Enable BTI for Linux on Arm targets
Branch protection has already been successfully deployed on Android and
over time more Linux distros are moving to supporting branch hardening,
E.g. Debian.
This CL adds the necessary flags to compile the runtimes with PAC/BTI.
Bug: 40053781
Change-Id: I1b62bab7a86158e2ef3aa2d96b30bb9ac230a4d2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7172496
Reviewed-by: Devon Loehr <[email protected]>
Commit-Queue: Hans Wennborg <[email protected]>
Reviewed-by: Hans Wennborg <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1553022}
NOKEYCHECK=True
GitOrigin-RevId: b885f913cfed22d995cf79149cd02f558f570199
diff --git a/scripts/build.py b/scripts/build.py
index 25bf849..bd6b148 100755
--- a/scripts/build.py
+++ b/scripts/build.py
@@ -1344,6 +1344,11 @@
'CMAKE_SYSROOT=%s' % sysroot_arm64,
# Can't run tests on x86 host.
'LLVM_INCLUDE_TESTS=OFF',
+
+ # Make sure libraries are compiled with PAC/BTI enabled
+ 'CMAKE_C_FLAGS=-mbranch-protection=standard',
+ 'CMAKE_CXX_FLAGS=-mbranch-protection=standard',
+ 'CMAKE_ASM_FLAGS=-mbranch-protection=standard',
],
"profile":
True,
diff --git a/scripts/update.py b/scripts/update.py
index ffc91ea..49851c7 100755
--- a/scripts/update.py
+++ b/scripts/update.py
@@ -40,7 +40,7 @@
# should not be changed manually.
# They are also read by build/config/compiler/BUILD.gn.
CLANG_REVISION = 'llvmorg-22-init-14273-gea10026b'
-CLANG_SUB_REVISION = 2
+CLANG_SUB_REVISION = 3
PACKAGE_VERSION = '%s-%s' % (CLANG_REVISION, CLANG_SUB_REVISION)
RELEASE_VERSION = '22'
