[clang] c4f5463 - [Driver] Enable IBT by default on OpenBSD/amd64 (#125395)
via cfe-commits
cfe-commits at lists.llvm.org
Wed Feb 5 23:41:18 PST 2025
Author: Brad Smith
Date: 2025-02-06T02:41:15-05:00
New Revision: c4f54632105b4dfb7d176c0292064eff3b918d42
URL: https://github.com/llvm/llvm-project/commit/c4f54632105b4dfb7d176c0292064eff3b918d42
DIFF: https://github.com/llvm/llvm-project/commit/c4f54632105b4dfb7d176c0292064eff3b918d42.diff
LOG: [Driver] Enable IBT by default on OpenBSD/amd64 (#125395)
Added:
Modified:
clang/lib/Driver/ToolChains/Clang.cpp
clang/test/Driver/openbsd.c
Removed:
################################################################################
diff --git a/clang/lib/Driver/ToolChains/Clang.cpp b/clang/lib/Driver/ToolChains/Clang.cpp
index 9ca56f5bdf4d81..a0757d71b140c2 100644
--- a/clang/lib/Driver/ToolChains/Clang.cpp
+++ b/clang/lib/Driver/ToolChains/Clang.cpp
@@ -7064,6 +7064,11 @@ void Clang::ConstructJob(Compilation &C, const JobAction &JA,
if (Arg *SA = Args.getLastArg(options::OPT_mcf_branch_label_scheme_EQ))
CmdArgs.push_back(Args.MakeArgString(Twine("-mcf-branch-label-scheme=") +
SA->getValue()));
+ } else if (Triple.isOSOpenBSD() && Triple.getArch() == llvm::Triple::x86_64) {
+ // Emit IBT endbr64 instructions by default
+ CmdArgs.push_back("-fcf-protection=branch");
+ // jump-table can generate indirect jumps, which are not permitted
+ CmdArgs.push_back("-fno-jump-tables");
}
if (Arg *A = Args.getLastArg(options::OPT_mfunction_return_EQ))
diff --git a/clang/test/Driver/openbsd.c b/clang/test/Driver/openbsd.c
index 68c114f063d04c..6639e9d2d9d677 100644
--- a/clang/test/Driver/openbsd.c
+++ b/clang/test/Driver/openbsd.c
@@ -141,3 +141,8 @@
// RUN: %clang --target=aarch64-unknown-openbsd -### -c %s 2>&1 \
// RUN: | FileCheck -check-prefix=CHECK-AARCH64-BTI-PAC %s
// CHECK-AARCH64-BTI-PAC: "-msign-return-address=non-leaf" "-msign-return-address-key=a_key" "-mbranch-target-enforce"
+
+// Check 64-bit X86 for IBT flags
+// RUN: %clang --target=amd64-unknown-openbsd -### -c %s 2>&1 \
+// RUN: | FileCheck -check-prefix=CHECK-AMD64-IBT %s
+// CHECK-AMD64-IBT: "-fcf-protection=branch" "-fno-jump-tables"
More information about the cfe-commits
mailing list