make.sh: x86_64: Enable CET full

-fcf-protection enables Indirect Branch Tracking, which we have recently
enabled in the kernel. We should enable this in userspace, too.

I could not find out what GCC defaults to without any value, so this
patch is explicitely enabling IBT for function returns, indirect
function calls and indirect jumps.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/make.sh b/make.sh
index 21433aeb8ea9fc5f9343b6430c3d0acd016cb5d7..1d357fb5a3d09f6fc88e6a63a9b6c59d930cf260 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -145,7 +145,7 @@ configure_build() {
                        BUILDTARGET="${build_arch}-pc-linux-gnu"
                        CROSSTARGET="${build_arch}-cross-linux-gnu"
                        BUILD_PLATFORM="x86"
-                       CFLAGS_ARCH="-m64 -mtune=generic -fcf-protection"
+                       CFLAGS_ARCH="-m64 -mtune=generic -fcf-protection=full"
                        ;;
 
                aarch64)