[PATCH] D58102: Support X86 Control-flow Enforcement Technology (CET) in LLD
Fangrui Song via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Mar 11 19:11:23 PDT 2019
MaskRay added a comment.
> I add --auto-cet and --force-cet options, and disable CET in default. Now there will be no influence to the LLD when not using these options.
I find that ld.bfd has three related options `-z ibt` `-z ibtplt` `-z shstk` (are there others?). What do they do?
-z ibtplt Generate IBT-enabled PLT entries\n"));
fprintf (file, _("\
-z ibt Generate GNU_PROPERTY_X86_FEATURE_1_IBT\n"));
fprintf (file, _("\
-z shstk Generate GNU_PROPERTY_X86_FEATURE_1_SHSTK\n"));
Is `-z ibtplt` similar to the second PLT? Does `-z ibt` generate `GNU_PROPERTY_X86_FEATURE_1_IBT` even if there is an input object file with the GNU_PROPERTY_X86_FEATURE_1_IBT bit cleared? I'm puzzled as you said the note merging behavior is automatic in ld.bfd.
================
Comment at: ELF/Driver.cpp:75
+#define ALIGN_UP(size, alignment) ((size) + (alignment) - 1)&(-(alignment))
+
----------------
This macros is unnecessary. You can use `alignTo`. See `ELF/LinkerScript.cpp` for examples.
================
Comment at: ELF/Driver.cpp:327
+ error("--auto-cet/--force-cet may not be used with -z retpolineplt, IBT can"
+ " instead of retpolineplt");
}
----------------
Delete `"IBT can" " instead of retpolineplt"`.
They are two different aspects of security and are actually unrelated. I think the incompatibility is not due to technical impossibility, but we expect ( //Retpoline-A-Branch-Target-Injection-Mitigation.pdf// Section 4.3 claims) in the future retpolineplt can retire because of better hardware-level protection on CET-enabled processors.
Repository:
rLLD LLVM Linker
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D58102/new/
https://reviews.llvm.org/D58102
More information about the llvm-commits
mailing list