From 1e433915ce684049a6a44fd506f691f448b56c76 Mon Sep 17 00:00:00 2001
From: Joel Sing <joel@sing.id.au>
Date: Wed, 21 Feb 2024 23:29:12 +1100
Subject: cmd/link,debug/elf: mark Go binaries with no branch target CFI on
 openbsd

OpenBSD enables Indirect Branch Tracking (IBT) on amd64 and Branch Target
Identification (BTI) on arm64, where hardware permits. Since Go generated
binaries do not currently support IBT or BTI, temporarily mark them with
PT_OPENBSD_NOBTCFI which prevents branch target CFI from being enforced
on execution. This should be removed as soon asn IBT and BTI support are
available.

Fixes #66040
Updates #66054

Change-Id: I91ac05736e6942c54502bef4b8815eb8740d2d5e
Reviewed-on: https://go-review.googlesource.com/c/go/+/568435
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Josh Rickmar <jrick@zettaport.com>
Reviewed-by: Keith Randall <khr@golang.org>
Run-TryBot: Joel Sing <joel@sing.id.au>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
---
 doc/next/6-stdlib/99-minor/debug/elf/66054.md | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 doc/next/6-stdlib/99-minor/debug/elf/66054.md

(limited to 'doc')

diff --git a/doc/next/6-stdlib/99-minor/debug/elf/66054.md b/doc/next/6-stdlib/99-minor/debug/elf/66054.md
new file mode 100644
index 0000000000..9cf1fa7ad1
--- /dev/null
+++ b/doc/next/6-stdlib/99-minor/debug/elf/66054.md
@@ -0,0 +1,3 @@
+The debug/elf package now defines PT_OPENBSD_NOBTCFI. This elf.ProgType is
+used to disable Branch Tracking Control Flow Integrity (BTCFI) enforcement
+on OpenBSD binaries.
-- 
cgit v1.2.3-54-g00ecf