[PATCH] D118355: Add -mmanual-endbr switch to allow manual selection of control-flow protection
Gabriel F. T. Gomes via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Jan 27 05:38:44 PST 2022
gftg created this revision.
gftg added reviewers: xiangzhangllvm, pengfei, erichkeane, joaomoreira.
Herald added subscribers: ormris, dexonsmith, dang, jdoerfert, steven_wu, martong, hiraditya.
Herald added a reviewer: aaron.ballman.
gftg requested review of this revision.
Herald added projects: clang, LLVM.
Herald added subscribers: llvm-commits, cfe-commits.
GCC has plans [1] to add a new switch that enables finer-grained control
of the insertion of CET stuff in generated code. This patch duplicates
their implementation within LLVM, in the hope that it can also be used
by Xen maintainers.
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102953
---8<---
With -fcf-protection=branch, clang automatically adds control-flow
protection to indirect calls and jumps. On X86, this translates to ENDBR
instructions being added to the prologues of functions.
This patch adds a new switch, '-mmanual-endbr', which tells the compiler
that, even though -fcf-protection is in use, functions should not get
the instrumentation automatically. Instead, it allows users to manually
add the new attribute, 'cf_check', to functions that require it.
When -mmanual-endbr is set, llvm refrains from automatically adding
ENDBR instructions to functions' prologues, which would have been
automatically added by -fcf-protection=branch. Although this works
correctly, missing ENDBR instructions where they are actually needed
could lead to broken binaries, which would fail only in running time.
Thus, when the backend detects that a function could be reached from an
indirect jump (e.g. when it has its address taken, or belongs to the
exported set of functions), a diagnostic warning is emitted, which
should help developers find missing occurrences of the 'cf_check'
attribute.
Depends on D118052 <https://reviews.llvm.org/D118052>.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D118355
Files:
clang/include/clang/AST/Type.h
clang/include/clang/AST/TypeProperties.td
clang/include/clang/Basic/Attr.td
clang/include/clang/Basic/AttrDocs.td
clang/include/clang/Basic/CodeGenOptions.def
clang/include/clang/Basic/DiagnosticSemaKinds.td
clang/include/clang/CodeGen/CGFunctionInfo.h
clang/include/clang/Driver/Options.td
clang/lib/AST/ASTContext.cpp
clang/lib/AST/ASTStructuralEquivalence.cpp
clang/lib/AST/TypePrinter.cpp
clang/lib/CodeGen/CGCall.cpp
clang/lib/CodeGen/CodeGenModule.cpp
clang/lib/Driver/ToolChains/Clang.cpp
clang/lib/Frontend/CompilerInvocation.cpp
clang/lib/Sema/SemaDeclAttr.cpp
clang/lib/Sema/SemaType.cpp
clang/lib/Serialization/ASTWriter.cpp
clang/test/CodeGen/X86/x86-mmanual-endbr.c
clang/test/CodeGen/attributes.c
clang/test/Misc/pragma-attribute-supported-attributes-list.test
clang/test/Sema/attr-cf_check.c
clang/test/Sema/attr-cf_check.cpp
clang/test/Sema/cf_check_attr_not_allowed.c
llvm/bindings/go/llvm/ir_test.go
llvm/docs/BitCodeFormat.rst
llvm/docs/LangRef.rst
llvm/include/llvm/AsmParser/LLToken.h
llvm/include/llvm/Bitcode/LLVMBitCodes.h
llvm/include/llvm/IR/Attributes.td
llvm/include/llvm/IR/Function.h
llvm/include/llvm/IR/InstrTypes.h
llvm/lib/AsmParser/LLLexer.cpp
llvm/lib/Bitcode/Reader/BitcodeReader.cpp
llvm/lib/Bitcode/Writer/BitcodeWriter.cpp
llvm/lib/Target/X86/X86ISelLowering.cpp
llvm/lib/Target/X86/X86IndirectBranchTracking.cpp
llvm/lib/Transforms/Utils/CodeExtractor.cpp
llvm/test/CodeGen/X86/cf_check.ll
llvm/test/CodeGen/X86/missing_cf_check.ll
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D118355.403620.patch
Type: text/x-patch
Size: 40738 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20220127/14931736/attachment-0001.bin>
More information about the cfe-commits
mailing list