[clang] [Driver] Enable IBT by default on OpenBSD/amd64 (PR #125395)
Brad Smith via cfe-commits
cfe-commits at lists.llvm.org
Sun Feb 2 02:32:10 PST 2025
https://github.com/brad0 updated https://github.com/llvm/llvm-project/pull/125395
>From 0f4a9508206b4918a47fc6bc2659a766206b5d5e Mon Sep 17 00:00:00 2001
From: Brad Smith <brad at comstyle.com>
Date: Sun, 2 Feb 2025 05:25:18 -0500
Subject: [PATCH] [Driver] Enable IBT by default on OpenBSD/amd64
---
clang/lib/Driver/ToolChains/Clang.cpp | 5 +++++
clang/test/Driver/openbsd.c | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/clang/lib/Driver/ToolChains/Clang.cpp b/clang/lib/Driver/ToolChains/Clang.cpp
index 9b5132c5625faa0..c6bbe5ca82ebdbb 100644
--- a/clang/lib/Driver/ToolChains/Clang.cpp
+++ b/clang/lib/Driver/ToolChains/Clang.cpp
@@ -7054,6 +7054,11 @@ void Clang::ConstructJob(Compilation &C, const JobAction &JA,
if (Arg *SA = Args.getLastArg(options::OPT_mcf_branch_label_scheme_EQ))
CmdArgs.push_back(Args.MakeArgString(Twine("-mcf-branch-label-scheme=") +
SA->getValue()));
+ } else if (Triple.isOSOpenBSD() && Triple.getArch() == llvm::Triple::x86_64) {
+ // Emit IBT endbr64 instructions by default
+ CmdArgs.push_back("-fcf-protection=branch");
+ // jump-table can generate indirect jumps, which are not permitted
+ CmdArgs.push_back("-fno-jump-tables");
}
if (Arg *A = Args.getLastArg(options::OPT_mfunction_return_EQ))
diff --git a/clang/test/Driver/openbsd.c b/clang/test/Driver/openbsd.c
index 672cd3adf44a691..5485f749a3f94d2 100644
--- a/clang/test/Driver/openbsd.c
+++ b/clang/test/Driver/openbsd.c
@@ -136,3 +136,8 @@
// RUN: %clang --target=amd64-unknown-openbsd -flto -### %s 2>&1 \
// RUN: | FileCheck -check-prefix=CHECK-LTO-FLAGS %s
// CHECK-LTO-FLAGS: "-plugin-opt=mcpu=x86-64"
+
+// Check 64-bit X86 for IBT flags
+// RUN: %clang --target=amd64-unknown-openbsd -### -c %s 2>&1 \
+// RUN: | FileCheck -check-prefix=CHECK-AMD64-IBT %s
+// CHECK-AMD64-IBT: "-fcf-protection=branch" "-fno-jump-tables"
More information about the cfe-commits
mailing list