[PATCH] D58102: Support X86 Control-flow Enforcement Technology (CET) in LLD

Thu Mar 7 17:02:11 PST 2019

xiangzhangllvm added a comment.

In D58102#1421801 <https://reviews.llvm.org/D58102#1421801>, @emaste wrote:

> In D58102#1411701 <https://reviews.llvm.org/D58102#1411701>, @fweimer wrote:
>
> > How does lld handle the non-executable stack flag? From a developer point of view, the CET processing is supposed to be very similar.
>
>
> The same messy way GNU tools do. Automatically detecting features based on input objects is convenient for users, at the cost of additional complexity in the tools and the introduction of silent failure modes.

Hi emaste:
LLD will set the non-executable stack flag in default. The following code may answer your questions:

  // The GNU linker uses .note.GNU-stack section as a marker indicating
  // that the code in the object file does not expect that the stack is
  // executable (in terms of NX bit). If all input files have the marker,
  // the GNU linker adds a PT_GNU_STACK segment to tells the loader to
  // make the stack non-executable. Most object files have this section as
  // of 2017.
  //
  // But making the stack non-executable is a norm today for security
  // reasons. Failure to do so may result in a serious security issue.
  // Therefore, we make LLD always add PT_GNU_STACK unless it is
  // explicitly told to do otherwise (by -z execstack). Because the stack
  // executable-ness is controlled solely by command line options,
  // .note.GNU-stack sections are simply ignored.

And , do you mean the relations between CET and the non-executable stack? CET focus on the control flow protections, not only on stack.

Repository:
  rLLD LLVM Linker

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D58102/new/

https://reviews.llvm.org/D58102