[clang] [Driver] Enable IBT by default on OpenBSD/amd64 (PR #125395)
Brad Smith via cfe-commits
cfe-commits at lists.llvm.org
Wed Feb 5 23:40:34 PST 2025
https://github.com/brad0 updated https://github.com/llvm/llvm-project/pull/125395
>From bf29a1cd3720b223572184b2d11576e4c382a7d7 Mon Sep 17 00:00:00 2001
From: Brad Smith <brad at comstyle.com>
Date: Sun, 2 Feb 2025 05:25:18 -0500
Subject: [PATCH] [Driver] Enable IBT by default on OpenBSD/amd64
---
clang/lib/Driver/ToolChains/Clang.cpp | 5 +++++
clang/test/Driver/openbsd.c | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/clang/lib/Driver/ToolChains/Clang.cpp b/clang/lib/Driver/ToolChains/Clang.cpp
index 9ca56f5bdf4d814..a0757d71b140c20 100644
--- a/clang/lib/Driver/ToolChains/Clang.cpp
+++ b/clang/lib/Driver/ToolChains/Clang.cpp
@@ -7064,6 +7064,11 @@ void Clang::ConstructJob(Compilation &C, const JobAction &JA,
if (Arg *SA = Args.getLastArg(options::OPT_mcf_branch_label_scheme_EQ))
CmdArgs.push_back(Args.MakeArgString(Twine("-mcf-branch-label-scheme=") +
SA->getValue()));
+ } else if (Triple.isOSOpenBSD() && Triple.getArch() == llvm::Triple::x86_64) {
+ // Emit IBT endbr64 instructions by default
+ CmdArgs.push_back("-fcf-protection=branch");
+ // jump-table can generate indirect jumps, which are not permitted
+ CmdArgs.push_back("-fno-jump-tables");
}
if (Arg *A = Args.getLastArg(options::OPT_mfunction_return_EQ))
diff --git a/clang/test/Driver/openbsd.c b/clang/test/Driver/openbsd.c
index 68c114f063d04cd..6639e9d2d9d677a 100644
--- a/clang/test/Driver/openbsd.c
+++ b/clang/test/Driver/openbsd.c
@@ -141,3 +141,8 @@
// RUN: %clang --target=aarch64-unknown-openbsd -### -c %s 2>&1 \
// RUN: | FileCheck -check-prefix=CHECK-AARCH64-BTI-PAC %s
// CHECK-AARCH64-BTI-PAC: "-msign-return-address=non-leaf" "-msign-return-address-key=a_key" "-mbranch-target-enforce"
+
+// Check 64-bit X86 for IBT flags
+// RUN: %clang --target=amd64-unknown-openbsd -### -c %s 2>&1 \
+// RUN: | FileCheck -check-prefix=CHECK-AMD64-IBT %s
+// CHECK-AMD64-IBT: "-fcf-protection=branch" "-fno-jump-tables"
More information about the cfe-commits
mailing list