[llvm-branch-commits] [clang] [PAC][Driver] Support ptrauth flags only on AArch64 Linux and ARM64 Darwin (PR #113152)
Daniil Kovalev via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Tue Nov 19 09:54:29 PST 2024
https://github.com/kovdan01 updated https://github.com/llvm/llvm-project/pull/113152
>From e610387c4f870518d9a06035cce1ce72a9fee32b Mon Sep 17 00:00:00 2001
From: Daniil Kovalev <dkovalev at accesssoftek.com>
Date: Mon, 21 Oct 2024 12:18:56 +0300
Subject: [PATCH] [PAC][Driver] Support ptrauth flags only on ARM64 Darwin
Most ptrauth flags are ABI-affecting, so they should not be exposed to
end users. Under certain conditions, some ptrauth driver flags are intended
to be used for ARM64 Darwin, so allow them in this case.
Leave `-faarch64-jump-table-hardening` available for all AArch64 targets
since it's not ABI-affecting.
---
clang/lib/Driver/ToolChains/Clang.cpp | 28 --------
clang/lib/Driver/ToolChains/Darwin.cpp | 37 +++++++++++
clang/lib/Driver/ToolChains/Linux.cpp | 53 +++------------
clang/test/Driver/aarch64-ptrauth.c | 91 +++++++++++++-------------
4 files changed, 93 insertions(+), 116 deletions(-)
diff --git a/clang/lib/Driver/ToolChains/Clang.cpp b/clang/lib/Driver/ToolChains/Clang.cpp
index 93937da53a98f6..ea2e5d803e6543 100644
--- a/clang/lib/Driver/ToolChains/Clang.cpp
+++ b/clang/lib/Driver/ToolChains/Clang.cpp
@@ -1807,34 +1807,6 @@ void Clang::AddAArch64TargetArgs(const ArgList &Args,
AddUnalignedAccessWarning(CmdArgs);
- Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_intrinsics,
- options::OPT_fno_ptrauth_intrinsics);
- Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_calls,
- options::OPT_fno_ptrauth_calls);
- Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_returns,
- options::OPT_fno_ptrauth_returns);
- Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_auth_traps,
- options::OPT_fno_ptrauth_auth_traps);
- Args.addOptInFlag(
- CmdArgs, options::OPT_fptrauth_vtable_pointer_address_discrimination,
- options::OPT_fno_ptrauth_vtable_pointer_address_discrimination);
- Args.addOptInFlag(
- CmdArgs, options::OPT_fptrauth_vtable_pointer_type_discrimination,
- options::OPT_fno_ptrauth_vtable_pointer_type_discrimination);
- Args.addOptInFlag(
- CmdArgs, options::OPT_fptrauth_type_info_vtable_pointer_discrimination,
- options::OPT_fno_ptrauth_type_info_vtable_pointer_discrimination);
- Args.addOptInFlag(
- CmdArgs, options::OPT_fptrauth_function_pointer_type_discrimination,
- options::OPT_fno_ptrauth_function_pointer_type_discrimination);
-
- Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_indirect_gotos,
- options::OPT_fno_ptrauth_indirect_gotos);
- Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_init_fini,
- options::OPT_fno_ptrauth_init_fini);
- Args.addOptInFlag(CmdArgs,
- options::OPT_fptrauth_init_fini_address_discrimination,
- options::OPT_fno_ptrauth_init_fini_address_discrimination);
Args.addOptInFlag(CmdArgs, options::OPT_faarch64_jump_table_hardening,
options::OPT_fno_aarch64_jump_table_hardening);
}
diff --git a/clang/lib/Driver/ToolChains/Darwin.cpp b/clang/lib/Driver/ToolChains/Darwin.cpp
index 87380869f6fdab..b3d6eec664f6c0 100644
--- a/clang/lib/Driver/ToolChains/Darwin.cpp
+++ b/clang/lib/Driver/ToolChains/Darwin.cpp
@@ -3061,6 +3061,40 @@ bool Darwin::isSizedDeallocationUnavailable() const {
return TargetVersion < sizedDeallocMinVersion(OS);
}
+static void addPointerAuthFlags(const llvm::opt::ArgList &DriverArgs,
+ llvm::opt::ArgStringList &CC1Args) {
+ DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_intrinsics,
+ options::OPT_fno_ptrauth_intrinsics);
+
+ DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_calls,
+ options::OPT_fno_ptrauth_calls);
+
+ DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_returns,
+ options::OPT_fno_ptrauth_returns);
+
+ DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_auth_traps,
+ options::OPT_fno_ptrauth_auth_traps);
+
+ DriverArgs.addOptInFlag(
+ CC1Args, options::OPT_fptrauth_vtable_pointer_address_discrimination,
+ options::OPT_fno_ptrauth_vtable_pointer_address_discrimination);
+
+ DriverArgs.addOptInFlag(
+ CC1Args, options::OPT_fptrauth_vtable_pointer_type_discrimination,
+ options::OPT_fno_ptrauth_vtable_pointer_type_discrimination);
+
+ DriverArgs.addOptInFlag(
+ CC1Args, options::OPT_fptrauth_type_info_vtable_pointer_discrimination,
+ options::OPT_fno_ptrauth_type_info_vtable_pointer_discrimination);
+
+ DriverArgs.addOptInFlag(
+ CC1Args, options::OPT_fptrauth_function_pointer_type_discrimination,
+ options::OPT_fno_ptrauth_function_pointer_type_discrimination);
+
+ DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_indirect_gotos,
+ options::OPT_fno_ptrauth_indirect_gotos);
+}
+
void Darwin::addClangTargetOptions(
const llvm::opt::ArgList &DriverArgs, llvm::opt::ArgStringList &CC1Args,
Action::OffloadKind DeviceOffloadKind) const {
@@ -3137,6 +3171,9 @@ void Darwin::addClangTargetOptions(
if (!RequiresSubdirectorySearch)
CC1Args.push_back("-fno-modulemap-allow-subdirectory-search");
}
+
+ if (getTriple().isAArch64())
+ addPointerAuthFlags(DriverArgs, CC1Args);
}
void Darwin::addClangCC1ASTargetOptions(
diff --git a/clang/lib/Driver/ToolChains/Linux.cpp b/clang/lib/Driver/ToolChains/Linux.cpp
index ae5abf44fb5566..d8e43dca721e0c 100644
--- a/clang/lib/Driver/ToolChains/Linux.cpp
+++ b/clang/lib/Driver/ToolChains/Linux.cpp
@@ -476,49 +476,16 @@ std::string Linux::ComputeEffectiveClangTriple(const llvm::opt::ArgList &Args,
// options represent the default signing schema.
static void handlePAuthABI(const Driver &D, const ArgList &DriverArgs,
ArgStringList &CC1Args) {
- if (!DriverArgs.hasArg(options::OPT_fptrauth_intrinsics,
- options::OPT_fno_ptrauth_intrinsics))
- CC1Args.push_back("-fptrauth-intrinsics");
-
- if (!DriverArgs.hasArg(options::OPT_fptrauth_calls,
- options::OPT_fno_ptrauth_calls))
- CC1Args.push_back("-fptrauth-calls");
-
- if (!DriverArgs.hasArg(options::OPT_fptrauth_returns,
- options::OPT_fno_ptrauth_returns))
- CC1Args.push_back("-fptrauth-returns");
-
- if (!DriverArgs.hasArg(options::OPT_fptrauth_auth_traps,
- options::OPT_fno_ptrauth_auth_traps))
- CC1Args.push_back("-fptrauth-auth-traps");
-
- if (!DriverArgs.hasArg(
- options::OPT_fptrauth_vtable_pointer_address_discrimination,
- options::OPT_fno_ptrauth_vtable_pointer_address_discrimination))
- CC1Args.push_back("-fptrauth-vtable-pointer-address-discrimination");
-
- if (!DriverArgs.hasArg(
- options::OPT_fptrauth_vtable_pointer_type_discrimination,
- options::OPT_fno_ptrauth_vtable_pointer_type_discrimination))
- CC1Args.push_back("-fptrauth-vtable-pointer-type-discrimination");
-
- if (!DriverArgs.hasArg(
- options::OPT_fptrauth_type_info_vtable_pointer_discrimination,
- options::OPT_fno_ptrauth_type_info_vtable_pointer_discrimination))
- CC1Args.push_back("-fptrauth-type-info-vtable-pointer-discrimination");
-
- if (!DriverArgs.hasArg(options::OPT_fptrauth_indirect_gotos,
- options::OPT_fno_ptrauth_indirect_gotos))
- CC1Args.push_back("-fptrauth-indirect-gotos");
-
- if (!DriverArgs.hasArg(options::OPT_fptrauth_init_fini,
- options::OPT_fno_ptrauth_init_fini))
- CC1Args.push_back("-fptrauth-init-fini");
-
- if (!DriverArgs.hasArg(
- options::OPT_fptrauth_init_fini_address_discrimination,
- options::OPT_fno_ptrauth_init_fini_address_discrimination))
- CC1Args.push_back("-fptrauth-init-fini-address-discrimination");
+ CC1Args.push_back("-fptrauth-intrinsics");
+ CC1Args.push_back("-fptrauth-calls");
+ CC1Args.push_back("-fptrauth-returns");
+ CC1Args.push_back("-fptrauth-auth-traps");
+ CC1Args.push_back("-fptrauth-vtable-pointer-address-discrimination");
+ CC1Args.push_back("-fptrauth-vtable-pointer-type-discrimination");
+ CC1Args.push_back("-fptrauth-type-info-vtable-pointer-discrimination");
+ CC1Args.push_back("-fptrauth-indirect-gotos");
+ CC1Args.push_back("-fptrauth-init-fini");
+ CC1Args.push_back("-fptrauth-init-fini-address-discrimination");
if (!DriverArgs.hasArg(options::OPT_faarch64_jump_table_hardening,
options::OPT_fno_aarch64_jump_table_hardening))
diff --git a/clang/test/Driver/aarch64-ptrauth.c b/clang/test/Driver/aarch64-ptrauth.c
index 88841ee0b0b7bb..c526656c9c9bf6 100644
--- a/clang/test/Driver/aarch64-ptrauth.c
+++ b/clang/test/Driver/aarch64-ptrauth.c
@@ -4,7 +4,12 @@
// NONE: "-cc1"
// NONE-NOT: "-fptrauth-
-// RUN: %clang -### -c --target=aarch64 \
+// RUN: %clang -### -c --target=aarch64-linux \
+// RUN: -fno-aarch64-jump-table-hardening -faarch64-jump-table-hardening \
+// RUN: %s 2>&1 | FileCheck %s --check-prefix=ALL-LINUX
+// ALL-LINUX: "-cc1"{{.*}} "-faarch64-jump-table-hardening"
+
+// RUN: %clang -### -c --target=arm64-darwin \
// RUN: -fno-ptrauth-intrinsics -fptrauth-intrinsics \
// RUN: -fno-ptrauth-calls -fptrauth-calls \
// RUN: -fno-ptrauth-returns -fptrauth-returns \
@@ -13,11 +18,9 @@
// RUN: -fno-ptrauth-vtable-pointer-type-discrimination -fptrauth-vtable-pointer-type-discrimination \
// RUN: -fno-ptrauth-type-info-vtable-pointer-discrimination -fptrauth-type-info-vtable-pointer-discrimination \
// RUN: -fno-ptrauth-indirect-gotos -fptrauth-indirect-gotos \
-// RUN: -fno-ptrauth-init-fini -fptrauth-init-fini \
-// RUN: -fno-ptrauth-init-fini-address-discrimination -fptrauth-init-fini-address-discrimination \
// RUN: -fno-aarch64-jump-table-hardening -faarch64-jump-table-hardening \
-// RUN: %s 2>&1 | FileCheck %s --check-prefix=ALL
-// ALL: "-cc1"{{.*}} "-fptrauth-intrinsics" "-fptrauth-calls" "-fptrauth-returns" "-fptrauth-auth-traps" "-fptrauth-vtable-pointer-address-discrimination" "-fptrauth-vtable-pointer-type-discrimination" "-fptrauth-type-info-vtable-pointer-discrimination" "-fptrauth-indirect-gotos" "-fptrauth-init-fini" "-fptrauth-init-fini-address-discrimination" "-faarch64-jump-table-hardening"
+// RUN: %s 2>&1 | FileCheck %s --check-prefix=ALL-DARWIN
+// ALL-DARWIN: "-cc1"{{.*}} "-fptrauth-intrinsics" "-fptrauth-calls" "-fptrauth-returns" "-fptrauth-auth-traps" "-fptrauth-vtable-pointer-address-discrimination" "-fptrauth-vtable-pointer-type-discrimination" "-fptrauth-type-info-vtable-pointer-discrimination" "-fptrauth-indirect-gotos"{{.*}} "-faarch64-jump-table-hardening"
// RUN: %clang -### -c --target=aarch64-linux -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI1
// RUN: %clang -### -c --target=aarch64-linux-pauthtest %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI1
@@ -26,36 +29,34 @@
// PAUTHABI1-SAME: "-target-abi" "pauthtest"
// PAUTHABI1-NOT: "-fptrauth-function-pointer-type-discrimination"
-// RUN: %clang -### -c --target=aarch64-linux -mabi=pauthtest -fno-ptrauth-intrinsics \
-// RUN: -fno-ptrauth-calls -fno-ptrauth-returns -fno-ptrauth-auth-traps \
-// RUN: -fno-ptrauth-vtable-pointer-address-discrimination -fno-ptrauth-vtable-pointer-type-discrimination \
-// RUN: -fno-ptrauth-type-info-vtable-pointer-discrimination -fno-ptrauth-indirect-gotos \
-// RUN: -fno-ptrauth-init-fini -fno-ptrauth-init-fini-address-discrimination \
+// RUN: %clang -### -c --target=aarch64-linux -mabi=pauthtest \
// RUN: -fno-aarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI2
-// RUN: %clang -### -c --target=aarch64-linux-pauthtest -fno-ptrauth-intrinsics \
-// RUN: -fno-ptrauth-calls -fno-ptrauth-returns -fno-ptrauth-auth-traps \
-// RUN: -fno-ptrauth-vtable-pointer-address-discrimination -fno-ptrauth-vtable-pointer-type-discrimination \
-// RUN: -fno-ptrauth-type-info-vtable-pointer-discrimination -fno-ptrauth-indirect-gotos \
-// RUN: -fno-ptrauth-init-fini -fno-ptrauth-init-fini-address-discrimination \
+// RUN: %clang -### -c --target=aarch64-linux-pauthtest \
// RUN: -fno-aarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI2
//// Non-linux OS: pauthtest ABI has no effect in terms of passing ptrauth cc1 flags.
-//// An error about unsupported ABI will be emitted later in pipeline (see ERR2 below)
-// RUN: %clang -### -c --target=aarch64 -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI2
+//// An error about unsupported ABI will be emitted later in pipeline (see ERR3 below)
+// RUN: %clang -### -c --target=aarch64 -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefixes=PAUTHABI2,PAUTHABI3
// PAUTHABI2: "-cc1"
// PAUTHABI2-SAME: "-target-abi" "pauthtest"
-// PAUTHABI2-NOT: "-fptrauth-
+// PAUTHABI3-NOT: "-fptrauth-
// PAUTHABI2-NOT: "-faarch64-jump-table-hardening"
//// Non-linux OS: pauthtest environment does not correspond to pauthtest ABI; aapcs is the default.
-// RUN: %clang -### -c --target=aarch64-pauthtest %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI3
-// PAUTHABI3: "-cc1"
-// PAUTHABI3-SAME: "-target-abi" "aapcs"
-// PAUTHABI3-NOT: "-fptrauth-
-// PAUTHABI3-NOT: "-faarch64-jump-table-hardening"
-
-// RUN: not %clang -### -c --target=x86_64 -fptrauth-intrinsics -fptrauth-calls -fptrauth-returns -fptrauth-auth-traps \
+// RUN: %clang -### -c --target=aarch64-pauthtest %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI4
+// PAUTHABI4: "-cc1"
+// PAUTHABI4-SAME: "-target-abi" "aapcs"
+// PAUTHABI4-NOT: "-fptrauth-
+// PAUTHABI4-NOT: "-faarch64-jump-table-hardening"
+
+//// Non-AArch64.
+// RUN: not %clang -### -c --target=x86_64-linux -fptrauth-intrinsics -fptrauth-calls -fptrauth-returns -fptrauth-auth-traps \
+// RUN: -fptrauth-vtable-pointer-address-discrimination -fptrauth-vtable-pointer-type-discrimination \
+// RUN: -fptrauth-type-info-vtable-pointer-discrimination -fptrauth-indirect-gotos -fptrauth-init-fini \
+// RUN: -fptrauth-init-fini-address-discrimination -faarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefixes=ERR1,ERR2
+//// Non-linux and non-Darwin OS.
+// RUN: not %clang -### -c --target=aarch64 -fptrauth-intrinsics -fptrauth-calls -fptrauth-returns -fptrauth-auth-traps \
// RUN: -fptrauth-vtable-pointer-address-discrimination -fptrauth-vtable-pointer-type-discrimination \
// RUN: -fptrauth-type-info-vtable-pointer-discrimination -fptrauth-indirect-gotos -fptrauth-init-fini \
// RUN: -fptrauth-init-fini-address-discrimination -faarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefix=ERR1
@@ -69,50 +70,50 @@
// ERR1-NEXT: error: unsupported option '-fptrauth-indirect-gotos' for target '{{.*}}'
// ERR1-NEXT: error: unsupported option '-fptrauth-init-fini' for target '{{.*}}'
// ERR1-NEXT: error: unsupported option '-fptrauth-init-fini-address-discrimination' for target '{{.*}}'
-// ERR1-NEXT: error: unsupported option '-faarch64-jump-table-hardening' for target '{{.*}}'
+// ERR2-NEXT: error: unsupported option '-faarch64-jump-table-hardening' for target '{{.*}}'
-// RUN: not %clang -c --target=aarch64 -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=ERR2
+// RUN: not %clang -c --target=aarch64 -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=ERR3
//// The ABI is not specified explicitly, and for non-Linux pauthtest environment does not correspond
//// to pauthtest ABI (each OS target defines this behavior separately). Do not emit an error.
// RUN: %clang -c --target=aarch64-pauthtest %s -o /dev/null
-// ERR2: error: unknown target ABI 'pauthtest'
+// ERR3: error: unknown target ABI 'pauthtest'
//// PAuth ABI is encoded as environment part of the triple, so don't allow to explicitly set other environments.
-// RUN: not %clang -### -c --target=aarch64-linux-gnu -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=ERR3
-// ERR3: error: unsupported option '-mabi=pauthtest' for target 'aarch64-unknown-linux-gnu'
+// RUN: not %clang -### -c --target=aarch64-linux-gnu -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=ERR4
+// ERR4: error: unsupported option '-mabi=pauthtest' for target 'aarch64-unknown-linux-gnu'
// RUN: %clang -### -c --target=aarch64-linux-pauthtest -mabi=pauthtest %s
//// The only branch protection option compatible with PAuthABI is BTI.
// RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -mbranch-protection=pac-ret %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR4
+// RUN: FileCheck %s --check-prefix=ERR5
// RUN: not %clang -### -c --target=aarch64-linux-pauthtest -mbranch-protection=pac-ret %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR4
-// ERR4: error: unsupported option '-mbranch-protection=pac-ret' for target 'aarch64-unknown-linux-pauthtest'
+// RUN: FileCheck %s --check-prefix=ERR5
+// ERR5: error: unsupported option '-mbranch-protection=pac-ret' for target 'aarch64-unknown-linux-pauthtest'
// RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -mbranch-protection=gcs %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR5
+// RUN: FileCheck %s --check-prefix=ERR6
// RUN: not %clang -### -c --target=aarch64-linux-pauthtest -mbranch-protection=gcs %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR5
-// ERR5: error: unsupported option '-mbranch-protection=gcs' for target 'aarch64-unknown-linux-pauthtest'
+// RUN: FileCheck %s --check-prefix=ERR6
+// ERR6: error: unsupported option '-mbranch-protection=gcs' for target 'aarch64-unknown-linux-pauthtest'
// RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -mbranch-protection=standard %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR6
+// RUN: FileCheck %s --check-prefix=ERR7
// RUN: not %clang -### -c --target=aarch64-linux-pauthtest -mbranch-protection=standard %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR6
-// ERR6: error: unsupported option '-mbranch-protection=standard' for target 'aarch64-unknown-linux-pauthtest'
+// RUN: FileCheck %s --check-prefix=ERR7
+// ERR7: error: unsupported option '-mbranch-protection=standard' for target 'aarch64-unknown-linux-pauthtest'
// RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -msign-return-address=all %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR7
+// RUN: FileCheck %s --check-prefix=ERR8
// RUN: not %clang -### -c --target=aarch64-linux-pauthtest -msign-return-address=all %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR7
-// ERR7: error: unsupported option '-msign-return-address=all' for target 'aarch64-unknown-linux-pauthtest'
+// RUN: FileCheck %s --check-prefix=ERR8
+// ERR8: error: unsupported option '-msign-return-address=all' for target 'aarch64-unknown-linux-pauthtest'
// RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -msign-return-address=non-leaf %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR8
+// RUN: FileCheck %s --check-prefix=ERR9
// RUN: not %clang -### -c --target=aarch64-linux-pauthtest -msign-return-address=non-leaf %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR8
-// ERR8: error: unsupported option '-msign-return-address=non-leaf' for target 'aarch64-unknown-linux-pauthtest'
+// RUN: FileCheck %s --check-prefix=ERR9
+// ERR9: error: unsupported option '-msign-return-address=non-leaf' for target 'aarch64-unknown-linux-pauthtest'
// RUN: %clang -### -c --target=aarch64-linux -mabi=pauthtest -msign-return-address=none %s
// RUN: %clang -### -c --target=aarch64-linux-pauthtest -msign-return-address=none %s
More information about the llvm-branch-commits
mailing list