[all-commits] [llvm/llvm-project] 6fab27: Control-flow Enforcement Technology (CET), publish...

Sun Jan 9 18:50:47 PST 2022

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 6fab2742758197949d7bc624f453e544129709a3
      https://github.com/llvm/llvm-project/commit/6fab2742758197949d7bc624f453e544129709a3
  Author: jinge90 <ge.jin at intel.com>
  Date:   2022-01-10 (Mon, 10 Jan 2022)

  Changed paths:
    M compiler-rt/CMakeLists.txt
    M compiler-rt/cmake/config-ix.cmake
    M compiler-rt/lib/builtins/CMakeLists.txt
    M compiler-rt/lib/builtins/assembly.h
    M compiler-rt/lib/crt/CMakeLists.txt
    M compiler-rt/test/builtins/CMakeLists.txt
    M compiler-rt/test/crt/CMakeLists.txt

  Log Message:
  -----------
  Control-flow Enforcement Technology (CET), published by Intel, introduces
indirect branch tracking(IBT) feature aiming to ensure the target address
of an indirect jump/call is not tampered.
When IBT is enabled, each function or target of any indirect jump/call will start
with an 'endbr32/64' instruction otherwise the program will crash during execution.
To build an application with CET enabled. we need to ensure:

  1. build the source code with "-fcf-protection=full"
  2. all the libraries linked with .o files must be CET enabled too

This patch aims to enable CET for compiler-rt builtins library, we add an option
"COMPILER_RT_ENABLE_CET" whose default value is OFF to enable CET for compiler-rt
in building time and when this option is "ON", "-fcf-protection=full" is added to
BUILTINS_CFLAG and the "endbr32/64" will be placed in the beginning of each assembly
function. We also enabled CET for crtbegin, crtend object files in this patch.

Reviewed by: MaskRay, compnerd, manojgupta, efriedma
Differential Revision: https://reviews.llvm.org/D109811

Signed-off-by: jinge90 <ge.jin at intel.com>