[PATCH] D58102: Support X86 Control-flow Enforcement Technology (CET) in LLD

Xiang Zhang via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Tue Feb 26 17:39:21 PST 2019 

xiangzhangllvm added a comment.

In D58102#1410870 <https://reviews.llvm.org/D58102#1410870>, @ruiu wrote:

> I don't think you added a new command line option. My suggestion was this:
>
> 1. Add a new command line option, say, `--intel-cet` (that's perhaps not the final name of the option, I chose it tentatively to move things forward.)
> 2. If `--intel-cet` is given, verify that each input file contains a .note section with an appropriate bit, and discard .note section after reading it (so we don't merge them or copy them to the output file). If there's a file that doesn't contain a proper .note, report an error and stop.
> 3. When creating an input file, create a .note section with appropriate contents when `--intel-cet` was given.


Hi ruiu:
Yes, I know your suggestion, and I was discussing the option with GCC team, because GCC 9 supports to use lld too, and there is no this kind option in current GNU-ld, I want to let them know this thing.
In fact, The current approach defined in psABI provides the maximum forward and backward binary compatibility so that CET can be enabled in OS piece by piece.  Otherwise, CET OS enabling can
be very hard.

> Specifically, I don't think you should add a new member `X86Feature1AND` to `Config` because with the above scheme you are no longer merging .note section so you don't need to collect bits. `mergeAggregateMetadata` should also be deleted from the patch.
> 
> What do you think?

Using Config->X86Feature1AND to collect the features' flags is nesseary, There are 2 reasons:
1st, --intel-cet is an mandatory option that force all the input files, libs, even kernels to be CETed, this is not sufficient in current state, so the non-mandatory cet scheme will the be a top priority
for a long time.
2nd, There are more than one features in the GNU_PROPERTY_X86_FEATURE_1_AND property, each feature need to "AND" with other
input file's. We need to "calculate" the resulting features of GNU_PROPERTY_X86_FEATURE_1_AND by ourselves before pass them into the output file.

> Can you also rebase your patch so that I can apply your patch cleanly to git head?

sure!
Thank you very much!


Repository:
  rLLD LLVM Linker

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D58102/new/

https://reviews.llvm.org/D58102

More information about the llvm-commits mailing list