[llvm] r325946 - Because of CVE-2018-6574, some compiler options and linker options are restricted to prevent arbitrary code execution.

Hans Wennborg via llvm-commits llvm-commits at lists.llvm.org
Mon Feb 26 02:06:38 PST 2018 

Merged to 6.0 in r326076.

On Fri, Feb 23, 2018 at 9:12 PM, Eric Christopher via llvm-commits
<llvm-commits at lists.llvm.org> wrote:
> Author: echristo
> Date: Fri Feb 23 12:12:24 2018
> New Revision: 325946
>
> URL: http://llvm.org/viewvc/llvm-project?rev=325946&view=rev
> Log:
> Because of CVE-2018-6574, some compiler options and linker options are restricted to prevent arbitrary code execution.
>
> https://github.com/golang/go/issues/23672
>
> By this change, building a Go code with LLVM Go bindings causes a compilation error as follows.
>
>   go build llvm.org/llvm/bindings/go/llvm: invalid flag in #cgo LDFLAGS: -Wl,-headerpad_max_install_names
>
> llvm-go tool generates cgo LDFLAGS directive from `llvm-config --ldflags` and it contains -Wl,option options. But -Wl,option is banned by default. To avoid this problem, we need to set $CGO_LDFLAGS_ALLOW environment variable to notify a compiler that the flags should be allowed.
>
>   $ export CGO_LDFLAGS_ALLOW='-Wl,(-search_paths_first|-headerpad_max_install_names)'
>
> By default for go 1.10 and go 1.9.5 these options should appear in the accepted set of options, however, if you're running into the error it's useful to have this documented.
>
> Patch by Ryuichi Hayashida
>
> Modified:
>     llvm/trunk/bindings/go/README.txt
>
> Modified: llvm/trunk/bindings/go/README.txt
> URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/bindings/go/README.txt?rev=325946&r1=325945&r2=325946&view=diff
> ==============================================================================
> --- llvm/trunk/bindings/go/README.txt (original)
> +++ llvm/trunk/bindings/go/README.txt Fri Feb 23 12:12:24 2018
> @@ -51,3 +51,11 @@ CGO_CPPFLAGS, CGO_CXXFLAGS and CGO_LDFLA
>      $ export CGO_CXXFLAGS=-std=c++11
>      $ export CGO_LDFLAGS="`/path/to/llvm-build/bin/llvm-config --ldflags --libs --system-libs all`"
>      $ go build -tags byollvm
> +
> +If you see a compilation error while compiling your code with Go 1.9.4 or later as follows,
> +
> +    go build llvm.org/llvm/bindings/go/llvm: invalid flag in #cgo LDFLAGS: -Wl,-headerpad_max_install_names
> +
> +you need to setup $CGO_LDFLAGS_ALLOW to allow a compiler to specify some linker options:
> +
> +    $ export CGO_LDFLAGS_ALLOW='-Wl,(-search_paths_first|-headerpad_max_install_names)'
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits

More information about the llvm-commits mailing list