv_arm_sve}" = "yes"])
 
+AC_ARG_ENABLE([pointer-auth],
+  AS_HELP_STRING([--disable-pointer-auth],
+    [disable ARMv8.3 Pointer Authentication (default auto)]),, [
+  AS_IF([test "${host_cpu}" = "aarch64"], [enable_ptrauth="yes"] ,[enable_ptrauth="no"])
+])
+AS_IF([test "${enable_ptrauth}" != "no"], [
+  AX_CHECK_COMPILE_FLAG([-msign-return-address=non-leaf], [
+    AX_APPEND_FLAG([-msign-return-address=non-leaf], [CFLAGS])
+    AX_APPEND_FLAG([-msign-return-address=non-leaf], [CXXFLAGS])
+  ])
+])
+
 
 AC_ARG_ENABLE([altivec],
   AS_HELP_STRING([--disable-altivec],