-fcf-protection enables Indirect Branch Tracking, which we have recently
enabled in the kernel. We should enable this in userspace, too.
I could not find out what GCC defaults to without any value, so this
patch is explicitely enabling IBT for function returns, indirect
function calls and indirect jumps.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
BUILDTARGET="${build_arch}-pc-linux-gnu"
CROSSTARGET="${build_arch}-cross-linux-gnu"
BUILD_PLATFORM="x86"
- CFLAGS_ARCH="-m64 -mtune=generic -fcf-protection"
+ CFLAGS_ARCH="-m64 -mtune=generic -fcf-protection=full"
;;
aarch64)