git: 3f386ea741ca - stable/15 - vmm/arm64: Compile vmm_nvhe.c without SSP

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Mon, 15 Jun 2026 19:15:06 UTC 
The branch stable/15 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=3f386ea741caee329100b37cd5323dd478a35f64

commit 3f386ea741caee329100b37cd5323dd478a35f64
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2026-05-22 16:10:04 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2026-06-15 19:14:50 +0000

    vmm/arm64: Compile vmm_nvhe.c without SSP
    
    This file implements a set of EL2 hypercall handlers and is used to
    switch between guests and the host kernel when VHE is not in use.  There
    is no SSP runtime available there.
    
    Reported by:    Jenkins
    Fixes:          8deebce931fa ("kernel: Enable -fstack-protector-strong by default")
    
    (cherry picked from commit bed77cf7c213c3f93a0dc099e4b46c078495a328)
---
 sys/conf/files.arm64     | 2 +-
 sys/modules/vmm/Makefile | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/conf/files.arm64 b/sys/conf/files.arm64
index 1f3a072fefdb..8db00084e651 100644
--- a/sys/conf/files.arm64
+++ b/sys/conf/files.arm64
@@ -134,7 +134,7 @@ arm64/vmm/vmm_nvhe_exception.S			optional vmm		\
 	no-obj
 arm64/vmm/vmm_nvhe.c				optional vmm		\
 	dependency	"$S/arm64/vmm/vmm_hyp.c"			\
-	compile-with "${NOSAN_C} -fpie"					\
+	compile-with "${NOSAN_C:N-fstack-protector*} -fpie"		\
 	no-obj
 vmm_hyp_blob.elf.full				optional vmm		\
 	dependency	"vmm_nvhe.o vmm_nvhe_exception.o"			\
diff --git a/sys/modules/vmm/Makefile b/sys/modules/vmm/Makefile
index dcb401d2026d..4084822c4f43 100644
--- a/sys/modules/vmm/Makefile
+++ b/sys/modules/vmm/Makefile
@@ -52,7 +52,7 @@ vmm_nvhe_exception.o: vmm_nvhe_exception.S vmm_hyp_exception.S
 	    ${NOSAN_CFLAGS:N-mbranch-protection*} ${.IMPSRC} -o ${.TARGET} -fpie
 
 vmm_nvhe.o: vmm_nvhe.c vmm_hyp.c
-	${CC} -c ${NOSAN_CFLAGS:N-mbranch-protection*} ${.IMPSRC} \
+	${CC} -c ${NOSAN_CFLAGS:N-mbranch-protection*:N-fstack-protector*} ${.IMPSRC} \
 	    -o ${.TARGET} -fpie
 
 vmm_hyp_blob.elf.full:	vmm_nvhe_exception.o vmm_nvhe.o