[PATCH] D58102: Support X86 Control-flow Enforcement Technology (CET) in LLD
Xiang Zhang via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri Mar 1 00:43:22 PST 2019
xiangzhangllvm added a comment.
In D58102#1412351 <https://reviews.llvm.org/D58102#1412351>, @ruiu wrote:
> is given, verify that each input file contains a .note section with an appropriate bit, and discard .note section after reading it (so we don't merge them or copy them to the output file). If there's a file that doesn't contain a proper .note, report an error and stop.
>
> >> 3. When creating an input file, create a .note section with appropriate contents when `--intel-cet` was given. Specifically, I don't think you should add a new member `X86Feature1AND` to `Config` because with the above scheme you are no longer merging .note section so you don't need to collect bits. `mergeAggregateMetadata` should also be deleted from the patch. What do you think?
Hi, Sorry ruiu, I don't much understand your idea, may I ask you some questions?
Just check each file contains .note.gnu.property or not? If so, how to deal with the appropriate bits from different files' sections? If we didn't deal with these appropriate bits, what the resulting context will put into the outfile's .note.gnu.property? For example, if a file
contain IBT and SHSTK bits, and another file just contain SHSTK bit, what the resulting bits will be in outfile if we did not deal with it (Now we do this thing in mergeAggregateMetadata).
As I know, lld will just treats the .note.gnu.proterty section as notes, and just concatenates all the .note.gnu.proterty sections together.
>> This will not work because it makes it impossible to roll out CET support in a distribution incrementally. Each time a library is CET-enabled (because all its assembler files are properly annotated), all reverse dependencies would have to be patched and their build systems changed to pass a new flag to the linker.
> You made a good point: lld actually uses only the command line flag to enable non-executable stack flag for the same reason.
I think you mis-understand fweimer's idea, I think he want to say we can't use option to force enable CET, and it will very trouble if we let a library CETed.
Repository:
rLLD LLVM Linker
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D58102/new/
https://reviews.llvm.org/D58102
More information about the llvm-commits
mailing list