[PATCH] D59780: Support Intel Control-flow Enforcement Technology
Xiang Zhang via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Mar 26 18:53:42 PDT 2019
xiangzhangllvm added a comment.
In D59780#1442757 <https://reviews.llvm.org/D59780#1442757>, @MaskRay wrote:
> So on the compiler driver side, `-fcf-protection` is the single option end users are concerned. I believe this option hasn't been assigned linker option semantics in either GCC or clang. If assigning it the linker option semantics is favorable, we should make it compatible in GCC/clang and ideally use the same options in lld/ld.bfd/gold.
>
> The current form of this patch just implements `--force-cet`, thus I believe the use cases are:
>
> gcc a.o -o a # create `.splt` (or `.plt.sec`) if all of a.o and other stdlib have IBT bit set
> # I worry that someone may not want .splt for this case
> ld.lld a.o ... -o a
If all the files contain IBT, it means all the files compiled with -fcf-protection(=branch) ,there is no reason for user not to enable the IBT.
> gcc a.o -fcf-protection -o a # fail if any of a.o and other stdlib do not have IBT+SHSTK bits set
It will not fail, it will continue link out a.out which contain no IBT+SHSTK
> ld.lld a.o ... --force-cet -o a
This will require all files be compiled with -fcf-protection(=xxx), or it will give out error.
> Another possibility is:
>
>
>
> gcc a.o -o a # create `.splt` (or `.plt.sec`) if all of a.o and other stdlib have IBT bit set
>
> ld.lld a.o ... -o a
>
> gcc a.o -fcf-protection -o a # -fcf-protection is ignored as a linker option
>
> ld.lld a.o ... -o a
Yes, current gcc and ld.lld do like this. -fcf-protection is just compiler option, it will be ignored for linker
> gcc a.o -fcf-protection -Wl,--force-cet -o a # -Wl,--force-cet may be replaced by a -f flag
>
> ld.lld a.o ... --force-cet -o a
Yes, currently, they are same, but I think people will really use --force-cet, it hard to linker the big projects in now days. Especially for the self build projects.
> Another thing, given the removal of `-mibt` (D46881 on clang side), I wish we can repurpose `-z ibt` `-z ibtplt` `-z shstk` in ld.bfd if we can find better semantics for them, e.g. let `-fcf-protection=branch` translate to `-z ibt`: fail if any of input object files does not have `GNU_PROPERTY_X86_FEATURE_1_IBT` set. `-fcf-protection=shstk` translates to `-z shstk`, respectively.
It seems not good idea, we should separate the options of compiler and linker, and reserve the "-z xxx" options just for tests, not encourage users to use them for other purposes. Like gcc does.
In normal way, the resulting CET flags should mainly depend on whether all the link files are CET compiled or not.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D59780/new/
https://reviews.llvm.org/D59780
More information about the llvm-commits
mailing list