[clang] [Driver] Enable IBT by default on OpenBSD/am64 (PR #125395)
Brad Smith via cfe-commits
cfe-commits at lists.llvm.org
Sun Feb 2 02:30:44 PST 2025
https://github.com/brad0 updated https://github.com/llvm/llvm-project/pull/125395
>From 904d9b04d07e42f38f2b479882682b5a40f4b90a Mon Sep 17 00:00:00 2001
From: Brad Smith <brad at comstyle.com>
Date: Sun, 2 Feb 2025 05:25:18 -0500
Subject: [PATCH] [Driver] Enable IBT by default on OpenBSD/amd64
---
clang/lib/Driver/ToolChains/Clang.cpp | 6 ++++++
clang/test/Driver/openbsd.c | 5 +++++
2 files changed, 11 insertions(+)
diff --git a/clang/lib/Driver/ToolChains/Clang.cpp b/clang/lib/Driver/ToolChains/Clang.cpp
index 9b5132c5625faa..dcb5b94fd1e0ee 100644
--- a/clang/lib/Driver/ToolChains/Clang.cpp
+++ b/clang/lib/Driver/ToolChains/Clang.cpp
@@ -7054,8 +7054,14 @@ void Clang::ConstructJob(Compilation &C, const JobAction &JA,
if (Arg *SA = Args.getLastArg(options::OPT_mcf_branch_label_scheme_EQ))
CmdArgs.push_back(Args.MakeArgString(Twine("-mcf-branch-label-scheme=") +
SA->getValue()));
+ } else if (Triple.isOSOpenBSD() && Triple.getArch() == llvm::Triple::x86_64) {
+ // Emit IBT endbr64 instructions by default
+ CmdArgs.push_back("-fcf-protection=branch");
+ // jump-table can generate indirect jumps, which are not permitted
+ CmdArgs.push_back("-fno-jump-tables");
}
+
if (Arg *A = Args.getLastArg(options::OPT_mfunction_return_EQ))
CmdArgs.push_back(
Args.MakeArgString(Twine("-mfunction-return=") + A->getValue()));
diff --git a/clang/test/Driver/openbsd.c b/clang/test/Driver/openbsd.c
index 672cd3adf44a69..5485f749a3f94d 100644
--- a/clang/test/Driver/openbsd.c
+++ b/clang/test/Driver/openbsd.c
@@ -136,3 +136,8 @@
// RUN: %clang --target=amd64-unknown-openbsd -flto -### %s 2>&1 \
// RUN: | FileCheck -check-prefix=CHECK-LTO-FLAGS %s
// CHECK-LTO-FLAGS: "-plugin-opt=mcpu=x86-64"
+
+// Check 64-bit X86 for IBT flags
+// RUN: %clang --target=amd64-unknown-openbsd -### -c %s 2>&1 \
+// RUN: | FileCheck -check-prefix=CHECK-AMD64-IBT %s
+// CHECK-AMD64-IBT: "-fcf-protection=branch" "-fno-jump-tables"
More information about the cfe-commits
mailing list