[PATCH] D59780: Support Intel Control-flow Enforcement Technology
Carlos O'Donell via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Apr 11 08:39:59 PDT 2019
codonell added a comment.
In D59780#1460931 <https://reviews.llvm.org/D59780#1460931>, @ruiu wrote:
> I don't think I'm convinced. MaskRay's point is that the tooling's support of CET is buggy and needs changing anyway. Currently it looks like no tool seems to be working correctly. Then, why don't you need to stick with the ABI that is claimed to provide better performance without any evidence? Keeping ABI simple is perhaps much more important than you may be thinking. I really wish you will take it more seriously.
Tooling output changes are straight forward to fix, and yes CET is new, and tooling is still being adjusted, but this adjustment is carried out by following the published ABI. We recently fixed ltrace for CET plt usage in Fedora for example.
To change the ABI you must go upstream to the ABI discussion list and have that discussion with the hardware vendor. The hardware vendor supports many different operating systems and implementations and the changes to the standard need to be discussed there. Alternatively you can make and adhere to your own standards and work with downstream tooling to support those standards as alternative implementations (hopefully with interoperability). I would not like to see two alternative ABIs, that leads to serious problems in downstream tooling and duplicated effort.
My opinion is that lld is too late to make the requested change to the PLT format at this point. You either get to adhere to the standard and participate in distribution builds, or not and you don't.
> Besides that, I don't think GCC implemented any of the feature of the PLT -- it is only in the BFD linker but not in gold. Also no one is using the feature in the wild because no processors supporting CET is available in the market. Everything seems to be experimental yet at the moment.
There is nothing wrong with a feature being only in the BFD linker, it is the canonical linker for many distributions and build systems. Gold is a distinct linker from BFD, just like lld is a distinct linker from BFD. Gold has limited support for working with CET-enabled libraries, and the point of this support is just to disable CET (that's what is minimally required realy). Lack of feature parity with BFD may mean downstream distributions cannot use the linker for building distribution binaries that meet security policy for the target machine e.g. must have CET enabled.
Red Hat Enterprise Linux 8 Beta (publicly available for x86_64) is using the current CET PLT layout generated by BFD.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D59780/new/
https://reviews.llvm.org/D59780
More information about the llvm-commits
mailing list