[PATCH] D109157: [ARM] Mitigate the cve-2021-35465 security vulnurability.

Alexandros Lamprineas via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Mon Sep 6 13:26:29 PDT 2021


labrinea added inline comments.


================
Comment at: clang/lib/Driver/ToolChains/Clang.cpp:1665
+
+    CmdArgs.push_back("-mllvm");
+    if (A->getOption().matches(options::OPT_mfix_cmse_cve_2021_35465))
----------------
ostannard wrote:
> ostannard wrote:
> > labrinea wrote:
> > > ostannard wrote:
> > > > Are these optional also being passed through to the linker when doing LTO?
> > > No, the mitigation is only performed in the compiler. Also, I believe that `-flto` and `-mcmse` are incompatible options.
> > The mitigation is performed in the backend, which is run from the linker when doing LTO.
> > 
> > > Also, I believe that -flto and -mcmse are incompatible options.
> > 
> > Fair enough
> Actually, I just checked and these options are accepted together, and I can't find any docs saying they are incompatible. Do you have a link to something I've missed? Since there isn't already an error, I think we should either fix this to work with LTO (my preference), or add an error when using the options together, and document that.
I have addressed all the other comments, but I am not sure how to go about this one. What does it take to make the cve-2021-35465 option work with LTO? Could you elaborate on this?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D109157/new/

https://reviews.llvm.org/D109157



More information about the llvm-commits mailing list