[llvm] r325946 - Because of CVE-2018-6574, some compiler options and linker options are restricted to prevent arbitrary code execution.

Eric Christopher via llvm-commits llvm-commits at lists.llvm.org
Fri Feb 23 12:12:24 PST 2018 

Author: echristo
Date: Fri Feb 23 12:12:24 2018
New Revision: 325946

URL: http://llvm.org/viewvc/llvm-project?rev=325946&view=rev
Log:
Because of CVE-2018-6574, some compiler options and linker options are restricted to prevent arbitrary code execution.

https://github.com/golang/go/issues/23672

By this change, building a Go code with LLVM Go bindings causes a compilation error as follows.

  go build llvm.org/llvm/bindings/go/llvm: invalid flag in #cgo LDFLAGS: -Wl,-headerpad_max_install_names

llvm-go tool generates cgo LDFLAGS directive from `llvm-config --ldflags` and it contains -Wl,option options. But -Wl,option is banned by default. To avoid this problem, we need to set $CGO_LDFLAGS_ALLOW environment variable to notify a compiler that the flags should be allowed.

  $ export CGO_LDFLAGS_ALLOW='-Wl,(-search_paths_first|-headerpad_max_install_names)'

By default for go 1.10 and go 1.9.5 these options should appear in the accepted set of options, however, if you're running into the error it's useful to have this documented.

Patch by Ryuichi Hayashida

Modified:
    llvm/trunk/bindings/go/README.txt

Modified: llvm/trunk/bindings/go/README.txt
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/bindings/go/README.txt?rev=325946&r1=325945&r2=325946&view=diff
==============================================================================
--- llvm/trunk/bindings/go/README.txt (original)
+++ llvm/trunk/bindings/go/README.txt Fri Feb 23 12:12:24 2018
@@ -51,3 +51,11 @@ CGO_CPPFLAGS, CGO_CXXFLAGS and CGO_LDFLA
     $ export CGO_CXXFLAGS=-std=c++11
     $ export CGO_LDFLAGS="`/path/to/llvm-build/bin/llvm-config --ldflags --libs --system-libs all`"
     $ go build -tags byollvm
+
+If you see a compilation error while compiling your code with Go 1.9.4 or later as follows,
+
+    go build llvm.org/llvm/bindings/go/llvm: invalid flag in #cgo LDFLAGS: -Wl,-headerpad_max_install_names
+
+you need to setup $CGO_LDFLAGS_ALLOW to allow a compiler to specify some linker options:
+
+    $ export CGO_LDFLAGS_ALLOW='-Wl,(-search_paths_first|-headerpad_max_install_names)'

More information about the llvm-commits mailing list