[PATCH] D132808: [LLD][MinGW] Add --[no-]guard-cf and --[no-]guard-longjmp

Alvin Wong via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Sun Aug 28 10:39:44 PDT 2022 

alvinhochun created this revision.
Herald added a subscriber: mstorsjo.
Herald added a reviewer: MaskRay.
Herald added a project: All.
alvinhochun updated this revision to Diff 456194.
alvinhochun added a comment.
Herald added a subscriber: StephenFan.
alvinhochun published this revision for review.
alvinhochun added a reviewer: mstorsjo.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.

Update release notes


These will be LLD-specific options to support Control Flow Guard for the
MinGW target. They are disabled by default, but enabling `--guard-cf`
will also enable `--guard-longjmp` unless `--no-guard-longjmp` is also
specified. These options maps to `-guard:cf,[no]longjmp`.

Note that these features require the `_load_config_used` symbol to
contain the load config directory and be filled with the required
symbols. While current versions of mingw-w64 do not supply this symbol,
the user can provide their own version of it.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D132808

Files:
  lld/MinGW/Driver.cpp
  lld/MinGW/Options.td
  lld/docs/ReleaseNotes.rst
  lld/test/MinGW/driver.test


Index: lld/test/MinGW/driver.test
===================================================================
--- lld/test/MinGW/driver.test
+++ lld/test/MinGW/driver.test
@@ -356,3 +356,18 @@
 RUN: ld.lld -### foo.o -m i386pep --heap 8388608,16384 2>&1 | FileCheck -check-prefix=HEAP %s
 RUN: ld.lld -### foo.o -m i386pep --heap=8388608,16384 2>&1 | FileCheck -check-prefix=HEAP %s
 HEAP: -heap:8388608,16384
+
+RUN: ld.lld -### foo.o -m i386pep --no-guard-cf 2>&1 | FileCheck -check-prefix=NO_GUARD_CF %s
+RUN: ld.lld -### foo.o -m i386pep --no-guard-cf --no-guard-longjmp 2>&1 | FileCheck -check-prefix=NO_GUARD_CF %s
+NO_GUARD_CF-NOT: -guard:
+
+RUN: ld.lld -### foo.o -m i386pep --guard-cf 2>&1 | FileCheck -check-prefix=GUARD_CF %s
+RUN: ld.lld -### foo.o -m i386pep --guard-cf --guard-longjmp 2>&1 | FileCheck -check-prefix=GUARD_CF %s
+GUARD_CF: -guard:cf,longjmp
+
+RUN: ld.lld -### foo.o -m i386pep --guard-cf --no-guard-longjmp 2>&1 | FileCheck -check-prefix=GUARD_CF_NOLONGJMP %s
+GUARD_CF_NOLONGJMP: -guard:cf,nolongjmp
+
+RUN: ld.lld -### foo.o -m i386pep --guard-longjmp 2>&1 | FileCheck -check-prefix=GUARD_LONGJMP_NO_CF %s
+RUN: ld.lld -### foo.o -m i386pep --no-guard-cf --guard-longjmp 2>&1 | FileCheck -check-prefix=GUARD_LONGJMP_NO_CF %s
+GUARD_LONGJMP_NO_CF: warning: parameter --guard-longjmp only takes effect when used with --guard-cf
Index: lld/docs/ReleaseNotes.rst
===================================================================
--- lld/docs/ReleaseNotes.rst
+++ lld/docs/ReleaseNotes.rst
@@ -37,7 +37,15 @@
 MinGW Improvements
 ------------------
 
-* ...
+* The lld-specific options ``--guard-cf``, ``--no-guard-cf``,
+  ``--guard-longjmp`` and ``--no-guard-longjmp`` has been added to allow
+  enabling Control Flow Guard and long jump hardening. These options are
+  disabled by default, but enabling ``--guard-cf`` will also enable
+  ``--guard-longjmp`` unless ``--no-guard-longjmp`` is also specified.
+  ``--guard-longjmp`` depends on ``--guard-cf`` and cannot be used by itself.
+  Note that these features require the ``_load_config_used`` symbol to contain
+  the load config directory and be filled with the required symbols.
+  (`D132808 <https://reviews.llvm.org/D132808>`_)
 
 MachO Improvements
 ------------------
Index: lld/MinGW/Options.td
===================================================================
--- lld/MinGW/Options.td
+++ lld/MinGW/Options.td
@@ -141,6 +141,11 @@
 defm thinlto_cache_dir: EqLong<"thinlto-cache-dir",
   "Path to ThinLTO cached object file directory">;
 defm Xlink : Eq<"Xlink", "Pass <arg> to the COFF linker">, MetaVarName<"<arg>">;
+defm guard_cf : B<"guard-cf", "Enable Control Flow Guard" ,
+  "Do not enable Control Flow Guard (default)">;
+defm guard_longjmp : B<"guard-longjmp",
+  "Enable Control Flow Guard long jump hardening (default for --guard-cf)" ,
+  "Do not enable Control Flow Guard long jump hardening">;
 
 // Alias
 def alias_Bdynamic_call_shared: Flag<["-"], "call_shared">, Alias<Bdynamic>;
Index: lld/MinGW/Driver.cpp
===================================================================
--- lld/MinGW/Driver.cpp
+++ lld/MinGW/Driver.cpp
@@ -379,6 +379,17 @@
       error("unknown parameter: -m" + s);
   }
 
+  if (args.hasFlag(OPT_guard_cf, OPT_no_guard_cf, false)) {
+    if (args.hasFlag(OPT_guard_longjmp, OPT_no_guard_longjmp, true))
+      add("-guard:cf,longjmp");
+    else
+      add("-guard:cf,nolongjmp");
+  } else if (args.hasFlag(OPT_guard_longjmp, OPT_no_guard_longjmp, false)) {
+    auto *a = args.getLastArg(OPT_guard_longjmp);
+    warn("parameter " + a->getSpelling() +
+         " only takes effect when used with --guard-cf");
+  }
+
   for (auto *a : args.filtered(OPT_mllvm))
     add("-mllvm:" + StringRef(a->getValue()));
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D132808.456194.patch
Type: text/x-patch
Size: 3748 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220828/fcfa282b/attachment-0001.bin>

More information about the llvm-commits mailing list